Takže tady log z ComboFixu
Když se to dokončilo,restartnul se PC a zase mi zmizely DNS adresy(nešel spustit net) tak sem je musel dopsat
ComboFix 08-11-22.02 - Martin G 2008-11-23 14:54:06.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.99 [GMT 1:00]
Spuštěný z: d:\documents and settings\Martin G\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Martin G\Data aplikací\BITS
d:\documents and settings\Martin G\Data aplikací\BITS\BITS.ini
d:\documents and settings\Martin G\Data aplikací\BITS\DHTTable.dat
d:\documents and settings\Martin G\Data aplikací\BITS\ProxyList.ini
d:\documents and settings\Martin G\Data aplikací\BITS\Torrent\20081001192041.torrent
d:\documents and settings\Martin G\Data aplikací\BITS\Torrent\20081001192041.torrent.~tmp
d:\documents and settings\Martin G\Data aplikací\BITS\Torrent\20081001192041.torrent.bits
d:\documents and settings\Martin G\Data aplikací\BITS\Torrent\20081001192041.torrent.filelist
d:\documents and settings\Martin G\Data aplikací\BITS\Torrent\20081001192041.torrent.hybridlist
d:\documents and settings\Martin G\Data aplikací\BITS\Torrent\20081001192041.torrent.seeds
d:\documents and settings\Martin G\Data aplikací\inst.exe
d:\program files\FlashGet Network
d:\program files\FlashGet Network\FlashGet universal\btcore.dll
d:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\48e3b169.torrent
d:\program files\FlashGet Network\FlashGet universal\btwrap.dll
d:\program files\FlashGet Network\FlashGet universal\BugReport.dll
d:\program files\FlashGet Network\FlashGet universal\BugReport.exe
d:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
d:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
d:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
d:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
d:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
d:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
d:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
d:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
d:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
d:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
d:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
d:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
d:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
d:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
d:\program files\FlashGet Network\FlashGet universal\fgoption.ini
d:\program files\FlashGet Network\FlashGet universal\FGVer.dll
d:\program files\FlashGet Network\FlashGet universal\flashget.exe
d:\program files\FlashGet Network\FlashGet universal\gt.exe
d:\program files\FlashGet Network\FlashGet universal\hashgen.dll
d:\program files\FlashGet Network\FlashGet universal\Help\license.txt
d:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
d:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
d:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
d:\program files\FlashGet Network\FlashGet universal\libupnp.dll
d:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
d:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
d:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
d:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
d:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
d:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
d:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
d:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
d:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
d:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
d:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
d:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
d:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
d:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
d:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
d:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
d:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
d:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
d:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
d:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
d:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
d:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
d:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
d:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
d:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
d:\program files\FlashGet Network\FlashGet universal\storage.dll
d:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
d:\program files\FlashGet Network\FlashGet universal\transaction.log
d:\program files\FlashGet Network\FlashGet universal\uninst.exe
d:\program files\FlashGet Network\FlashGet universal\zlib.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-23 do 2008-11-23 )))))))))))))))))))))))))))))))
.
2008-11-23 15:09 . 2008-11-23 15:09 <DIR> d-------- d:\windows\system32\xircom
2008-11-23 15:09 . 2008-11-23 15:09 <DIR> d-------- d:\program files\microsoft frontpage
2008-11-23 14:23 . 2008-11-23 14:23 61,440 --a------ D:\rmdlagentuj.exe
2008-11-22 19:05 . 2008-11-22 19:05 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Malwarebytes
2008-11-22 19:05 . 2008-10-22 16:10 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-11-22 19:04 . 2008-11-22 19:05 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-11-22 19:04 . 2008-11-22 19:04 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-22 19:04 . 2008-11-22 19:04 2,372,472 --a------ D:\mbam-setup.exe
2008-11-22 19:04 . 2008-10-22 16:10 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 18:27 . 2008-11-22 18:37 <DIR> d-------- D:\fixwareout
2008-11-22 18:27 . 2008-09-20 23:55 486,449 --a------ D:\Fixwareout.exe
2008-11-22 18:27 . 2008-11-22 18:27 460,729 --a------ D:\fwo.zip
2008-11-22 14:27 . 2008-11-22 21:19 <DIR> d-------- D:\Downloads
2008-11-21 19:47 . 2008-11-21 19:47 <DIR> d-------- d:\program files\Webteh
2008-11-20 17:55 . 2008-11-20 17:55 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Thinstall
2008-11-20 17:33 . 2008-11-22 22:23 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\BSplayer PRO
2008-11-18 15:54 . 2008-11-18 16:02 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\vlc
2008-11-18 15:52 . 2008-11-18 15:52 <DIR> d-------- d:\program files\VideoLAN
2008-11-16 15:21 . 2008-11-16 15:21 754 --a------ d:\windows\WORDPAD.INI
2008-11-16 15:19 . 2008-05-30 14:19 507,400 --a------ d:\windows\system32\XAudio2_1.dll
2008-11-16 15:19 . 2008-05-30 14:18 238,088 --a------ d:\windows\system32\xactengine3_1.dll
2008-11-16 15:19 . 2008-05-30 14:17 65,032 --a------ d:\windows\system32\XAPOFX1_0.dll
