kontrola snad dobrého logu

[vitecek.]

Soubor HideWin.exe přijatý 2009.05.28 08:57:33 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.28 -
AhnLab-V3 5.0.0.2 2009.05.28 -
AntiVir 7.9.0.180 2009.05.28 -
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.28 -
Avast 4.8.1335.0 2009.05.27 -
AVG 8.5.0.339 2009.05.27 -
BitDefender 7.2 2009.05.28 -
CAT-QuickHeal 10.00 2009.05.28 -
ClamAV 0.94.1 2009.05.28 -
Comodo 1207 2009.05.27 -
DrWeb 5.0.0.12182 2009.05.28 -
eSafe 7.0.17.0 2009.05.27 -
eTrust-Vet 31.6.6525 2009.05.28 -
F-Prot 4.4.4.56 2009.05.28 -
F-Secure 8.0.14470.0 2009.05.28 -
Fortinet 3.117.0.0 2009.05.28 -
GData 19 2009.05.28 -
Ikarus T3.1.1.57.0 2009.05.28 -
K7AntiVirus 7.10.746 2009.05.27 -
Kaspersky 7.0.0.125 2009.05.28 -
McAfee 5628 2009.05.27 -
McAfee+Artemis 5628 2009.05.27 -
McAfee-GW-Edition 6.7.6 2009.05.28 Win32.LooksLike.Virut
Microsoft 1.4701 2009.05.28 -
NOD32 4111 2009.05.28 -
Norman 6.01.05 2009.05.27 -
nProtect 2009.1.8.0 2009.05.28 -
Panda 10.0.0.14 2009.05.28 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.28 -
Rising 21.31.21.00 2009.05.27 -
Sophos 4.42.0 2009.05.28 -
Sunbelt 3.2.1858.2 2009.05.28 -
Symantec 1.4.4.12 2009.05.28 -
TheHacker 6.3.4.3.333 2009.05.28 -
TrendMicro 8.950.0.1092 2009.05.28 -
VBA32 3.12.10.6 2009.05.27 -
ViRobot 2009.5.28.1758 2009.05.28 -
VirusBuster 4.6.5.0 2009.05.27 -

[Reklama]

[vitecek.]

tady je log druheho souboru. log z combofixu po apklikaci CFScriptu a z HJT odpoledne

Soubor U1_Setup.exe přijatý 2009.05.28 09:09:08 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.05.28 -
AhnLab-V3 5.0.0.2 2009.05.28 -
AntiVir 7.9.0.180 2009.05.28 -
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.28 -
Avast 4.8.1335.0 2009.05.27 -
AVG 8.5.0.339 2009.05.27 -
BitDefender 7.2 2009.05.28 -
CAT-QuickHeal 10.00 2009.05.28 -
ClamAV 0.94.1 2009.05.28 -
Comodo 1210 2009.05.28 -
DrWeb 5.0.0.12182 2009.05.28 -
eSafe 7.0.17.0 2009.05.27 Suspicious File
eTrust-Vet 31.6.6526 2009.05.28 -
F-Prot 4.4.4.56 2009.05.28 -
F-Secure 8.0.14470.0 2009.05.28 -
Fortinet 3.117.0.0 2009.05.28 -
GData 19 2009.05.28 -
Ikarus T3.1.1.57.0 2009.05.28 -
K7AntiVirus 7.10.746 2009.05.27 -
Kaspersky 7.0.0.125 2009.05.28 -
McAfee 5628 2009.05.27 -
McAfee+Artemis 5628 2009.05.27 -
McAfee-GW-Edition 6.7.6 2009.05.28 -
Microsoft 1.4701 2009.05.28 -
NOD32 4111 2009.05.28 -
Norman 6.01.05 2009.05.27 -
nProtect 2009.1.8.0 2009.05.28 -
Panda 10.0.0.14 2009.05.28 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.28 -
Rising 21.31.21.00 2009.05.27 -
Sophos 4.42.0 2009.05.28 -
Sunbelt 3.2.1858.2 2009.05.28 -
Symantec 1.4.4.12 2009.05.28 -
TheHacker 6.3.4.3.333 2009.05.28 -
TrendMicro 8.950.0.1092 2009.05.28 -
VBA32 3.12.10.6 2009.05.27 -
ViRobot 2009.5.28.1758 2009.05.28 -
VirusBuster 4.6.5.0 2009.05.27 -

[Damned]

No a znáš tyto soubory? Víš k čemu patří?

