ComboFix 10-01-14.06 - NOK73 15.01.2010 15:43:52.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.645 [GMT 1:00]
Spuštěný z: c:\documents and settings\NOK73\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.
2010-01-15 13:37 . 2010-01-15 13:37 -------- d-----w- C:\_OTL
2010-01-15 11:07 . 2007-05-16 08:41 29704 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-15 11:07 . 2010-01-15 11:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-01-15 11:06 . 2010-01-15 11:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 14:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 14:21 . 2010-01-14 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 14:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 04:38 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 01:04 . 2010-01-13 01:04 -------- d-----w- c:\program files\SiteRanker
2010-01-13 01:04 . 2010-01-13 01:04 -------- d-----w- c:\program files\Inbox Toolbar
2010-01-13 00:42 . 2010-01-14 01:29 -------- d-----w- c:\program files\WinClamAVShield
2010-01-13 00:23 . 2010-01-14 16:24 -------- d-----w- c:\program files\Crawler
2010-01-13 00:23 . 2010-01-13 00:23 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-13 00:23 . 2010-01-13 14:29 -------- d-----w- c:\program files\Spyware Terminator
2010-01-12 22:48 . 2010-01-12 22:48 -------- d-----w- c:\program files\Trend Micro
2010-01-12 13:08 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-12 13:08 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-12 12:58 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-12 12:56 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-12 12:56 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-12 12:56 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-12 12:56 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-12 12:56 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-12 12:56 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-02 19:48 . 2010-01-02 19:48 -------- d-----w- C:\SKRYTY
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:08 . 2009-04-08 18:27 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 07:03 . 2006-03-02 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 07:03 . 2006-03-02 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 02:25 . 2009-04-08 17:33 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer
2010-01-12 12:58 . 2010-01-12 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-12 12:58 . 2010-01-12 12:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-12 12:56 . 2009-05-03 11:22 -------- d-----w- c:\program files\Nokia
2009-12-08 16:35 . 2009-12-08 16:35 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-08 16:34 . 2009-12-08 16:34 -------- d-----w- c:\program files\eRightSoft
2009-12-08 15:15 . 2009-12-08 15:12 -------- d-----w- c:\program files\Lonely Cat Games
2009-12-07 16:41 . 2009-12-07 16:41 -------- d-----w- c:\program files\IVT Corporation
2009-12-07 13:13 . 2009-12-07 13:13 -------- d-----w- c:\program files\TopCD
2009-11-24 23:54 . 2009-04-08 15:52 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-08 15:52 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-04-08 15:52 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-08 15:52 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-08 15:52 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-08 15:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-17 15:06 . 2009-04-17 15:06 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2006-05-03 09:06 . 2009-12-08 16:35 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-12-08 16:35 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-12-08 16:35 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-12-14 10:04 318904 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-13 2166784]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.5.2009 18:33 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.1.2010 1:23 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.5.2009 18:33 20560]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [7.1.2009 19:52 143467]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.4.2009 18:31 682232]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-01-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
2009-08-26 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4239896571.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
Trusted Zone: bigpoint.com\int7.darkorbit
FF - ProfilePath - c:\documents and settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=cs&qkw=
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\SiteRanker\firefox\components\siterank.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-Firestarter, Shadowgrounds_is1 - c:\program files\TopCD\Firestarter
AddRemove-{A64D224E-E06A-43D2-A919-8BE108F47305}_is1 - c:\program files\Crawler\Smileys\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 15:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\docume~1\NOK73\LOCALS~1\Temp\catchme.dll 53248 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(428)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-15 15:49:49
ComboFix-quarantined-files.txt 2010-01-15 14:49
Před spuštěním: Volných bajtů: 112 492 085 248
Po spuštění: Volných bajtů: 112 453 877 760
- - End Of File - - B82BBF822C6AB5B1251BACD0B599D30D
Prosím o kontrolu logu Vyřešeno
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\docume~1\NOK73\LOCALS~1\Temp\catchme.dll
Folder::
C:\_OTL
DDS::
IE: Crawler Search - tbr:iemenu
Driver::
catchme
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\docume~1\NOK73\LOCALS~1\Temp\catchme.dll
Folder::
C:\_OTL
DDS::
IE: Crawler Search - tbr:iemenu
Driver::
catchme
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
ComboFix 10-01-14.06 - NOK73 15.01.2010 16:10:23.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.606 [GMT 1:00]
Spuštěný z: c:\documents and settings\NOK73\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\NOK73\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\docume~1\NOK73\LOCALS~1\Temp\catchme.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTL
c:\_otl\MovedFiles\01152010_143752.log
c:\_otl\MovedFiles\01152010_143752\C_Documents and Settings\NOK73\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
c:\_otl\MovedFiles\01152010_152543.log
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-1.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-10.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-2.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-3.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-4.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-5.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-6.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-7.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-8.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-9.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\qipsearch.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\sweetim.xml
c:\_otl\MovedFiles\01152010_152543\C_Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\002569_.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET21.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET3.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET4.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET8.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\CONFIG.TMP
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET76.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET7A.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET82.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET8B.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET8C.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CATCHME
-------\Service_catchme
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.