2008-11-16 15:19 . 2008-05-30 14:17 25,608 --a------ d:\windows\system32\X3DAudio1_4.dll
2008-11-16 15:18 . 2008-05-30 14:11 3,850,760 --a------ d:\windows\system32\D3DX9_38.dll
2008-11-16 15:18 . 2008-05-30 14:11 1,491,992 --a------ d:\windows\system32\D3DCompiler_38.dll
2008-11-16 15:18 . 2008-05-30 14:11 467,984 --a------ d:\windows\system32\d3dx10_38.dll
2008-11-16 15:07 . 2008-11-17 09:35 <DIR> d-------- d:\program files\Steam
2008-11-16 15:07 . 2008-11-16 15:07 <DIR> d-------- d:\program files\Sports Interactive
2008-11-16 12:49 . 2008-11-16 12:49 18,251 --a------ D:\Nickelback___Dark_Horse___2008___320kbps.torrent
2008-11-15 19:37 . 2008-11-15 19:37 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\CyberLink
2008-11-15 19:37 . 2008-11-15 19:38 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\CyberLink
2008-11-15 19:36 . 2008-11-15 19:36 <DIR> d-------- d:\program files\Common Files\CyberLink
2008-11-15 19:34 . 2008-11-15 19:37 <DIR> d-------- d:\program files\CyberLink
2008-11-15 19:31 . 2008-11-16 14:34 29,480 --a------ d:\windows\system32\msxml3a.dll
2008-11-09 14:18 . 2008-11-22 17:24 <DIR> d-------- d:\program files\Metal Gear Solid
2008-11-09 12:06 . 2007-07-02 11:27 338,304 --a------ d:\windows\system32\_AxShlEx.dll
2008-11-09 12:04 . 2008-11-09 12:04 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\SlySoft
2008-11-09 12:03 . 2008-11-09 12:03 24 ---hs---- d:\windows\SE6CEC13C.tmp
2008-11-09 12:02 . 2008-11-09 12:02 <DIR> d-------- d:\program files\SlySoft
2008-11-09 11:57 . 2008-11-09 11:57 <DIR> d-------- d:\program files\Alcohol Soft
2008-11-08 10:26 . 2008-11-08 10:25 1,056,930 --a------ d:\windows\_945.jpg
2008-11-08 09:06 . 2008-11-08 09:06 <DIR> d-------- d:\program files\Common Files\BOONTY Shared
2008-11-08 09:06 . 2008-11-08 09:06 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\BOONTY
2008-11-08 08:32 . 2008-11-08 08:33 <DIR> d-------- d:\program files\Universal Extractor
2008-11-07 16:49 . 2008-11-07 16:49 306,432 --a------ d:\windows\system32\TuneUpDefragService.exe
2008-11-07 16:49 . 2007-12-20 10:41 29,440 --a------ d:\windows\system32\uxtuneup.dll
2008-11-07 16:48 . 2008-11-07 16:48 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\TuneUp Software
2008-11-07 16:47 . 2008-11-07 16:52 <DIR> d-------- d:\program files\TuneUp Utilities 2008
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\vsosdk
2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- d:\program files\Prometheus
2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Prometheus
2008-11-06 17:37 . 2008-11-15 09:07 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Vso
2008-11-06 17:37 . 2008-11-06 17:37 47,360 --a------ d:\windows\system32\drivers\pcouffin.sys
2008-11-06 17:37 . 2008-11-06 17:37 47,360 --a------ d:\documents and settings\Martin G\Data aplikací\pcouffin.sys
2008-11-06 17:36 . 2008-11-06 17:36 <DIR> d-------- d:\program files\VSO
2008-11-06 17:36 . 2004-05-04 12:53 1,645,320 --a------ d:\windows\gdiplus.dll
2008-11-06 17:36 . 2006-05-20 17:16 1,184,984 --a------ d:\windows\system32\wvc1dmod.dll
2008-11-06 17:36 . 2006-05-11 20:21 626,688 --a------ d:\windows\system32\vp7vfw.dll
2008-11-06 17:36 . 2006-09-29 13:24 217,127 --a------ d:\windows\system32\drv43260.dll
2008-11-06 17:36 . 2006-09-29 13:25 208,935 --a------ d:\windows\system32\drv33260.dll
2008-11-06 17:36 . 2006-09-29 13:26 176,165 --a------ d:\windows\system32\drv23260.dll
2008-11-06 17:36 . 2007-03-18 21:37 65,602 --a------ d:\windows\system32\cook3260.dll
2008-11-06 17:10 . 2008-11-06 17:12 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\PSpad
2008-11-06 17:09 . 2008-11-06 17:09 <DIR> d-------- d:\program files\PSPad editor
2008-11-06 16:55 . 2008-11-06 17:00 <DIR> d-------- d:\documents and settings\Martin G\avidemux
2008-11-06 16:07 . 2008-11-06 16:07 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\NeroDigital™
2008-11-02 16:06 . 2008-11-02 16:06 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Sports Interactive
2008-11-02 15:51 . 2008-11-02 15:51 <DIR> d-------- d:\windows\Logs
2008-11-02 13:52 . 2008-11-02 13:52 <DIR> d-------- d:\program files\Collectorz.com
2008-10-30 15:06 . 2008-11-23 15:08 55,386 --a------ d:\windows\system32\oodbs.lor
2008-10-29 11:45 . 2008-10-29 11:45 <DIR> d-------- d:\program files\OO Software
2008-10-28 09:33 . 2008-10-28 09:33 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\VitySoft
2008-10-27 21:02 . 2008-10-27 21:01 410,976 --a------ d:\windows\system32\deploytk.dll
2008-10-27 21:02 . 2008-10-27 21:01 73,728 --a------ d:\windows\system32\javacpl.cpl
2008-10-27 21:01 . 2008-10-27 21:01 <DIR> d-------- d:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 14:10 106,516,512 --sha-w d:\windows\system32\drivers\fidbox.dat
2008-11-23 14:09 3,873,980 ----a-w d:\windows\Internet Logs\tvDebug.zip
2008-11-23 14:04 1,250,240 --sha-w d:\windows\system32\drivers\fidbox.idx
2008-11-23 13:29 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Orbit
2008-11-22 08:01 847,872 ----a-w d:\windows\Internet Logs\xDB10.tmp
2008-11-21 18:34 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-21 08:12 --------- d-----w d:\program files\Mozilla Firefox3
2008-11-16 14:41 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Sports Interactive
2008-11-16 13:35 --------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2008-11-16 11:53 --------- d-----w d:\documents and settings\Martin G\Data aplikací\uTorrent
2008-11-15 12:26 39,936 ----a-w d:\windows\Internet Logs\xDBE.tmp
2008-11-15 12:21 1,460,736 ----a-w d:\windows\Internet Logs\xDBF.tmp
2008-11-14 20:39 57,856 ----a-w d:\windows\Internet Logs\xDBD.tmp
2008-11-13 19:06 176,640 ----a-w d:\windows\Internet Logs\xDBC.tmp
2008-11-10 18:28 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Skype
2008-11-09 19:18 129,536 ----a-w d:\windows\Internet Logs\xDBB.tmp
2008-11-08 16:48 92,160 ----a-w d:\windows\Internet Logs\xDBA.tmp
2008-11-07 22:32 450,048 ----a-w d:\windows\Internet Logs\xDB9.tmp
2008-11-07 19:31 --------- d-----w d:\program files\US Downloader
2008-11-07 15:47 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2008-10-30 19:55 126,464 ----a-w d:\windows\Internet Logs\xDB8.tmp
2008-10-28 21:50 2,634,752 ----a-w d:\windows\Internet Logs\xDB7.tmp
2008-10-20 13:53 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Hamachi
2008-10-19 09:10 --------- d-----w d:\program files\DkZ Studio
2008-10-16 15:05 25,280 ----a-w d:\windows\system32\drivers\hamachi.sys
2008-10-16 15:05 --------- d-----w d:\program files\Hamachi
2008-10-16 14:30 --------- d-----w d:\documents and settings\Martin G\Data aplikací\skypePM
2008-10-11 06:18 --------- d-----w d:\program files\Mp3 Knife
