Kontrola HJT Vyřešeno

[neca]

ComboFix 12-10-08.03 - Roman 09.10.2012 10:51:16.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1236 [GMT 2:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Roman\Plocha\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\ativpsrm.bin"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{13104D78-8EC2-4CC3-B7E8-F281909295BB}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\ativpsrm.bin
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
e:\skype\Updater
e:\skype\Updater\Updater.dll
e:\skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AODDRIVER
-------\Legacy_CPUZ130
-------\Legacy_ESIHDRV
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_MALWAREDEFENDERSERVICE
-------\Legacy_OAUNBT06U06
-------\Legacy_saskutil
-------\Legacy_SKYPEUPDATE
-------\Legacy_SPTD
-------\Service_AODDriver
-------\Service_cpuz130
-------\Service_esihdrv
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MalwareDefenderService
-------\Service_oaunbt06u06
-------\Service_saskutil
-------\Service_SkypeUpdate
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-09 do 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 08:48 . 2012-10-09 08:48 390144 ----a-w- c:\windows\system32\CF1583.exe
2012-10-08 22:55 . 2012-10-08 23:21 -------- d-----w- C:\World_of_Tanks_Setup
2012-10-08 22:18 . 2012-07-04 04:22 938368 ----a-w- c:\windows\system32\ativvamv.dll
2012-10-08 22:18 . 2012-07-04 04:05 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-10-08 22:18 . 2012-07-04 03:48 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-10-08 22:18 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-10-08 22:06 . 2012-07-04 04:36 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2012-10-08 22:06 . 2012-07-04 04:38 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-10-08 22:00 . 2012-10-08 22:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-10-08 21:57 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-10-08 21:56 . 2012-10-08 21:57 -------- d-----w- c:\program files\ATI Technologies
2012-10-08 21:46 . 2012-10-08 21:46 -------- d-----w- C:\AMD
2012-10-08 16:41 . 2012-10-08 16:47 -------- d-----w- c:\program files\WhoCrashed
2012-10-08 06:06 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-10-07 11:57 . 2012-10-07 11:57 2263 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlBA.tmp
2012-10-07 11:57 . 2012-10-07 11:57 13821 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlB9.tmp
2012-10-07 11:57 . 2012-10-07 11:57 10719 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlB8.tmp
2012-10-07 11:45 . 2012-10-07 11:45 388096 ----a-r- c:\documents and settings\Roman\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-07 11:45 . 2012-10-07 11:45 -------- d-----w- c:\program files\Trend Micro
2012-10-05 14:45 . 2012-03-19 17:01 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-10-05 14:45 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-10-05 14:39 . 2012-10-05 14:52 -------- d-----w- c:\documents and settings\Roman\Local Settings\Data aplikací\Pokki
2012-09-28 18:59 . 2012-09-28 18:59 -------- d-----w- c:\program files\Fair Trading Technology - MT4
2012-09-27 17:18 . 2012-09-29 08:16 -------- d-----w- c:\documents and settings\Roman\Data aplikací\wargaming.net
2012-09-16 08:03 . 2012-09-16 08:03 -------- d-----w- c:\program files\Common Files\Java
2012-09-16 08:02 . 2012-09-16 08:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:36 . 2012-08-10 09:21 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 16:36 . 2011-06-08 05:46 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 08:02 . 2012-07-02 11:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 08:02 . 2012-02-19 17:18 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-16 08:02 . 2010-04-28 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2012-02-01 08:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-08-12 17:33 . 2009-08-12 17:33 16559 ----a-w- c:\program files\Common Files\ugax.com
2009-08-12 17:33 . 2009-08-12 17:33 13901 ----a-w- c:\program files\Common Files\ezolaq.bat
2011-03-18 17:55 . 2011-04-03 19:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common Files\ugax.com ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\rootket\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2011-08-19 465944]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"NetLimiter 2 Client"=e:\netlimiter\NetLimiter 2 Pro\NLClient.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"InCD"=e:\nero\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"MuralPixAgent"=e:\měnič tapet na ploše\MuralPix\MpAgent.exe /r
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\E torent stahovač\\uTorrent\\utorrent.exe"=
"e:\\Sandra\\SiSoftware Sandra Lite 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"e:\\MT 5 Admirál\\metatester.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"e:\\Skype\\Phone\\Skype.exe"=
"e:\\Sandra\\SiSoftware Sandra Lite 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [9.3.2011 15:53 752128]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.1.2012 21:47 239168]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 hgeibflo;hgeibflo;c:\windows\system32\drivers\hgeibflo.sys [2.1.2012 23:49 258392]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.3.2011 15:53 3975088]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 8:34 974944]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [30.1.2012 20:54 14976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30.3.2011 19:00 1523008]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1.4.2011 7:11 450848]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.3.2011 15:54 163232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8.10.2012 23:57 103040]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12.10.2009 20:00 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.8.2012 11:22 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.3.2010 20:55 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [27.3.2010 18:47 23456]
S3 etdrv;etdrv;c:\windows\etdrv.sys [19.7.2009 20:53 17488]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\common\Database\bin\fbserver.exe [13.2.2010 22:30 1527900]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\sandra\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [26.11.2009 20:01 98488]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 16:36]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Stáhnout Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dlall.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\2cvs1s08.default\
FF - prefs.js: browser.search.defaulturl -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 11:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1500)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2476)
e:\rootket\RocketDock\RocketDock.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
e:\nero\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
e:\netlimiter\NetLimiter 2 Pro\nlsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\PnkBstrA.exe
e:\alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-09 11:09:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-09 09:09
ComboFix2.txt 2012-10-09 08:39
ComboFix3.txt 2012-10-08 19:39
ComboFix4.txt 2009-08-13 16:36
ComboFix5.txt 2012-10-09 08:50
.
Před spuštěním: 6 675 349 504
Po spuštění: 6 589 997 056
.
- - End Of File - - 4A399E329138E3135744FE3F614C3DA6

