ComboFix 08-04-16.5 - hranol 2008-04-17 21:08:50.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.530 [GMT 2:00]
Running from: C:\Documents and Settings\hranol\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\hranol\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\BM8fc0c4e0.xml
C:\WINDOWS\system32\iatqmtmc.ini
C:\WINDOWS\system32\ugplfqaj.ini
C:\WINDOWS\system32\xuvmxxwt.ini
.
/wow section - STAGE 38
pv: No matching processes found
Nesprávná syntaxe příkazu
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\hranol\Data aplikací\ezpinst.log
C:\Program Files\SDFix
C:\Program Files\SDFix\apps\assosfix.reg
C:\Program Files\SDFix\apps\cliptext.exe
C:\Program Files\SDFix\apps\download.exe
C:\Program Files\SDFix\apps\dummy.sys
C:\Program Files\SDFix\apps\Enable_Command_Prompt.reg
C:\Program Files\SDFix\apps\ERDNT.E_E
C:\Program Files\SDFix\apps\ERDNTDOS.LOC
C:\Program Files\SDFix\apps\ERDNTWIN.LOC
C:\Program Files\SDFix\apps\ERUNT.EXE
C:\Program Files\SDFix\apps\ERUNT.LOC
C:\Program Files\SDFix\apps\fix.reg
C:\Program Files\SDFix\apps\FixBH.reg
C:\Program Files\SDFix\apps\FixComponents.reg
C:\Program Files\SDFix\apps\FIXCU.reg
C:\Program Files\SDFix\apps\FIXLM.reg
C:\Program Files\SDFix\apps\FixPath.exe
C:\Program Files\SDFix\apps\FixRedir.reg
C:\Program Files\SDFix\apps\FixSchedule.reg
C:\Program Files\SDFix\apps\FixWebCheck.reg
C:\Program Files\SDFix\apps\fixXP.reg
C:\Program Files\SDFix\apps\FixXPsp2.reg
C:\Program Files\SDFix\apps\grep.exe
C:\Program Files\SDFix\apps\HPFix.reg
C:\Program Files\SDFix\apps\HPFix2.reg
C:\Program Files\SDFix\apps\HPFix3.reg
C:\Program Files\SDFix\apps\HPFix4.reg
C:\Program Files\SDFix\apps\HPFix5.reg
C:\Program Files\SDFix\apps\HPFix6.reg
C:\Program Files\SDFix\apps\HPFix7.reg
C:\Program Files\SDFix\apps\isadmin.exe
C:\Program Files\SDFix\apps\leg2.txt
C:\Program Files\SDFix\apps\legacy.txt
C:\Program Files\SDFix\apps\legacybk.txt
C:\Program Files\SDFix\apps\locate.com
C:\Program Files\SDFix\apps\LS.exe
C:\Program Files\SDFix\apps\MD5File.exe
C:\Program Files\SDFix\apps\MyGcpvFix.reg
C:\Program Files\SDFix\apps\MyGkFix2.reg
C:\Program Files\SDFix\apps\Process.exe
C:\Program Files\SDFix\apps\procs.exe
C:\Program Files\SDFix\apps\psservice.exe
C:\Program Files\SDFix\apps\Rem.txt
C:\Program Files\SDFix\apps\Rem2.txt
C:\Program Files\SDFix\apps\Replace\regedit.exe
C:\Program Files\SDFix\apps\Replace\W2K.exe
C:\Program Files\SDFix\apps\Replace\w2k\beep.sys
C:\Program Files\SDFix\apps\Replace\w2k\null.sys
C:\Program Files\SDFix\apps\Replace\XP.exe
C:\Program Files\SDFix\apps\Replace\xp\beep.sys
C:\Program Files\SDFix\apps\Replace\xp\null.sys
C:\Program Files\SDFix\apps\Reset_AppInit_DLLs.reg
C:\Program Files\SDFix\apps\RestartIt!.exe
C:\Program Files\SDFix\apps\Restore_SecurityCenter.reg
C:\Program Files\SDFix\apps\Restore_SharedAccess.reg
C:\Program Files\SDFix\apps\sc.exe
C:\Program Files\SDFix\apps\sed.exe
C:\Program Files\SDFix\apps\SF.exe
C:\Program Files\SDFix\apps\shutdown.exe
C:\Program Files\SDFix\apps\srv2.txt
C:\Program Files\SDFix\apps\srv2bk.txt
C:\Program Files\SDFix\apps\svc.txt
C:\Program Files\SDFix\apps\svcbk.txt
C:\Program Files\SDFix\apps\swreg.exe
C:\Program Files\SDFix\apps\swsc.exe
C:\Program Files\SDFix\apps\unzip.exe
C:\Program Files\SDFix\apps\vfind.exe
C:\Program Files\SDFix\apps\WINMSG.EXE
C:\Program Files\SDFix\apps\winsec.reg
C:\Program Files\SDFix\apps\zip.exe
C:\Program Files\SDFix\backups\backupreg.zip
C:\Program Files\SDFix\backups\backups.zip
C:\Program Files\SDFix\backups\HOSTS
C:\Program Files\SDFix\backups_old\backupreg.zip
C:\Program Files\SDFix\backups_old\backups.zip
C:\Program Files\SDFix\backups_old\HOSTS
C:\Program Files\SDFix\backups_old1\backupreg.zip
C:\Program Files\SDFix\backups_old1\backups.zip
C:\Program Files\SDFix\backups_old1\HOSTS
C:\Program Files\SDFix\catchme.exe
C:\Program Files\SDFix\dummy.sys
C:\Program Files\SDFix\Report.txt
C:\Program Files\SDFix\Report_old_1.txt
C:\Program Files\SDFix\RunThis.bat
C:\Program Files\SDFix\SDFIX_ReadMe_Online.url
C:\WINDOWS\BM8fc0c4e0.xml
C:\WINDOWS\system32\aaccae5_r.dll
C:\WINDOWS\system32\ecfdef_r.dll
C:\WINDOWS\system32\ecfdef_z.dll
C:\WINDOWS\system32\iatqmtmc.ini
C:\WINDOWS\system32\ugplfqaj.ini