2008-10-09 16:21 --------- d-----w d:\program files\ICQ6
2008-10-08 15:14 --------- d-----w d:\program files\AIMP2
2008-10-05 16:51 --------- d-----w d:\program files\DOSBox-0.63
2008-10-02 16:10 --------- d-----w d:\program files\SopCast
2008-09-29 14:51 --------- d-----w d:\program files\Orbitdownloader
2008-09-23 13:33 --------- d-----w d:\program files\FreeRapid-0.5
2008-09-02 09:46 556,544 ----a-w d:\windows\Internet Logs\xDB4.tmp
2008-09-02 09:46 1,281,024 ----a-w d:\windows\Internet Logs\xDB5.tmp
2008-09-02 09:43 1,280,512 ----a-w d:\windows\Internet Logs\xDB6.tmp
2008-09-01 07:59 2,678,272 ----a-w d:\windows\Internet Logs\xDB1.tmp
2008-09-01 07:59 1,687,552 ----a-w d:\windows\Internet Logs\xDB2.tmp
2008-08-31 19:32 1,687,040 ----a-w d:\windows\Internet Logs\xDB3.tmp
2006-05-03 09:06 163,328 --sh--r d:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r d:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w d:\windows\system32\Smab0.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2008-06-21 949376]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"nwiz"="nwiz.exe" [2007-12-05 d:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-01-28 d:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
d:\documents and settings\Martin G\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= d:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= d:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= d:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=d:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Martin G^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=d:\documents and settings\Martin G\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=d:\windows\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Appwarp]
--a------ 2001-09-08 00:11 297472 d:\progra~1\REMI-S~1\APPLIC~1\ApplicationWarp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-08-08 10:16 91432 d:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 d:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 13:05 486856 d:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 d:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 d:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 d:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-09-26 18:39 1410296 d:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-30 15:34 185896 d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"InCDsrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Hry\\Football manager 2008\\fm.exe"=
"d:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Paradox Entertainment\\Hearts of Iron\\HoI.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"d:\\Hry\\Football Manager 2009\\fm.exe"=
R0 hotcore2;hotcore2;d:\windows\system32\drivers\hotcore2.sys [2008-02-23 30808]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\d:\program files\CyberLink\PowerDVD8\000.fcl [2008-08-08 10:15:56 41456]
R2 UxTuneUp;TuneUp Theme Extension;d:\windows\System32\svchost.exe -k netsvcs [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);d:\windows\system32\DRIVERS\k510bus.sys [2008-04-09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;d:\windows\system32\DRIVERS\k510mdfl.sys [2008-04-09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;d:\windows\system32\DRIVERS\k510mdm.sys [2008-04-09 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\k510mgmt.sys [2008-04-09 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\k510obex.sys [2008-04-09 83344]
S3 tap0901_2gm;VPN Anonymizer Adapter;d:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;d:\windows\System32\TuneUpDefragService.exe [2008-11-07 306432]
S4 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2008-11-21 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
2008-08-09 d:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-BitTorrent DNA - d:\program files\DNA\btdna.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - d:\documents and settings\Martin G\Data aplikací\Mozilla\Firefox\Profiles\j36c595b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz
FF -: plugin - d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npdeploytk.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npnul32.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Mozilla Firefox3\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npdsplay.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\NPSWF32.dll
FF -: plugin - d:\program files\Opera8.54\program\plugins\npwmsdrm.dll
FF -: plugin - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 15:09:42
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1004)
d:\windows\system32\rsaenh.dll
d:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\msprivs.dll
d:\windows\system32\rsaenh.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3732)
d:\windows\system32\rsaenh.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ZoneLabs\vsmon.exe
d:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
d:\program files\ESET\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\IoctlSvc.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2008-11-23 15:18:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-23 14:17:55
Před spuštěním: Volných bajtů: 31 947 915 264
Po spuštění: Volných bajtů: 31,832,141,824
578 --- E O F --- 2008-09-25 14:17:40
Prosím o kontrolu logu-pomalý start PC
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu-pomalý start PC
Hezká sbírka...
Toto otestuj na Virustotal
D:\rmdlagentuj.exe
d:\windows\SE6CEC13C.tmp
d:\windows\_945.jpg
Vlož sem pak výsledky.
Toto otestuj na Virustotal
D:\rmdlagentuj.exe
d:\windows\SE6CEC13C.tmp
d:\windows\_945.jpg
Vlož sem pak výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu-pomalý start PC
d:\windows\_945.jpg http://www.virustotal.com/cs/analisis/c ... 573aa542a8
D:\rmdlagentuj.exe http://www.virustotal.com/cs/analisis/5 ... 4085db0034
d:\windows\SE6CEC13C.tmp tohle v PC nemám,dal sem hledat ale nenašlo mi to
D:\rmdlagentuj.exe http://www.virustotal.com/cs/analisis/5 ... 4085db0034
d:\windows\SE6CEC13C.tmp tohle v PC nemám,dal sem hledat ale nenašlo mi to
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu-pomalý start PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu-pomalý start PC
Opět problém s DNS adresama jako minule.
ComboFix log:
ComboFix 08-11-22.02 - Martin G 2008-11-23 16:48:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.94 [GMT 1:00]
Spuštěný z: d:\documents and settings\Martin G\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Martin G\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-23 do 2008-11-23 )))))))))))))))))))))))))))))))
.