2010-01-15 11:07 . 2007-05-16 08:41 29704 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-15 11:07 . 2010-01-15 11:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-01-15 11:06 . 2010-01-15 11:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 14:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 14:21 . 2010-01-14 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 14:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 04:38 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 01:04 . 2010-01-13 01:04 -------- d-----w- c:\program files\SiteRanker
2010-01-13 01:04 . 2010-01-13 01:04 -------- d-----w- c:\program files\Inbox Toolbar
2010-01-13 00:42 . 2010-01-14 01:29 -------- d-----w- c:\program files\WinClamAVShield
2010-01-13 00:23 . 2010-01-14 16:24 -------- d-----w- c:\program files\Crawler
2010-01-13 00:23 . 2010-01-13 00:23 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-13 00:23 . 2010-01-13 14:29 -------- d-----w- c:\program files\Spyware Terminator
2010-01-12 22:48 . 2010-01-12 22:48 -------- d-----w- c:\program files\Trend Micro
2010-01-12 13:08 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-12 13:08 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-12 12:58 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-12 12:56 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-12 12:56 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-12 12:56 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-12 12:56 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-12 12:56 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-12 12:56 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-02 19:48 . 2010-01-02 19:48 -------- d-----w- C:\SKRYTY
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:08 . 2009-04-08 18:27 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 07:03 . 2006-03-02 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 07:03 . 2006-03-02 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 02:25 . 2009-04-08 17:33 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer
2010-01-12 12:58 . 2010-01-12 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-12 12:58 . 2010-01-12 12:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-12 12:56 . 2009-05-03 11:22 -------- d-----w- c:\program files\Nokia
2009-12-08 16:35 . 2009-12-08 16:35 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-08 16:34 . 2009-12-08 16:34 -------- d-----w- c:\program files\eRightSoft
2009-12-08 15:15 . 2009-12-08 15:12 -------- d-----w- c:\program files\Lonely Cat Games
2009-12-07 16:41 . 2009-12-07 16:41 -------- d-----w- c:\program files\IVT Corporation
2009-12-07 13:13 . 2009-12-07 13:13 -------- d-----w- c:\program files\TopCD
2009-11-24 23:54 . 2009-04-08 15:52 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-08 15:52 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-04-08 15:52 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-08 15:52 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-08 15:52 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-08 15:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-17 15:06 . 2009-04-17 15:06 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2006-05-03 09:06 . 2009-12-08 16:35 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-12-08 16:35 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-12-08 16:35 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_14.48.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 15:14 . 2010-01-15 15:14 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
+ 2010-01-15 15:14 . 2010-01-15 15:14 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-12-14 10:04 318904 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-13 2166784]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.5.2009 18:33 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.1.2010 1:23 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.5.2009 18:33 20560]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [7.1.2009 19:52 143467]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.4.2009 18:31 682232]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-01-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
2009-08-26 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4239896571.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
Trusted Zone: bigpoint.com\int7.darkorbit
FF - ProfilePath - c:\documents and settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=cs&qkw=
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\SiteRanker\firefox\components\siterank.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 16:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2808)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\windows\system32\MSVCP71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-15 16:19:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-15 15:19
ComboFix2.txt 2010-01-15 14:49
Před spuštěním: Volných bajtů: 112 456 765 440
Po spuštění: Volných bajtů: 112 342 315 008
- - End Of File - - DEEBE44E158C080BAA5C4CC37901AAEF
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:48, on 15.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://int7.darkorbit.bigpoint.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8516 bytes
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.606 [GMT 1:00]
Spuštěný z: c:\documents and settings\NOK73\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\NOK73\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\docume~1\NOK73\LOCALS~1\Temp\catchme.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTL
c:\_otl\MovedFiles\01152010_143752.log
c:\_otl\MovedFiles\01152010_143752\C_Documents and Settings\NOK73\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
c:\_otl\MovedFiles\01152010_152543.log
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-1.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-10.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-2.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-3.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-4.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-5.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-6.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-7.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-8.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin-9.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\icqplugin.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\qipsearch.xml
c:\_otl\MovedFiles\01152010_152543\C_Documents and Settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\searchplugins\sweetim.xml
c:\_otl\MovedFiles\01152010_152543\C_Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\002569_.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET21.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET3.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET4.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\SET8.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\CONFIG.TMP
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET76.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET7A.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET82.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET8B.tmp
c:\_otl\MovedFiles\01152010_152543\C_WINDOWS\System32\SET8C.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CATCHME
-------\Service_catchme
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.