C:\WINDOWS\system32\xuvmxxwt.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 17:08 . 2008-04-16 17:55 <DIR> d-------- C:\Program Files\Avira
2008-04-16 00:57 . 2008-04-16 00:58 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 00:28 . 2008-04-16 00:28 <DIR> d-------- C:\Program Files\ESET
2008-04-15 23:16 . 2008-04-15 23:16 <DIR> d-------- C:\Documents and Settings\hranol\Data aplikací\URSoft
2008-04-15 18:55 . 2008-04-15 18:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 06:24 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-14 06:24 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-14 06:24 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-14 06:24 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-14 06:24 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-14 06:24 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-14 06:24 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-14 06:24 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-14 06:24 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-14 02:30 . 2008-04-14 02:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-13 20:19 . 2008-04-13 22:33 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-13 13:09 . 2004-08-17 15:49 2,026,496 --a------ C:\WINDOWS\system32\netshell.backup
2008-04-13 13:09 . 2003-04-16 14:00 1,232,384 --a------ C:\WINDOWS\system32\write.backup
2008-04-13 13:09 . 2007-06-13 15:23 1,033,728 --a------ C:\WINDOWS\explorer.backup
2008-04-13 13:09 . 2004-08-17 15:49 260,096 --a------ C:\WINDOWS\system32\sndrec32.backup
2008-04-13 13:09 . 2005-07-06 14:58 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-04-13 13:09 . 2003-04-16 14:00 152,064 --a------ C:\WINDOWS\system32\sndvol32.backup
2008-04-13 13:09 . 2004-08-17 15:49 77,824 --a------ C:\WINDOWS\system32\stobject.backup
2008-04-13 13:08 . 2007-10-25 18:44 8,464,384 --a------ C:\WINDOWS\system32\shell32.backup
2008-04-13 13:08 . 2004-08-17 15:49 924,672 --a------ C:\WINDOWS\system32\spider.backup
2008-04-13 13:08 . 2003-04-16 14:00 512,512 --a------ C:\WINDOWS\system32\mshearts.backup
2008-04-13 13:08 . 2003-04-16 14:00 504,832 --a------ C:\WINDOWS\system32\winmine.backup
2008-04-13 13:08 . 2003-04-16 14:00 441,856 --a------ C:\WINDOWS\system32\sol.backup
2008-04-13 13:08 . 2003-04-16 14:00 440,320 --a------ C:\WINDOWS\system32\freecell.backup
2008-04-13 13:08 . 2004-08-17 15:49 69,632 --a------ C:\WINDOWS\notepad.backup
2008-04-13 13:07 . 2001-11-08 06:56 6,094,336 --a------ C:\WINDOWS\system32\logonui.backup
2008-04-13 13:07 . 2004-08-17 15:48 2,927,616 --a------ C:\WINDOWS\system32\xpsp2res.backup
2008-04-13 13:07 . 2004-08-17 15:49 1,671,680 --a------ C:\WINDOWS\system32\msgina.backup
2008-04-13 13:07 . 2004-08-17 15:49 847,360 --a------ C:\WINDOWS\system32\mydocs.backup
2008-04-13 13:07 . 2004-08-17 15:49 727,040 --a------ C:\WINDOWS\system32\mspaint.backup
2008-04-13 13:07 . 2003-04-16 14:00 465,920 --a------ C:\WINDOWS\system32\charmap.backup
2008-04-13 13:07 . 2003-04-16 14:00 117,760 --a------ C:\WINDOWS\system32\calc.backup
2008-04-13 13:07 . 2004-08-17 15:49 76,288 --a------ C:\WINDOWS\system32\magnify.backup
2008-04-13 13:06 . 2004-08-17 15:49 2,376,704 --a------ C:\WINDOWS\system32\shimgvw.backup
2008-04-13 13:03 . 2008-04-13 13:03 <DIR> d-------- C:\WINDOWS\VCP_SAVE
2008-04-13 13:03 . 2008-04-13 13:03 <DIR> d-------- C:\Program Files\Wallpapers
2008-04-13 13:03 . 2008-04-13 13:03 <DIR> d-------- C:\Program Files\Fonts
2008-04-13 13:03 . 2005-09-28 02:31 49,152 --a------ C:\WINDOWS\system32\icon.exe
2008-04-13 13:02 . 2008-04-13 13:09 <DIR> d-------- C:\WINDOWS\VCP_TEMP
2008-04-13 12:38 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-13 01:22 . 2008-04-13 01:25 2,554 --a------ C:\WINDOWS\unins000.dat
2008-04-12 23:25 . 2008-04-14 00:41 <DIR> d-------- C:\Documents and Settings\hranol\Data aplikací\SUPERAntiSpyware.com
2008-04-12 18:41 . 2008-04-13 16:00 <DIR> d-------- C:\Documents and Settings\hranol\Data aplikací\TmpRecentIcons
2008-04-11 13:17 . 2008-04-11 13:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-11 13:17 . 2008-04-11 13:17 <DIR> d----c--- C:\Documents and Settings\All Users\Data aplikací\Hewlett-Packard