[vitecek.]

neznám tyto soubory a nevím k čemu patří

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:16, on 28.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\eeectl_0.2.4\eeectl.exe
D:\programy\lama10\Lama1.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-4260098610-726476409-1454328811-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - eeectl.lnk = C:\Program Files\eeectl_0.2.4\eeectl.exe
O4 - Startup: Zástupce - Lama1.lnk = D:\programy\lama10\Lama1.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 3348391609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3348374937
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9905d16363c82) (gupdate1c9905d16363c82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9319 bytes

[vitecek.]

log z combofixu

ComboFix 09-05-26.05 - vitek 28.05.2009 17:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1418 [GMT 2:00]
Spuštěný z: c:\documents and settings\vitek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vitek\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\4173209304.dat"
"c:\windows\system32\drivers\avgntflt.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\4173209304.dat
c:\windows\system32\drivers\avgntflt.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-28 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 12:21 . 2010-07-09 12:21 -------- d-----w c:\program files\Skype
2010-07-09 12:20 . 2010-07-09 12:20 -------- d-----w c:\program files\InterVideo
2010-07-09 12:19 . 2010-07-09 12:19 -------- d-----w c:\program files\Common Files\InterVideo
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\RALINK
2010-07-09 11:59 . 2010-07-09 11:59 -------- d-----w c:\program files\EeePC
2010-07-09 11:56 . 2010-07-09 11:56 315392 ----a-w c:\windows\HideWin.exe
2010-07-09 11:53 . 2010-07-09 11:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2010-07-09 11:50 . 2010-07-09 11:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2010-07-09 11:42 . 2010-07-09 11:21 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-09 11:42 . 2010-07-09 11:21 2378 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-07-09 11:40 . 2010-07-09 11:21 8972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-07-09 11:22 . 2010-07-09 11:22 -------- d-----w c:\program files\microsoft frontpage
2010-07-09 11:19 . 2010-07-09 11:19 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-28 13:31 . 2009-01-05 21:31 -------- d-----w c:\program files\SopCast
2009-05-28 13:21 . 2009-05-28 13:20 -------- d-----w c:\program files\TVAnts
2009-05-26 16:21 . 2008-07-07 17:20 82840 ----a-w c:\windows\system32\perfc005.dat
2009-05-26 16:21 . 2008-07-07 17:20 437574 ----a-w c:\windows\system32\perfh005.dat
2009-05-26 15:37 . 2009-05-26 15:37 -------- d-----w c:\program files\MSXML 4.0
2009-05-25 22:45 . 2009-05-25 22:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 21:57 . 2009-05-25 21:57 -------- d-----w c:\program files\Trend Micro
2009-05-25 19:00 . 2009-05-25 16:44 -------- d-----w c:\program files\ESET
2009-05-25 18:01 . 2009-05-25 17:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 17:31 . 2009-04-11 22:55 -------- d-----w c:\program files\Spyware Doctor
2009-05-25 17:00 . 2009-05-25 17:00 -------- d-----w c:\program files\Data0.Net Software
2009-05-25 16:25 . 2009-05-25 16:25 2944 ---ha-w c:\windows\system32\drivers\dciiodrv.sys
2009-05-24 14:42 . 2008-11-27 23:19 -------- d-----w c:\program files\Call of Duty
2009-05-22 14:22 . 2009-05-22 14:22 -------- d-----w c:\program files\eeectl_0.2.4
2009-05-22 12:32 . 2009-05-22 12:32 -------- d-----w c:\program files\XNote Stopwatch
2009-05-16 14:22 . 2010-07-09 12:01 -------- d-----w c:\program files\Asus
2009-05-16 08:19 . 2008-11-08 16:17 -------- d-----w c:\program files\Google
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w c:\windows\system32\drivers\eamon.sys
2009-05-08 10:56 . 2009-02-15 20:58 -------- d-----w c:\program files\FreeMind
2009-05-06 22:19 . 2009-04-10 10:14 -------- d-----w c:\program files\PartyGaming
2009-05-05 17:11 . 2009-04-11 22:59 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-05 17:11 . 2009-04-11 22:59 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-05 17:10 . 2009-04-11 22:55 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 07:58 . 2009-05-02 19:56 -------- d-----w c:\program files\JLC's Software
2009-05-02 22:20 . 2008-12-13 13:57 -------- d-----w c:\program files\Bytescout PPT To PDF Scout
2009-04-30 06:05 . 2009-04-06 17:52 -------- d-----w c:\program files\PopTray
2009-04-29 23:27 . 2009-04-29 23:27 -------- d-----w c:\program files\IMDecoder
2009-04-29 23:22 . 2010-07-09 11:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 22:56 . 2009-04-11 22:55 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-11 16:44 . 2009-04-04 22:35 -------- d-----w c:\program files\Full Tilt Poker
2009-04-11 16:41 . 2009-02-16 08:25 -------- d-----w c:\program files\PokerStars
2009-04-09 21:35 . 2009-04-09 21:33 -------- d-----w c:\program files\ParadisePoker
2009-04-08 21:25 . 2009-04-08 21:25 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-06 13:32 . 2009-05-25 22:45 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-25 22:45 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-04-05 20:23 . 2009-04-05 20:23 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-05 20:16 . 2009-04-05 20:16 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-04-05 20:16 . 2009-04-05 20:16 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-04-05 20:16 . 2009-04-05 20:16 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-04-05 20:15 . 2008-10-20 21:21 -------- d-----w c:\program files\Sony Ericsson
2009-04-05 19:57 . 2009-04-05 19:57 -------- d-----w c:\program files\Avanquest update
2009-04-02 18:16 . 2009-04-02 17:55 -------- d-----w c:\program files\BrainWave Generator
2009-04-02 13:49 . 2010-07-09 12:15 -------- d-----w c:\program files\Java
2009-03-09 03:19 . 2008-11-30 23:06 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2008-07-07 17:20 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-07-07 17:20 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-07-07 17:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-07-07 17:20 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-07-07 17:20 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-07-07 17:20 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-07-07 17:20 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-07-07 17:20 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-07-07 17:20 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-07-07 17:20 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:23 . 2008-07-07 17:20 284160 ----a-w c:\windows\system32\pdh.dll
2008-05-07 14:34 . 2010-07-09 12:21 15523560 ----a-w c:\program files\U1 Setup.exe
2009-04-03 09:29 . 2009-02-13 21:29 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Data0.Net Software ----