2008-11-23 15:09 . 2008-11-23 15:09 <DIR> d-------- d:\windows\system32\xircom
2008-11-23 15:09 . 2008-11-23 15:09 <DIR> d-------- d:\program files\microsoft frontpage
2008-11-23 14:23 . 2008-11-23 14:23 61,440 --a------ D:\rmdlagentuj.exe
2008-11-22 19:05 . 2008-11-22 19:05 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Malwarebytes
2008-11-22 19:05 . 2008-10-22 16:10 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-11-22 19:04 . 2008-11-22 19:05 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-11-22 19:04 . 2008-11-22 19:04 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-22 19:04 . 2008-11-22 19:04 2,372,472 --a------ D:\mbam-setup.exe
2008-11-22 19:04 . 2008-10-22 16:10 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 18:27 . 2008-11-22 18:37 <DIR> d-------- D:\fixwareout
2008-11-22 18:27 . 2008-09-20 23:55 486,449 --a------ D:\Fixwareout.exe
2008-11-22 18:27 . 2008-11-22 18:27 460,729 --a------ D:\fwo.zip
2008-11-22 14:27 . 2008-11-22 21:19 <DIR> d-------- D:\Downloads
2008-11-21 19:47 . 2008-11-21 19:47 <DIR> d-------- d:\program files\Webteh
2008-11-20 17:55 . 2008-11-20 17:55 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Thinstall
2008-11-20 17:33 . 2008-11-22 22:23 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\BSplayer PRO
2008-11-18 15:54 . 2008-11-18 16:02 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\vlc
2008-11-18 15:52 . 2008-11-18 15:52 <DIR> d-------- d:\program files\VideoLAN
2008-11-16 15:21 . 2008-11-16 15:21 754 --a------ d:\windows\WORDPAD.INI
2008-11-16 15:19 . 2008-05-30 14:19 507,400 --a------ d:\windows\system32\XAudio2_1.dll
2008-11-16 15:19 . 2008-05-30 14:18 238,088 --a------ d:\windows\system32\xactengine3_1.dll
2008-11-16 15:19 . 2008-05-30 14:17 65,032 --a------ d:\windows\system32\XAPOFX1_0.dll
2008-11-16 15:19 . 2008-05-30 14:17 25,608 --a------ d:\windows\system32\X3DAudio1_4.dll
2008-11-16 15:18 . 2008-05-30 14:11 3,850,760 --a------ d:\windows\system32\D3DX9_38.dll
2008-11-16 15:18 . 2008-05-30 14:11 1,491,992 --a------ d:\windows\system32\D3DCompiler_38.dll
2008-11-16 15:18 . 2008-05-30 14:11 467,984 --a------ d:\windows\system32\d3dx10_38.dll
2008-11-16 15:07 . 2008-11-17 09:35 <DIR> d-------- d:\program files\Steam
2008-11-16 15:07 . 2008-11-16 15:07 <DIR> d-------- d:\program files\Sports Interactive
2008-11-16 12:49 . 2008-11-16 12:49 18,251 --a------ D:\Nickelback___Dark_Horse___2008___320kbps.torrent
2008-11-15 19:37 . 2008-11-15 19:37 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\CyberLink
2008-11-15 19:37 . 2008-11-15 19:38 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\CyberLink
2008-11-15 19:36 . 2008-11-15 19:36 <DIR> d-------- d:\program files\Common Files\CyberLink
2008-11-15 19:34 . 2008-11-15 19:37 <DIR> d-------- d:\program files\CyberLink
2008-11-15 19:31 . 2008-11-16 14:34 29,480 --a------ d:\windows\system32\msxml3a.dll
2008-11-09 14:18 . 2008-11-22 17:24 <DIR> d-------- d:\program files\Metal Gear Solid
2008-11-09 12:06 . 2007-07-02 11:27 338,304 --a------ d:\windows\system32\_AxShlEx.dll
2008-11-09 12:04 . 2008-11-09 12:04 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\SlySoft
2008-11-09 12:03 . 2008-11-09 12:03 24 ---hs---- d:\windows\SE6CEC13C.tmp
2008-11-09 12:02 . 2008-11-09 12:02 <DIR> d-------- d:\program files\SlySoft
2008-11-09 11:57 . 2008-11-09 11:57 <DIR> d-------- d:\program files\Alcohol Soft
2008-11-08 10:26 . 2008-11-08 10:25 1,056,930 --a------ d:\windows\_945.jpg
2008-11-08 09:06 . 2008-11-08 09:06 <DIR> d-------- d:\program files\Common Files\BOONTY Shared
2008-11-08 09:06 . 2008-11-08 09:06 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\BOONTY
2008-11-08 08:32 . 2008-11-08 08:33 <DIR> d-------- d:\program files\Universal Extractor
2008-11-07 16:49 . 2008-11-07 16:49 306,432 --a------ d:\windows\system32\TuneUpDefragService.exe
2008-11-07 16:49 . 2007-12-20 10:41 29,440 --a------ d:\windows\system32\uxtuneup.dll
2008-11-07 16:48 . 2008-11-07 16:48 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\TuneUp Software
2008-11-07 16:47 . 2008-11-07 16:52 <DIR> d-------- d:\program files\TuneUp Utilities 2008
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\vsosdk
2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- d:\program files\Prometheus
2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Prometheus
2008-11-06 17:37 . 2008-11-15 09:07 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Vso
2008-11-06 17:37 . 2008-11-06 17:37 47,360 --a------ d:\windows\system32\drivers\pcouffin.sys
2008-11-06 17:37 . 2008-11-06 17:37 47,360 --a------ d:\documents and settings\Martin G\Data aplikací\pcouffin.sys
2008-11-06 17:36 . 2008-11-06 17:36 <DIR> d-------- d:\program files\VSO
2008-11-06 17:36 . 2004-05-04 12:53 1,645,320 --a------ d:\windows\gdiplus.dll
2008-11-06 17:36 . 2006-05-20 17:16 1,184,984 --a------ d:\windows\system32\wvc1dmod.dll
2008-11-06 17:36 . 2006-05-11 20:21 626,688 --a------ d:\windows\system32\vp7vfw.dll
2008-11-06 17:36 . 2006-09-29 13:24 217,127 --a------ d:\windows\system32\drv43260.dll
2008-11-06 17:36 . 2006-09-29 13:25 208,935 --a------ d:\windows\system32\drv33260.dll
2008-11-06 17:36 . 2006-09-29 13:26 176,165 --a------ d:\windows\system32\drv23260.dll
2008-11-06 17:36 . 2007-03-18 21:37 65,602 --a------ d:\windows\system32\cook3260.dll
2008-11-06 17:10 . 2008-11-06 17:12 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\PSpad
2008-11-06 17:09 . 2008-11-06 17:09 <DIR> d-------- d:\program files\PSPad editor
2008-11-06 16:55 . 2008-11-06 17:00 <DIR> d-------- d:\documents and settings\Martin G\avidemux
2008-11-06 16:07 . 2008-11-06 16:07 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\NeroDigital™
2008-11-02 16:06 . 2008-11-02 16:06 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Sports Interactive
2008-11-02 15:51 . 2008-11-02 15:51 <DIR> d-------- d:\windows\Logs
2008-11-02 13:52 . 2008-11-02 13:52 <DIR> d-------- d:\program files\Collectorz.com
2008-10-30 15:06 . 2008-11-23 15:08 55,386 --a------ d:\windows\system32\oodbs.lor
2008-10-29 11:45 . 2008-10-29 11:45 <DIR> d-------- d:\program files\OO Software
2008-10-28 09:33 . 2008-10-28 09:33 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\VitySoft
2008-10-27 21:02 . 2008-10-27 21:01 410,976 --a------ d:\windows\system32\deploytk.dll
2008-10-27 21:02 . 2008-10-27 21:01 73,728 --a------ d:\windows\system32\javacpl.cpl