2008-04-11 13:13 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-11 13:09 . 2008-04-11 13:29 104,643 --a------ C:\WINDOWS\hpoins04.dat
2008-04-11 13:09 . 2004-06-21 22:02 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-04-11 12:45 . 2008-01-14 18:44 104,250 --------- C:\WINDOWS\hpoins04.dat.temp
2008-04-11 12:45 . 2004-06-21 22:02 17,176 --------- C:\WINDOWS\hpomdl04.dat.temp
2008-04-09 08:08 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-09 08:08 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-09 08:08 . 2007-03-08 07:09 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-09 08:08 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-09 08:08 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-09 08:08 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-09 08:08 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-09 08:08 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-09 08:08 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-06 10:22 . 2008-04-06 10:22 <DIR> d-------- C:\Program Files\inKline Global
2008-03-22 06:29 . 2008-03-22 06:29 <DIR> d-------- C:\Program Files\directx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 15:12 --------- d-----w C:\Documents and Settings\hranol\Data aplikací\DMCache
2008-04-16 15:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-04-16 14:45 --------- d-----w C:\Program Files\PowerArchiver
2008-04-16 03:16 --------- d-----w C:\Program Files\Java
2008-04-15 21:18 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-04-14 01:41 --------- d-----w C:\Program Files\FlashGet
2008-04-14 00:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-14 00:11 --------- d-----w C:\Documents and Settings\hranol\Data aplikací\Vso
2008-04-13 19:18 --------- d-----w C:\Program Files\H264
2008-04-13 07:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-13 07:11 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-04-12 23:25 72,537 ----a-w C:\WINDOWS\unins000.exe
2008-04-09 06:47 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-06 11:50 --------- d-----w C:\Program Files\Opera
2008-04-03 06:13 --------- d-----w C:\Program Files\CD Eject Tool
2008-03-28 19:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-03-28 19:13 --------- d-----w C:\Documents and Settings\hranol\Data aplikací\Skype
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 19:06 --------- d-----w C:\Program Files\History Sweeper
2008-03-16 07:43 --------- d-----w C:\Program Files\totalcmd
2008-03-16 07:07 --------- dc----w C:\Documents and Settings\All Users\Data aplikací\Ashampoo
2008-03-16 07:07 --------- d-----w C:\Program Files\Ashampoo
2008-03-15 15:33 --------- d-----w C:\Program Files\Webteh
2008-03-15 15:33 --------- d-----w C:\Documents and Settings\hranol\Data aplikací\BSplayer PRO
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-13 14:52 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-03-13 14:52 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-03-13 14:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-03-12 12:05 --------- d-----w C:\Program Files\%temp&
2008-03-11 21:05 --------- d-----w C:\Documents and Settings\hranol\Data aplikací\GARMIN
2008-03-02 18:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 19:48 --------- d-----w C:\Program Files\FastStone Capture
2008-02-24 07:26 --------- d-----w C:\Program Files\DivX
2008-02-24 07:03 --------- d-----w C:\Program Files\Internet Download Manager
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-02-04 17:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2007-04-15 16:53 87,608 -c--a-w C:\Documents and Settings\hranol\Data aplikací\ezpinst.exe
2007-04-15 16:53 47,360 -c--a-w C:\Documents and Settings\hranol\Data aplikací\pcouffin.sys
2007-05-17 21:16 23 -csha-w C:\WINDOWS\system32\faecaf9_r.dll
.
------- Sigcheck -------
2007-06-13 15:23 4919808 24b1ff8bd1f86242d90fd09f66484c84 C:\WINDOWS\explorer.exe
2007-06-13 15:11 1033728 9b32416bd5988c97b6397ce0b02caf97 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2003-04-16 14:00 1004544 11d80755545cfb5eb9659ee88440eae2 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-17 15:49 4918784 c6c0c8de8425eed7c666f10f5d9104f0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 4919808 24b1ff8bd1f86242d90fd09f66484c84 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:23 1033728 ed7b460b142a32097b8a8f6ecc941815 C:\WINDOWS\VCP_SAVE\explorer.exe
