Prosím o kontrolu logu a pomoc trojan

[mattz]

Soubor tskerxag.exe přijatý 2008.11.20 16:15:57 (CET)
Současný stav: Dokončeno

Výsledek: 5/36 (13.89%)
Formátované Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.20.3 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 ADSPY/AdSpy.Gen
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.19 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.20 Win32.Adware.Vapsup.4
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 -
Fortinet 3.117.0.0 2008.11.20 -
GData 19 2008.11.20 -
Ikarus T3.1.1.45.0 2008.11.20 Trojan.Win32.Small.ZZB
K7AntiVirus 7.10.528 2008.11.19 -
Kaspersky 7.0.0.125 2008.11.20 -
McAfee 5439 2008.11.19 -
Microsoft 1.4104 2008.11.20 Trojan:Win32/Small.ZZB
NOD32 3627 2008.11.20 -
Norman 5.80.02 2008.11.19 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.20 -
Rising 21.04.32.00 2008.11.20 -
SecureWeb-Gateway 6.7.6 2008.11.20 Ad-Spyware.AdSpy.Gen
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.20 -
VBA32 3.12.8.9 2008.11.19 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.19 -
Rozšiřující informace
File size: 102400 bytes
MD5...: 88ca1dcba7ebf41ee4f6143e5d166bf7
SHA1..: 196e1240d9e8116958627b9e138f8012231f86ae
SHA256: 0942991e4352c7f2df1ec29fe995da14d37a0207bbbd31ae8b8d5454435b70f6
SHA512: b8ed5ef132c42d3f7b28d9575b1e2a4bd606cd00510defc2bc9f86a933085bfb
60e958c4a791cf2dfa95e302a184f25bf942d0161a10090ceaa1e14c20ef5b2e
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40389e
timedatestamp.....: 0x4921f27a (Mon Nov 17 22:38:50 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe758 0xf000 6.35 572464b66d848e8fc2a45e2f17c3a697
.rdata 0x10000 0x53b0 0x6000 4.77 bf964596606646a552921082d5a97500
.data 0x16000 0x2e24 0x2000 1.53 9791894b2cecd05c72c9f9d099f00337
.rsrc 0x19000 0xb0 0x1000 3.06 b13f3a0bdd96ee4d6b11fda6feb6b107

( 1 imports )
> KERNEL32.dll: LoadLibraryW, FreeLibrary, TerminateProcess, GetProcAddress, CloseHandle, SetLastError, GetCurrentProcessId, GetLastError, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, RaiseException, RtlUnwind, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, MultiByteToWideChar, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, ExitProcess, DeleteCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, Sleep, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringA, WideCharToMultiByte, LCMapStringW, WriteFile, GetModuleFileNameA, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, HeapSize, LoadLibraryA, InitializeCriticalSection, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetFilePointer, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, DebugBreak, GetModuleFileNameW, VirtualQuery

( 0 exports )

[Reklama]

[mattz]

Soubor hppins09.dat přijatý 2008.11.28 13:24:12 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/37 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 55 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 -
BitDefender 7.2 2008.11.28 -
CAT-QuickHeal 10.00 2008.11.28 -
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.28 -
Fortinet 3.117.0.0 2008.11.28 -
GData 19 2008.11.28 -
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 -
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.42.00 2008.11.28 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1490 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 -
Rozšiřující informace
File size: 172033 bytes
MD5...: c7c4500bd578479b431260afb38dc43b
SHA1..: 21d872bfe31fdc0131bb66c7f1a0136f0a25b5c2
SHA256: 91f79ca13447c7e20374bccf15f6232bd837b507f085544f2e83ca4c5810c91c
SHA512: 93c8f01ddf5cb00217e0000ea5b856dce49eac8f7c14db895baa1f607577545b
a580d1b2e4b7f1136999e61702f8649ae07a70de9cbe39ee318815ffa026745d

ssdeep: 3072:YsUhMHUl6ipWPG9hpyVDnmrk1+rAZFwGOiDvtDvN0p:RUl6ipWPG9yFa

PEiD..: -
TrID..: File type identification
Autorun.inf file (91.6%)
Generic INI configuration (8.3%)
PEInfo: -

[mattz]