2008-10-27 21:01 . 2008-10-27 21:01 <DIR> d-------- d:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 15:57 106,737,696 --sha-w d:\windows\system32\drivers\fidbox.dat
2008-11-23 14:09 3,873,980 ----a-w d:\windows\Internet Logs\tvDebug.zip
2008-11-23 14:04 1,250,240 --sha-w d:\windows\system32\drivers\fidbox.idx
2008-11-23 13:29 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Orbit
2008-11-22 08:01 847,872 ----a-w d:\windows\Internet Logs\xDB10.tmp
2008-11-21 18:34 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-21 08:12 --------- d-----w d:\program files\Mozilla Firefox3
2008-11-16 14:41 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Sports Interactive
2008-11-16 13:35 --------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2008-11-16 13:34 353,576 ----a-w d:\windows\system32\msvcr71.dll
2008-11-16 11:53 --------- d-----w d:\documents and settings\Martin G\Data aplikací\uTorrent
2008-11-15 12:26 39,936 ----a-w d:\windows\Internet Logs\xDBE.tmp
2008-11-15 12:21 1,460,736 ----a-w d:\windows\Internet Logs\xDBF.tmp
2008-11-14 20:39 57,856 ----a-w d:\windows\Internet Logs\xDBD.tmp
2008-11-13 19:06 176,640 ----a-w d:\windows\Internet Logs\xDBC.tmp
2008-11-10 18:28 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Skype
2008-11-09 19:18 129,536 ----a-w d:\windows\Internet Logs\xDBB.tmp
2008-11-08 16:48 92,160 ----a-w d:\windows\Internet Logs\xDBA.tmp
2008-11-07 22:32 450,048 ----a-w d:\windows\Internet Logs\xDB9.tmp
2008-11-07 19:31 --------- d-----w d:\program files\US Downloader
2008-11-07 15:47 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2008-10-30 19:55 126,464 ----a-w d:\windows\Internet Logs\xDB8.tmp
2008-10-28 21:50 2,634,752 ----a-w d:\windows\Internet Logs\xDB7.tmp
2008-10-20 13:53 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Hamachi
2008-10-19 09:10 --------- d-----w d:\program files\DkZ Studio
2008-10-16 15:05 25,280 ----a-w d:\windows\system32\drivers\hamachi.sys
2008-10-16 15:05 --------- d-----w d:\program files\Hamachi
2008-10-16 14:30 --------- d-----w d:\documents and settings\Martin G\Data aplikací\skypePM
2008-10-11 06:18 --------- d-----w d:\program files\Mp3 Knife
2008-10-09 16:21 --------- d-----w d:\program files\ICQ6
2008-10-08 15:14 --------- d-----w d:\program files\AIMP2
2008-10-05 16:51 --------- d-----w d:\program files\DOSBox-0.63
2008-10-02 16:10 --------- d-----w d:\program files\SopCast
2008-09-29 14:51 --------- d-----w d:\program files\Orbitdownloader
2008-09-28 08:21 98,304 ----a-w d:\windows\system32\CmdLineExt.dll
2008-09-23 13:33 --------- d-----w d:\program files\FreeRapid-0.5
2008-09-04 04:58 894,208 ----a-w d:\windows\system32\oodtrrs.dll
2008-09-02 09:46 556,544 ----a-w d:\windows\Internet Logs\xDB4.tmp
2008-09-02 09:46 1,281,024 ----a-w d:\windows\Internet Logs\xDB5.tmp
2008-09-02 09:43 1,280,512 ----a-w d:\windows\Internet Logs\xDB6.tmp
2008-09-01 07:59 2,678,272 ----a-w d:\windows\Internet Logs\xDB1.tmp
2008-09-01 07:59 1,687,552 ----a-w d:\windows\Internet Logs\xDB2.tmp
2008-08-31 19:32 1,687,040 ----a-w d:\windows\Internet Logs\xDB3.tmp
2008-08-23 16:22 43,520 ----a-w d:\windows\system32\CmdLineExt03.dll
2006-05-03 09:06 163,328 --sh--r d:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r d:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w d:\windows\system32\Smab0.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2008-06-21 949376]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"nwiz"="nwiz.exe" [2007-12-05 d:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-01-28 d:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
d:\documents and settings\Martin G\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= d:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= d:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= d:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=d:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Martin G^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=d:\documents and settings\Martin G\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=d:\windows\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Appwarp]
--a------ 2001-09-08 00:11 297472 d:\progra~1\REMI-S~1\APPLIC~1\ApplicationWarp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-08-08 10:16 91432 d:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 d:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 13:05 486856 d:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 d:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 d:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 d:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-09-26 18:39 1410296 d:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-30 15:34 185896 d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"InCDsrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Hry\\Football manager 2008\\fm.exe"=
"d:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Paradox Entertainment\\Hearts of Iron\\HoI.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"d:\\Hry\\Football Manager 2009\\fm.exe"=
R0 hotcore2;hotcore2;d:\windows\system32\drivers\hotcore2.sys [2008-02-23 30808]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\d:\program files\CyberLink\PowerDVD8\000.fcl [2008-08-08 10:15:56 41456]
R2 UxTuneUp;TuneUp Theme Extension;d:\windows\System32\svchost.exe -k netsvcs [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);d:\windows\system32\DRIVERS\k510bus.sys [2008-04-09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;d:\windows\system32\DRIVERS\k510mdfl.sys [2008-04-09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;d:\windows\system32\DRIVERS\k510mdm.sys [2008-04-09 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\k510mgmt.sys [2008-04-09 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\k510obex.sys [2008-04-09 83344]
S3 tap0901_2gm;VPN Anonymizer Adapter;d:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;d:\windows\System32\TuneUpDefragService.exe [2008-11-07 306432]
S4 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
2008-11-21 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
2008-08-09 d:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 16:56:16
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1004)
d:\windows\system32\rsaenh.dll
d:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\msprivs.dll
d:\windows\system32\rsaenh.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2240)
d:\windows\system32\rsaenh.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
.