2007-06-13 15:23 4919808 24b1ff8bd1f86242d90fd09f66484c84 C:\WINDOWS\VCP_TEMP\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-17_ 9.43.31.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 07:35:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 15:11:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-12-15 15:53:19 166,455 ----a-w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
+ 2008-04-17 07:50:51 166,455 ----a-w C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
- 2007-12-15 15:53:21 5,194 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
+ 2008-04-17 07:50:51 5,194 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-04-26 00:04 3762768]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-02 23:28 171448]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-21 08:44 2594224]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2008-01-24 19:36 141352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"RestoreDesktop"="C:\Program Files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 10:52 45056]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:16 3147872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SeznamAntidialer"="C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe" [2005-01-24 11:11 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"GrooveMonitor"="D:\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"hmonitor"="C:\Program Files\Hmonitor\hmonitor.exe" [2006-11-14 18:15 860160]
"HP Software Update"="D:\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-08-28 17:31 169312]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\hranol\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - D:\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\hranol\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - D:\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\hranol\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - D:\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - D:\Reader\reader_sl.exe [2006-10-23 02:48:00 40048]
Adobe Reader Synchronizer.lnk - D:\Reader\AdobeCollabSync.exe [2007-05-11 11:29:22 738968]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-04-14 16:56:01 962663]
HP Digital Imaging Monitor.lnk - D:\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - D:\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
[HKLM\~\startupfolder\C:^Documents and Settings^hranol^Nabídka Start^Programy^Po spuštění^AdMuncher.lnk]
backup=C:\WINDOWS\pss\AdMuncher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-17 15:49 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iconcache]
--a------ 2006-02-18 07:19 621 c:\windows\vcp_temp\iconcache\icon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 12:16 3147872 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero DriveSpeed]
--------- 2005-04-20 17:46 593920 D:\Ahead\NEROTO~1\DRIVES~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
--a------ 2007-05-17 13:58 26624 C:\WINDOWS\OETRN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QSmile]
--------- 2006-02-16 05:27 689017 C:\Program Files\AsefSoft\Quick Smile 3\QSmile.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe]
--a------ 2008-02-26 01:06 176128 C:\Program Files\History Sweeper\sweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"D:\\Office12\\OUTLOOK.EXE"=
"D:\\Office12\\GROOVE.EXE"=
"D:\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Chronograph\\chrono.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ad Muncher\\AdMunch.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2006-10-05 14:31]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 14:10]
R3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2001-05-21 14:01]
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 RockfireAnalogJoystickEnabler;Rockfire Analog Gamedevice driver;C:\WINDOWS\system32\drivers\RFTBtn.sys [2001-05-21 11:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 14:00:37 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-17 21:12:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chronograph"="\"C:\\Program Files\\Chronograph\\chrono.exe\" /autorun"
.