2009-05-25 17:01 . 2009-05-25 17:01 118 ----a-w c:\program files\Data0.Net Software\Portable Antivirus\setto.set
2009-05-25 17:35 . 2009-05-25 17:35 11 ----a-w c:\program files\Data0.Net Software\Portable Antivirus\~tmp11.tmp


((((((((((((((((((((((((((((( SnapShot@2009-05-27_22.54.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 13:12 . 2009-05-28 13:12 16384 c:\windows\Temp\Perflib_Perfdata_27c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\vitek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-04-03 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vitek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - eeectl.lnk - c:\program files\eeectl_0.2.4\eeectl.exe [2009-5-22 31232]
Z stupce - Lama1.lnk - d:\programy\lama10\Lama1.exe [2009-1-17 513024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-11-3 116224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\vitek\\Plocha\\Between_v5\\Between.exe"=
"c:\\Program Files\\Asus\\EeePC\\Super Hybrid Engine\\SuperHybridEngine.exe"=
"d:\\programy\\Dark Room 0.8b\\DarkRoom.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsTray.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsAcpiSvr.exe"=
"c:\\Program Files\\EeePC\\ACPI\\AsEPCMon.exe"=
"c:\\Program Files\\Elantech\\ETDCtrl.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\VirtuaWin\\VirtuaWin.exe"=
"c:\\Program Files\\eeectl_0.2.4\\eeectl.exe"=
"d:\\programy\\lama10\\Lama1.exe"=
"c:\\Program Files\\VirtuaWin\\modules\\WinList.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\PSPad editor\\PSPad.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Google\\Google Desktop Search\\pdftotext.exe"=
"c:\\Program Files\\Call of Duty\\CoDSP.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\alcohol__.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\vitek\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12.4.2009 0:55 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12.4.2009 0:59 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12.4.2009 0:59 39200]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12.4.2009 0:56 159600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19.9.2008 4:03 65536]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [9.7.2010 13:59 11264]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [25.5.2009 18:25 2944]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [21.5.2008 13:20 25088]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [17.5.2008 18:19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [9.7.2010 13:59 616704]
S2 gupdate1c9905d16363c82;Služba Google Update (gupdate1c9905d16363c82);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 19:36 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [28.1.2009 3:35 17432]
S3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\drivers\BDA_Capture_225.sys [19.11.2008 13:41 17152]
S3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\drivers\BDA_Loader_225.sys [19.11.2008 13:40 18944]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.4.2009 22:16 13224]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.2.2009 23:29 30192]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12.4.2009 0:55 64392]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [13.12.2008 18:42 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [13.12.2008 18:42 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [13.12.2008 18:42 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [13.12.2008 18:42 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [13.12.2008 18:42 100008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12.4.2009 0:55 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12.4.2009 0:59 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 17:00]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mail.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\
FF - prefs.js: browser.search.selectedEngine - Mapy
FF - prefs.js: browser.startup.homepage - google.cz
FF - component: c:\documents and settings\vitek\Data aplikací\Mozilla\Firefox\Profiles\05ihexgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 17:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4260098610-726476409-1454328811-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25030E83-CDA0-4CBC-9B34-4A35E15C2D43}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eamlohlkeg"=hex:66,61,63,6d,6a,68,69,65,68,63,62,68,00,31
"dabljjpg"=hex:64,62,61,6a,64,61,61,6f,6b,63,65,66,6b,66,61,6c,61,65,70,6e,69,
61,6a,61,67,6c,6f,64,6f,62,64,62,61,63,63,70,70,67,6f,68,00,00
"iaejnbgjhnncglbhed"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,00
"hakjdpjfgmfnjfjj"=hex:6a,61,68,68,64,67,62,6b,69,6b,6d,69,63,66,6a,63,66,6e,
6d,61,00,e0
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1184)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Celkový čas: 2009-05-28 17:31
ComboFix-quarantined-files.txt 2009-05-28 15:31
ComboFix2.txt 2009-05-27 22:58

Před spuštěním: 8 403 083 264
Po spuštění: 8 698 093 568

295

[Damned]

Odinstaluj ještě toto: Data0.Net Software.