Celkový čas: 2008-11-23 17:02:21
ComboFix-quarantined-files.txt 2008-11-23 16:02:11
ComboFix2.txt 2008-11-23 14:18:09
Před spuštěním: Volných bajtů: 32 037 855 232
Po spuštění: Volných bajtů: 32,007,954,432
277 --- E O F --- 2008-09-25 14:17:40
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:24, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F40A0-9980-463A-A903-FD3B6C48406C}: NameServer = 85.255.113.91,85.255.112.238
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7714 bytes
ComboFix log:
ComboFix 08-11-22.02 - Martin G 2008-11-23 16:48:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.94 [GMT 1:00]
Spuštěný z: d:\documents and settings\Martin G\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Martin G\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-23 do 2008-11-23 )))))))))))))))))))))))))))))))
.
2008-11-23 15:09 . 2008-11-23 15:09 <DIR> d-------- d:\windows\system32\xircom
2008-11-23 15:09 . 2008-11-23 15:09 <DIR> d-------- d:\program files\microsoft frontpage
2008-11-23 14:23 . 2008-11-23 14:23 61,440 --a------ D:\rmdlagentuj.exe
2008-11-22 19:05 . 2008-11-22 19:05 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Malwarebytes
2008-11-22 19:05 . 2008-10-22 16:10 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-11-22 19:04 . 2008-11-22 19:05 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-11-22 19:04 . 2008-11-22 19:04 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-22 19:04 . 2008-11-22 19:04 2,372,472 --a------ D:\mbam-setup.exe
2008-11-22 19:04 . 2008-10-22 16:10 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 18:27 . 2008-11-22 18:37 <DIR> d-------- D:\fixwareout
2008-11-22 18:27 . 2008-09-20 23:55 486,449 --a------ D:\Fixwareout.exe
2008-11-22 18:27 . 2008-11-22 18:27 460,729 --a------ D:\fwo.zip
2008-11-22 14:27 . 2008-11-22 21:19 <DIR> d-------- D:\Downloads
2008-11-21 19:47 . 2008-11-21 19:47 <DIR> d-------- d:\program files\Webteh
2008-11-20 17:55 . 2008-11-20 17:55 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Thinstall
2008-11-20 17:33 . 2008-11-22 22:23 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\BSplayer PRO
2008-11-18 15:54 . 2008-11-18 16:02 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\vlc
2008-11-18 15:52 . 2008-11-18 15:52 <DIR> d-------- d:\program files\VideoLAN
2008-11-16 15:21 . 2008-11-16 15:21 754 --a------ d:\windows\WORDPAD.INI
2008-11-16 15:19 . 2008-05-30 14:19 507,400 --a------ d:\windows\system32\XAudio2_1.dll
2008-11-16 15:19 . 2008-05-30 14:18 238,088 --a------ d:\windows\system32\xactengine3_1.dll
2008-11-16 15:19 . 2008-05-30 14:17 65,032 --a------ d:\windows\system32\XAPOFX1_0.dll
2008-11-16 15:19 . 2008-05-30 14:17 25,608 --a------ d:\windows\system32\X3DAudio1_4.dll
2008-11-16 15:18 . 2008-05-30 14:11 3,850,760 --a------ d:\windows\system32\D3DX9_38.dll
2008-11-16 15:18 . 2008-05-30 14:11 1,491,992 --a------ d:\windows\system32\D3DCompiler_38.dll
2008-11-16 15:18 . 2008-05-30 14:11 467,984 --a------ d:\windows\system32\d3dx10_38.dll
2008-11-16 15:07 . 2008-11-17 09:35 <DIR> d-------- d:\program files\Steam
2008-11-16 15:07 . 2008-11-16 15:07 <DIR> d-------- d:\program files\Sports Interactive
2008-11-16 12:49 . 2008-11-16 12:49 18,251 --a------ D:\Nickelback___Dark_Horse___2008___320kbps.torrent
2008-11-15 19:37 . 2008-11-15 19:37 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\CyberLink
2008-11-15 19:37 . 2008-11-15 19:38 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\CyberLink
2008-11-15 19:36 . 2008-11-15 19:36 <DIR> d-------- d:\program files\Common Files\CyberLink
2008-11-15 19:34 . 2008-11-15 19:37 <DIR> d-------- d:\program files\CyberLink
2008-11-15 19:31 . 2008-11-16 14:34 29,480 --a------ d:\windows\system32\msxml3a.dll
2008-11-09 14:18 . 2008-11-22 17:24 <DIR> d-------- d:\program files\Metal Gear Solid
2008-11-09 12:06 . 2007-07-02 11:27 338,304 --a------ d:\windows\system32\_AxShlEx.dll
2008-11-09 12:04 . 2008-11-09 12:04 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\SlySoft
2008-11-09 12:03 . 2008-11-09 12:03 24 ---hs---- d:\windows\SE6CEC13C.tmp
2008-11-09 12:02 . 2008-11-09 12:02 <DIR> d-------- d:\program files\SlySoft
2008-11-09 11:57 . 2008-11-09 11:57 <DIR> d-------- d:\program files\Alcohol Soft
2008-11-08 10:26 . 2008-11-08 10:25 1,056,930 --a------ d:\windows\_945.jpg
2008-11-08 09:06 . 2008-11-08 09:06 <DIR> d-------- d:\program files\Common Files\BOONTY Shared
2008-11-08 09:06 . 2008-11-08 09:06 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\BOONTY
2008-11-08 08:32 . 2008-11-08 08:33 <DIR> d-------- d:\program files\Universal Extractor
2008-11-07 16:49 . 2008-11-07 16:49 306,432 --a------ d:\windows\system32\TuneUpDefragService.exe
2008-11-07 16:49 . 2007-12-20 10:41 29,440 --a------ d:\windows\system32\uxtuneup.dll
2008-11-07 16:48 . 2008-11-07 16:48 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\TuneUp Software
2008-11-07 16:47 . 2008-11-07 16:52 <DIR> d-------- d:\program files\TuneUp Utilities 2008
2008-11-06 23:53 . 2008-11-06 23:53 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\vsosdk
2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- d:\program files\Prometheus
2008-11-06 19:14 . 2008-11-06 19:14 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Prometheus
2008-11-06 17:37 . 2008-11-15 09:07 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\Vso
2008-11-06 17:37 . 2008-11-06 17:37 47,360 --a------ d:\windows\system32\drivers\pcouffin.sys
2008-11-06 17:37 . 2008-11-06 17:37 47,360 --a------ d:\documents and settings\Martin G\Data aplikací\pcouffin.sys
2008-11-06 17:36 . 2008-11-06 17:36 <DIR> d-------- d:\program files\VSO
2008-11-06 17:36 . 2004-05-04 12:53 1,645,320 --a------ d:\windows\gdiplus.dll
2008-11-06 17:36 . 2006-05-20 17:16 1,184,984 --a------ d:\windows\system32\wvc1dmod.dll
2008-11-06 17:36 . 2006-05-11 20:21 626,688 --a------ d:\windows\system32\vp7vfw.dll
2008-11-06 17:36 . 2006-09-29 13:24 217,127 --a------ d:\windows\system32\drv43260.dll