Soubor hppmdl09.dat přijatý 2008.11.28 13:27:11 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/37 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 5.
Odhadovaný čas začátku mezi 70 a 100 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 -
BitDefender 7.2 2008.11.28 -
CAT-QuickHeal 10.00 2008.11.28 -
ClamAV 0.94.1 2008.11.28 -
DrWeb 4.44.0.09170 2008.11.28 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.28 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.28 -
Fortinet 3.117.0.0 2008.11.28 -
GData 19 2008.11.28 -
Ikarus T3.1.1.45.0 2008.11.28 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.28 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.28 -
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.28 -
Panda 9.0.0.4 2008.11.28 -
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.42.00 2008.11.28 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.28 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.28 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.28.1490 2008.11.28 -
VirusBuster 4.5.11.0 2008.11.27 -
Rozšiřující informace
File size: 3425 bytes
MD5...: f013c8b1654ed197bf3ab99e0f0fc43c
SHA1..: c725c1fa84f685ed4e2d03641ec11aeb06824fbe
SHA256: ad7f0b9bb80871346cccb50468bda13c505095dec9a416ce1ec9066477909601
SHA512: 697bb4a93aeeb763b4c111f544bf982362a2438f872fd638ed7d5b679dd378d5
9b21edb7d50898a0212f4e8d348b105f26b8a05eefb9c564b94097d0d2f72332

ssdeep: 48:/M08xZd5Z3CBSWam3Czfl3CqkG3CwaoP3C9R7zqJ7UE3C68Bf3OMQQSQ35:/i
xX5lWSWdcfJZkAdaofqnuNv8dOMQpG

PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -

[mattz]

Soubor NIRCMD.exe přijatý 2008.11.28 03:10:32 (CET)
Současný stav: Dokončeno

Výsledek: 6/37 (16.22%)
Formátované Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 - - -
AntiVir - - APPL/NirCmd.E.2.B
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - potentially unwanted program Tool-NirCmd
McAfee+Artemis - - potentially unwanted program Tool-NirCmd
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - Riskware.NirCmd.E.2.B
Sophos - - NirCmd
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Rozšiřující informace
MD5: 53aa0f904ff1370b7792c0044549ef1f
SHA1: ac3957738117f9987683d95f0726e21d60788aab
SHA256: 04943e39b8434a98cfd1b858cd5926f5a6a4bd54fefed77cb8a1476a1a787800
SHA512: da5dc8ef761d10683b68925484c59ae3a6e9eecfcd933d8ae5421d498c59e99f87eb17edd29c6b9e8ad59e72e328a408fd317aac7e277e000dc8fa9740e1b11c

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\tskerxag.exe
c:\windows\sed.exe
c:\windows\system32\Drivers\mqV83.sys
c:\windows\system32\Drivers\quY15.sys
c:\windows\system32\Drivers\ydH50.sys
c:\windows\NIRCMD.exe
c:\windows\Nircmd.exe

Folder::
C:\SDFix

Driver::
mqV83.sys
quY15.sys
ydH50.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[mattz]

ComboFix 08-11-27.07 - Strih 2008-11-28 14:57:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1392 [GMT 1:00]
Spuštěný z: c:\documents and settings\Strih\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Strih\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


FILE ::
c:\windows\Nircmd.exe
c:\windows\sed.exe
c:\windows\system32\Drivers\mqV83.sys
c:\windows\system32\Drivers\quY15.sys
c:\windows\system32\Drivers\ydH50.sys
c:\windows\tskerxag.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\backups.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
c:\windows\Nircmd.exe
c:\windows\sed.exe
c:\windows\tskerxag.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-28 do 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 17:59 . 2008-11-27 18:00 <DIR> d-------- c:\windows\ERUNT
2008-11-27 14:52 . 2008-11-27 14:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 14:52 . 2008-11-27 14:52 <DIR> d-------- c:\documents and settings\Strih\Data aplikací\Malwarebytes
2008-11-27 14:52 . 2008-11-27 14:52 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-27 14:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-27 14:52 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-24 21:05 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2008-11-24 20:49 . 2008-11-24 20:49 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ESET
2008-11-24 20:33 . 2008-11-24 20:33 <DIR> d-------- c:\documents and settings\Strih\Data aplikací\ESET
2008-11-24 20:32 . 2008-11-24 21:27 <DIR> d-------- c:\program files\ESET
2008-11-24 13:00 . 2008-11-24 13:00 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-24 13:00 . 2008-11-24 13:00 1,409 --a------ c:\windows\QTFont.for
2008-11-20 19:33 . 2008-11-20 19:33 <DIR> d-------- c:\windows\system32\windows media
2008-11-20 19:33 . 2008-11-20 19:33 <DIR> d-------- c:\program files\Windows Media Components
2008-11-18 22:24 . 2008-11-18 22:24 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-18 21:59 . 2008-11-18 21:59 <DIR> d-------- c:\program files\Bonjour
2008-11-18 21:52 . 2008-11-18 21:52 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-18 21:21 . 2008-11-18 21:21 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-13 21:19 . 2008-11-13 21:19 <DIR> d-------- c:\program files\Seagate
2008-11-13 21:19 . 2008-11-13 21:19 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Seagate
2008-11-13 21:18 . 2008-11-13 21:18 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-08 22:15 . 2008-11-08 22:15 <DIR> d-------- c:\program files\Sports Interactive
2008-11-08 22:13 . 2008-11-19 11:32 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-08 22:12 . 2008-11-08 22:13 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-08 22:09 . 2008-11-08 22:09 <DIR> d-------- c:\documents and settings\Strih\Data aplikací\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 13:50 --------- d-----w c:\documents and settings\Strih\Data aplikací\Skype
2008-11-28 08:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\HPSSUPPLY
2008-11-27 17:12 --------- d-----w c:\documents and settings\Strih\Data aplikací\skypePM
2008-11-27 14:08 --------- d-----w c:\program files\ICQToolbar
2008-11-24 23:36 --------- d-----w c:\program files\Common Files\LogiShrd
2008-11-24 23:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\Logishrd
2008-11-24 20:05 --------- d-----w c:\documents and settings\Strih\Data aplikací\uTorrent
2008-11-21 18:27 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-11-20 17:20 --------- d-----w c:\program files\KAO the Kangaroo
2008-11-18 20:59 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 20:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 21:09 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-27 11:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2008-10-27 11:32 --------- d-----w c:\program files\Nokia
2008-10-27 11:32 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-27 11:32 --------- d-----w c:\program files\Common Files\Nokia
2008-10-27 11:31 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 09:53 --------- d-----w c:\documents and settings\Strih\Data aplikací\ICQ Toolbar
2008-10-21 08:09 --------- d-----w c:\documents and settings\Strih\Data aplikací\Sony
2008-10-15 17:00 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-02 16:02 --------- d-----w c:\program files\SopCast
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-28 16:29 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-05-19 16:28 232,424 ----a-w c:\documents and settings\Strih\Data aplikací\GDIPFONTCACHEV1.DAT
2008-05-18 21:28 22,328 ----a-w c:\documents and settings\Strih\Data aplikací\PnkBstrK.sys
2007-12-26 11:27 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-11-27_21.04.41.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 12:59:42 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 09:41:40 16,760 ------w c:\windows\system32\spmsg.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"MS Shell Services"="c:\windows\system32\rundll32.exe" [2006-03-02 33280]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MS Shell Services"="c:\windows\system32\rundll32.exe" [2006-03-02 33280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"PSDrvCheck"="c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe" [2003-03-10 393728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-12 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 185896]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-28 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-08 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-13 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= RALCodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDVC"= cdvccodc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mqV83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\quY15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swB37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydH50.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"c:\\Program Files\\Pinnacle\\Edition 5\\Program\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Edition 5\\Program\\studiou.mod"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Strih\\Plocha\\sdc221\\StrongDC.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Windows Media Format SDK (wmenc.exe)