2010-01-15 11:07 . 2007-05-16 08:41 29704 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-15 11:07 . 2010-01-15 11:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-01-15 11:06 . 2010-01-15 11:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 14:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 14:21 . 2010-01-14 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 14:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 04:38 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 01:04 . 2010-01-13 01:04 -------- d-----w- c:\program files\SiteRanker
2010-01-13 01:04 . 2010-01-13 01:04 -------- d-----w- c:\program files\Inbox Toolbar
2010-01-13 00:42 . 2010-01-14 01:29 -------- d-----w- c:\program files\WinClamAVShield
2010-01-13 00:23 . 2010-01-14 16:24 -------- d-----w- c:\program files\Crawler
2010-01-13 00:23 . 2010-01-13 00:23 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-13 00:23 . 2010-01-13 14:29 -------- d-----w- c:\program files\Spyware Terminator
2010-01-12 22:48 . 2010-01-12 22:48 -------- d-----w- c:\program files\Trend Micro
2010-01-12 13:08 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-12 13:08 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-12 12:58 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-12 12:56 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-01-12 12:56 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-01-12 12:56 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-01-12 12:56 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-01-12 12:56 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-01-12 12:56 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-01-02 19:48 . 2010-01-02 19:48 -------- d-----w- C:\SKRYTY
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:08 . 2009-04-08 18:27 -------- d-----w- c:\program files\ICQ6.5
2010-01-13 07:03 . 2006-03-02 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 07:03 . 2006-03-02 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 02:25 . 2009-04-08 17:33 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer
2010-01-12 12:58 . 2010-01-12 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-12 12:58 . 2010-01-12 12:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-12 12:56 . 2009-05-03 11:22 -------- d-----w- c:\program files\Nokia
2009-12-08 16:35 . 2009-12-08 16:35 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-08 16:34 . 2009-12-08 16:34 -------- d-----w- c:\program files\eRightSoft
2009-12-08 15:15 . 2009-12-08 15:12 -------- d-----w- c:\program files\Lonely Cat Games
2009-12-07 16:41 . 2009-12-07 16:41 -------- d-----w- c:\program files\IVT Corporation
2009-12-07 13:13 . 2009-12-07 13:13 -------- d-----w- c:\program files\TopCD
2009-11-24 23:54 . 2009-04-08 15:52 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-08 15:52 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-04-08 15:52 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-08 15:52 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-08 15:52 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-08 15:52 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-17 15:06 . 2009-04-17 15:06 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2006-05-03 09:06 . 2009-12-08 16:35 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-12-08 16:35 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-12-08 16:35 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_14.48.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 15:14 . 2010-01-15 15:14 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
+ 2010-01-15 15:14 . 2010-01-15 15:14 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-12-14 10:04 318904 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-13 2166784]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-04-26 111928]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.5.2009 18:33 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.1.2010 1:23 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.5.2009 18:33 20560]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [7.1.2009 19:52 143467]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.4.2009 18:31 682232]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-01-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 12:39]
2009-08-26 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4239896571.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
Trusted Zone: bigpoint.com\int7.darkorbit
FF - ProfilePath - c:\documents and settings\NOK73\Data aplikací\Mozilla\Firefox\Profiles\x3ud6mh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=cs&qkw=
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\SiteRanker\firefox\components\siterank.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 16:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2808)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\windows\system32\MSVCP71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-15 16:19:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-15 15:19
ComboFix2.txt 2010-01-15 14:49
Před spuštěním: Volných bajtů: 112 456 765 440
Po spuštění: Volných bajtů: 112 342 315 008
- - End Of File - - DEEBE44E158C080BAA5C4CC37901AAEF
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:48, on 15.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://int7.darkorbit.bigpoint.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8516 bytes
Re: Prosím o kontrolu logu
Při restartu tam nachvíli skočí výběr na Microsoft Windows Recovery Console ,jinak jede v pohodě
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu Vyřešeno
Pokud se chceš Konzole pro zotavení zbavit, spusť si Nápovědu a zadej termín: "Odstranění Konzole pro zotavení"
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Vyčisti systém CCleanerem a použij i T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Vyčisti systém CCleanerem a použij i T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Kdo je online
Uživatelé prohlížející si toto fórum: Karrex a 11 hostů