2008-11-06 17:36 . 2006-09-29 13:25 208,935 --a------ d:\windows\system32\drv33260.dll
2008-11-06 17:36 . 2006-09-29 13:26 176,165 --a------ d:\windows\system32\drv23260.dll
2008-11-06 17:36 . 2007-03-18 21:37 65,602 --a------ d:\windows\system32\cook3260.dll
2008-11-06 17:10 . 2008-11-06 17:12 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\PSpad
2008-11-06 17:09 . 2008-11-06 17:09 <DIR> d-------- d:\program files\PSPad editor
2008-11-06 16:55 . 2008-11-06 17:00 <DIR> d-------- d:\documents and settings\Martin G\avidemux
2008-11-06 16:07 . 2008-11-06 16:07 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\NeroDigital™
2008-11-02 16:06 . 2008-11-02 16:06 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Sports Interactive
2008-11-02 15:51 . 2008-11-02 15:51 <DIR> d-------- d:\windows\Logs
2008-11-02 13:52 . 2008-11-02 13:52 <DIR> d-------- d:\program files\Collectorz.com
2008-10-30 15:06 . 2008-11-23 15:08 55,386 --a------ d:\windows\system32\oodbs.lor
2008-10-29 11:45 . 2008-10-29 11:45 <DIR> d-------- d:\program files\OO Software
2008-10-28 09:33 . 2008-10-28 09:33 <DIR> d-------- d:\documents and settings\Martin G\Data aplikací\VitySoft
2008-10-27 21:02 . 2008-10-27 21:01 410,976 --a------ d:\windows\system32\deploytk.dll
2008-10-27 21:02 . 2008-10-27 21:01 73,728 --a------ d:\windows\system32\javacpl.cpl
2008-10-27 21:01 . 2008-10-27 21:01 <DIR> d-------- d:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 15:57 106,737,696 --sha-w d:\windows\system32\drivers\fidbox.dat
2008-11-23 14:09 3,873,980 ----a-w d:\windows\Internet Logs\tvDebug.zip
2008-11-23 14:04 1,250,240 --sha-w d:\windows\system32\drivers\fidbox.idx
2008-11-23 13:29 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Orbit
2008-11-22 08:01 847,872 ----a-w d:\windows\Internet Logs\xDB10.tmp
2008-11-21 18:34 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-21 08:12 --------- d-----w d:\program files\Mozilla Firefox3
2008-11-16 14:41 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Sports Interactive
2008-11-16 13:35 --------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2008-11-16 13:34 353,576 ----a-w d:\windows\system32\msvcr71.dll
2008-11-16 11:53 --------- d-----w d:\documents and settings\Martin G\Data aplikací\uTorrent
2008-11-15 12:26 39,936 ----a-w d:\windows\Internet Logs\xDBE.tmp
2008-11-15 12:21 1,460,736 ----a-w d:\windows\Internet Logs\xDBF.tmp
2008-11-14 20:39 57,856 ----a-w d:\windows\Internet Logs\xDBD.tmp
2008-11-13 19:06 176,640 ----a-w d:\windows\Internet Logs\xDBC.tmp
2008-11-10 18:28 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Skype
2008-11-09 19:18 129,536 ----a-w d:\windows\Internet Logs\xDBB.tmp
2008-11-08 16:48 92,160 ----a-w d:\windows\Internet Logs\xDBA.tmp
2008-11-07 22:32 450,048 ----a-w d:\windows\Internet Logs\xDB9.tmp
2008-11-07 19:31 --------- d-----w d:\program files\US Downloader
2008-11-07 15:47 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2008-10-30 19:55 126,464 ----a-w d:\windows\Internet Logs\xDB8.tmp
2008-10-28 21:50 2,634,752 ----a-w d:\windows\Internet Logs\xDB7.tmp
2008-10-20 13:53 --------- d-----w d:\documents and settings\Martin G\Data aplikací\Hamachi
2008-10-19 09:10 --------- d-----w d:\program files\DkZ Studio
2008-10-16 15:05 25,280 ----a-w d:\windows\system32\drivers\hamachi.sys
2008-10-16 15:05 --------- d-----w d:\program files\Hamachi
2008-10-16 14:30 --------- d-----w d:\documents and settings\Martin G\Data aplikací\skypePM
2008-10-11 06:18 --------- d-----w d:\program files\Mp3 Knife
2008-10-09 16:21 --------- d-----w d:\program files\ICQ6
2008-10-08 15:14 --------- d-----w d:\program files\AIMP2
2008-10-05 16:51 --------- d-----w d:\program files\DOSBox-0.63
2008-10-02 16:10 --------- d-----w d:\program files\SopCast
2008-09-29 14:51 --------- d-----w d:\program files\Orbitdownloader
2008-09-28 08:21 98,304 ----a-w d:\windows\system32\CmdLineExt.dll
2008-09-23 13:33 --------- d-----w d:\program files\FreeRapid-0.5
2008-09-04 04:58 894,208 ----a-w d:\windows\system32\oodtrrs.dll
2008-09-02 09:46 556,544 ----a-w d:\windows\Internet Logs\xDB4.tmp
2008-09-02 09:46 1,281,024 ----a-w d:\windows\Internet Logs\xDB5.tmp
2008-09-02 09:43 1,280,512 ----a-w d:\windows\Internet Logs\xDB6.tmp
2008-09-01 07:59 2,678,272 ----a-w d:\windows\Internet Logs\xDB1.tmp
2008-09-01 07:59 1,687,552 ----a-w d:\windows\Internet Logs\xDB2.tmp
2008-08-31 19:32 1,687,040 ----a-w d:\windows\Internet Logs\xDB3.tmp
2008-08-23 16:22 43,520 ----a-w d:\windows\system32\CmdLineExt03.dll
2006-05-03 09:06 163,328 --sh--r d:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r d:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w d:\windows\system32\Smab0.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ d:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2008-06-21 949376]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"nwiz"="nwiz.exe" [2007-12-05 d:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-01-28 d:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
d:\documents and settings\Martin G\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= d:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= d:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= d:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=d:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Martin G^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=d:\documents and settings\Martin G\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=d:\windows\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Appwarp]