R1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2007-12-05 10368]
R1 cdrport;cdrport;c:\windows\system32\DRIVERS\cdrport.sys [2007-12-05 4608]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 hlp;FAST HLP Driver;c:\windows\system32\Drivers\Hlp.Sys [2007-10-12 94964]
R2 FreeAgentGoNext Service;Seagate Service;"c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [2008-07-30 161064]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-10-26 69120]
S0 mqV83;mqV83;c:\windows\system32\Drivers\mqV83.sys []
S0 quY15;quY15;c:\windows\system32\Drivers\quY15.sys []
S0 swB37;swB37;c:\windows\system32\Drivers\swB37.sys []
S0 ydH50;ydH50;c:\windows\system32\Drivers\ydH50.sys []
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2008-06-11 17432]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-18 27904]
S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\DRIVERS\WebSTAR.sys [2007-10-12 15417]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{726ff5bc-6ec8-11dd-9067-001a4d4b242a}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{740c38b0-251e-11dd-8fc8-001a4d4b242a}]
\Shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - g:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{860d9cb5-9214-11dc-8e65-00407b6f4a0f}]
\Shell\AutoRun\command - F:\Liquid.Setup.EXE

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 14:58:31
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2008-11-28 14:59:09
ComboFix-quarantined-files.txt 2008-11-28 13:58:54
ComboFix2.txt 2008-11-27 20:04:58
ComboFix3.txt 2008-05-21 11:24:06

Před spuštěním: Volných bajtů: 32 151 248 896
Po spuštění: Volných bajtů: 32,224,886,784

315 --- E O F --- 2008-11-27 23:57:02

[mattz]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:47, on 28.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.11.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PSDrvCheck] "c:\program files\pinnacle\edition 5\program\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MS Shell Services] C:\WINDOWS\system32\rundll32.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunServices: [MS Shell Services] C:\WINDOWS\system32\rundll32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2208343271
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3125853750
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC04B80-51FB-4C14-888C-920F2AB76705}: NameServer = 192.168.17.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9547 bytes

[jaro3]

Ještě jeden script v CF:

Kód: Vybrat vše

File::
c:\windows\system32\Drivers\mqV83.sys
c:\windows\system32\Drivers\quY15.sys
c:\windows\system32\Drivers\ydH50.sys
c:\windows\system32\Drivers\swB37.sys


Driver::
mqV83
quY15
ydH50
swB37

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mqV83.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\quY15.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swB37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ydH50.sys]

Pošli jen log z CF, budeme stejně muset asi použít Avenger..