Completion time: 2008-04-17 21:16:51
ComboFix-quarantined-files.txt 2008-04-17 19:15:46
ComboFix2.txt 2008-04-17 08:41:47
ComboFix3.txt 2008-04-17 07:44:52
Adresářů: 16, Volných bajtů: 5,450,489,856
Adresářů: 18, Volných bajtů: 5,438,689,280
.
2008-04-14 09:07:14 --- E O F ---
================================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:42, on 17.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe
D:\Office12\GrooveMonitor.exe
C:\Program Files\Hmonitor\hmonitor.exe
D:\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Chronograph\chrono.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.czR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu21C4\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Bezpecny Internet\SBI.dll
O4 - HKLM\..\Run: [SeznamAntidialer] "C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = D:\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Přelož do češtiny -
res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Block frame with Ad Muncher -
http://www.admuncher.com/request_will_b ... u_ie_frameO8 - Extra context menu item: Block image with Ad Muncher -
http://www.admuncher.com/request_will_b ... u_ie_imageO8 - Extra context menu item: Block link with Ad Muncher -
http://www.admuncher.com/request_will_b ... nu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_will_b ... ie_excludeO8 - Extra context menu item: Hledej v &Seznamu -
res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu -
res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_will_b ... _ie_reportO8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone:
http://toolbar.imageshack.usO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 6571819750O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
http://toolbar.imageshack.us/toolbar/Im ... oolbar.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/pub/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7BEF656D-72B5-4513-B854-E88C725548AC}: NameServer = 212.158.128.2 212.158.128.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: opnMEUOG - C:\WINDOWS\
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: aswUpdSv - ALWIL Software - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 11397 bytes
================================================================================================
Kód: Vybrat vše
http://trendsecure.custhelp.com/cgi-bin/trendsecure.cfg/php/enduser/std_alp.phpTohle se me ukazalo pri Hijacku.....viz nahore http.......kdyz jsem spustil Hijack,chvilicku jel...potom naskocila chyba.....kdyz jsem dal...odklikl,tak naskocila ta stranka a Hijack normalne dokoncil kontrolu....zapomnel jsem
vypnout net....
Spybot....mel jsem zatrhlou rez.......jak jsi psal...tak jsem ji vypl.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:42, on 17.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe
D:\Office12\GrooveMonitor.exe
C:\Program Files\Hmonitor\hmonitor.exe
D:\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Chronograph\chrono.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.czR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu21C4\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Bezpecny Internet\SBI.dll
O4 - HKLM\..\Run: [SeznamAntidialer] "C:\Program Files\Seznam Bezpecny Internet\SBIAntiDialer.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = D:\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Přelož do češtiny -
res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Block frame with Ad Muncher -
http://www.admuncher.com/request_will_b ... u_ie_frameO8 - Extra context menu item: Block image with Ad Muncher -
http://www.admuncher.com/request_will_b ... u_ie_imageO8 - Extra context menu item: Block link with Ad Muncher -
http://www.admuncher.com/request_will_b ... nu_ie_linkO8 - Extra context menu item: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_will_b ... ie_excludeO8 - Extra context menu item: Hledej v &Seznamu -
res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu -
res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_will_b ... _ie_reportO8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone:
http://toolbar.imageshack.usO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 6571819750O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
http://toolbar.imageshack.us/toolbar/Im ... oolbar.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/pub/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7BEF656D-72B5-4513-B854-E88C725548AC}: NameServer = 212.158.128.2 212.158.128.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: opnMEUOG - C:\WINDOWS\
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: aswUpdSv - ALWIL Software - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 11397 bytes