--a------ 2001-09-08 00:11 297472 d:\progra~1\REMI-S~1\APPLIC~1\ApplicationWarp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-08-08 10:16 91432 d:\program files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 d:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 13:05 486856 d:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 d:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 d:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 d:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-09-26 18:39 1410296 d:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-30 15:34 185896 d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NeroRegInCDSrv"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"InCDsrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Hry\\Football manager 2008\\fm.exe"=
"d:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Paradox Entertainment\\Hearts of Iron\\HoI.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"d:\\Hry\\Football Manager 2009\\fm.exe"=
R0 hotcore2;hotcore2;d:\windows\system32\drivers\hotcore2.sys [2008-02-23 30808]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\d:\program files\CyberLink\PowerDVD8\000.fcl [2008-08-08 10:15:56 41456]
R2 UxTuneUp;TuneUp Theme Extension;d:\windows\System32\svchost.exe -k netsvcs [2004-08-17 14336]
R3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);d:\windows\system32\DRIVERS\k510bus.sys [2008-04-09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;d:\windows\system32\DRIVERS\k510mdfl.sys [2008-04-09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;d:\windows\system32\DRIVERS\k510mdm.sys [2008-04-09 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);d:\windows\system32\DRIVERS\k510mgmt.sys [2008-04-09 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;d:\windows\system32\DRIVERS\k510obex.sys [2008-04-09 83344]
S3 tap0901_2gm;VPN Anonymizer Adapter;d:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;d:\windows\System32\TuneUpDefragService.exe [2008-11-07 306432]
S4 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
2008-11-21 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
2008-08-09 d:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 16:56:16
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1004)
d:\windows\system32\rsaenh.dll
d:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1060)
d:\windows\system32\msprivs.dll
d:\windows\system32\rsaenh.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2240)
d:\windows\system32\rsaenh.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
.
Celkový čas: 2008-11-23 17:02:21
ComboFix-quarantined-files.txt 2008-11-23 16:02:11
ComboFix2.txt 2008-11-23 14:18:09
Před spuštěním: Volných bajtů: 32 037 855 232
Po spuštění: Volných bajtů: 32,007,954,432
277 --- E O F --- 2008-09-25 14:17:40
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:24, on 23.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F40A0-9980-463A-A903-FD3B6C48406C}: NameServer = 85.255.113.91,85.255.112.238
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7714 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu-pomalý start PC
Najdi a smaž:
D:\fixwareout
D:\Fixwareout.exe
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Je to tam zase....
Fix v HJT:
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Ještě zkus toto:
Ewido Removal Tool
Pak nový log z HJT...
D:\fixwareout
D:\Fixwareout.exe
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Je to tam zase....
Fix v HJT:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F40A0-9980-463A-A903-FD3B6C48406C}: NameServer = 85.255.113.91,85.255.112.238vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Ještě zkus toto:
Ewido Removal Tool
Pak nový log z HJT...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu-pomalý start PC
Kód: Vybrat vše
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F40A0-9980-463A-A903-FD3B6C48406C}: NameServer = 85.255.113.91,85.255.112.238 Tady tohle fixnout nemůžu protože mi vždycky potom když to smažu nejde net..
Jinak sem všechno udělal tak jak sem měl jen: Když sem chtěl spustit ten Ewido Removal Tool tak se mi napsalo že mám restartovat PC,udělal sem tak ale po startu PC se dlouho nic nezaplo a když sem ten program chtěl zapnout vlastnoručně tak to vůbec nejde...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu-pomalý start PC
Stahni jsi Avanger
do nej podle navodu: http://www.viry.cz/forum/viewtopic.php?t=19832%20.
zadej prikaz z kodu:
Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis
do nej podle navodu: http://www.viry.cz/forum/viewtopic.php?t=19832%20.
zadej prikaz z kodu:
Kód: Vybrat vše
Files to delete:
d:\windows\SE6CEC13C.tmp
d:\windows\_945.jpg
Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu-pomalý start PC
Avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "d:\windows\SE6CEC13C.tmp" deleted successfully.
File "d:\windows\_945.jpg" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:21, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F40A0-9980-463A-A903-FD3B6C48406C}: NameServer = 85.255.113.91,85.255.112.238
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7522 bytes
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "d:\windows\SE6CEC13C.tmp" deleted successfully.
File "d:\windows\_945.jpg" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:21, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Mixer.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF6F40A0-9980-463A-A903-FD3B6C48406C}: NameServer = 85.255.113.91,85.255.112.238
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7522 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu-pomalý start PC
Net si potom musíš nastavit ručně, Ty servery jsou ukrajinské- zavirované, musejí pryč.
Aplikuj znovu Fixwareout . Poté nový log z HJT.
Aplikuj znovu Fixwareout . Poté nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu-pomalý start PC
jaro3 píše:Net si potom musíš nastavit ručně, Ty servery jsou ukrajinské- zavirované, musejí pryč.
Aplikuj znovu Fixwareout . Poté nový log z HJT.
Jak nastavit ručně-nějak sem nepochopil....
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu-pomalý start PC
Myslím DNS ručně,nastavit podle Tvého providera, stále se Ti to tam přepisuje ukr.servery. Ten Fixwareout znovu aplikuj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 72 hostů