[Reklama]

[neca]

ComboFix 12-10-08.03 - Roman 09.10.2012 10:51:16.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1236 [GMT 2:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Roman\Plocha\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\ativpsrm.bin"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{13104D78-8EC2-4CC3-B7E8-F281909295BB}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\ativpsrm.bin
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
e:\skype\Updater
e:\skype\Updater\Updater.dll
e:\skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AODDRIVER
-------\Legacy_CPUZ130
-------\Legacy_ESIHDRV
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_MALWAREDEFENDERSERVICE
-------\Legacy_OAUNBT06U06
-------\Legacy_saskutil
-------\Legacy_SKYPEUPDATE
-------\Legacy_SPTD
-------\Service_AODDriver
-------\Service_cpuz130
-------\Service_esihdrv
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_MalwareDefenderService
-------\Service_oaunbt06u06
-------\Service_saskutil
-------\Service_SkypeUpdate
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-09 do 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 08:48 . 2012-10-09 08:48 390144 ----a-w- c:\windows\system32\CF1583.exe
2012-10-08 22:55 . 2012-10-08 23:21 -------- d-----w- C:\World_of_Tanks_Setup
2012-10-08 22:18 . 2012-07-04 04:22 938368 ----a-w- c:\windows\system32\ativvamv.dll
2012-10-08 22:18 . 2012-07-04 04:05 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-10-08 22:18 . 2012-07-04 03:48 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-10-08 22:18 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-10-08 22:06 . 2012-07-04 04:36 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2012-10-08 22:06 . 2012-07-04 04:38 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-10-08 22:00 . 2012-10-08 22:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-10-08 21:57 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-10-08 21:56 . 2012-10-08 21:57 -------- d-----w- c:\program files\ATI Technologies
2012-10-08 21:46 . 2012-10-08 21:46 -------- d-----w- C:\AMD
2012-10-08 16:41 . 2012-10-08 16:47 -------- d-----w- c:\program files\WhoCrashed
2012-10-08 06:06 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-10-07 11:57 . 2012-10-07 11:57 2263 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlBA.tmp
2012-10-07 11:57 . 2012-10-07 11:57 13821 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlB9.tmp
2012-10-07 11:57 . 2012-10-07 11:57 10719 ----a-w- c:\documents and settings\All Users\Data aplikací\xmlB8.tmp
2012-10-07 11:45 . 2012-10-07 11:45 388096 ----a-r- c:\documents and settings\Roman\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-07 11:45 . 2012-10-07 11:45 -------- d-----w- c:\program files\Trend Micro
2012-10-05 14:45 . 2012-03-19 17:01 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-10-05 14:45 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-10-05 14:39 . 2012-10-05 14:52 -------- d-----w- c:\documents and settings\Roman\Local Settings\Data aplikací\Pokki
2012-09-28 18:59 . 2012-09-28 18:59 -------- d-----w- c:\program files\Fair Trading Technology - MT4
2012-09-27 17:18 . 2012-09-29 08:16 -------- d-----w- c:\documents and settings\Roman\Data aplikací\wargaming.net
2012-09-16 08:03 . 2012-09-16 08:03 -------- d-----w- c:\program files\Common Files\Java
2012-09-16 08:02 . 2012-09-16 08:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:36 . 2012-08-10 09:21 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 16:36 . 2011-06-08 05:46 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 08:02 . 2012-07-02 11:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 08:02 . 2012-02-19 17:18 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-16 08:02 . 2010-04-28 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2012-02-01 08:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-08-12 17:33 . 2009-08-12 17:33 16559 ----a-w- c:\program files\Common Files\ugax.com
2009-08-12 17:33 . 2009-08-12 17:33 13901 ----a-w- c:\program files\Common Files\ezolaq.bat
2011-03-18 17:55 . 2011-04-03 19:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common Files\ugax.com ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\rootket\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2011-08-19 465944]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"NetLimiter 2 Client"=e:\netlimiter\NetLimiter 2 Pro\NLClient.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"InCD"=e:\nero\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"MuralPixAgent"=e:\měnič tapet na ploše\MuralPix\MpAgent.exe /r
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\E torent stahovač\\uTorrent\\utorrent.exe"=
"e:\\Sandra\\SiSoftware Sandra Lite 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"e:\\MT 5 Admirál\\metatester.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"e:\\Skype\\Phone\\Skype.exe"=
"e:\\Sandra\\SiSoftware Sandra Lite 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [9.3.2011 15:53 752128]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.1.2012 21:47 239168]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 hgeibflo;hgeibflo;c:\windows\system32\drivers\hgeibflo.sys [2.1.2012 23:49 258392]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.3.2011 15:53 3975088]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 8:34 974944]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [30.1.2012 20:54 14976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30.3.2011 19:00 1523008]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1.4.2011 7:11 450848]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.3.2011 15:54 163232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8.10.2012 23:57 103040]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12.10.2009 20:00 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.8.2012 11:22 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.3.2010 20:55 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [27.3.2010 18:47 23456]
S3 etdrv;etdrv;c:\windows\etdrv.sys [19.7.2009 20:53 17488]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\common\Database\bin\fbserver.exe [13.2.2010 22:30 1527900]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\sandra\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [26.11.2009 20:01 98488]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 16:36]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Stáhnout Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dlall.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\2cvs1s08.default\
FF - prefs.js: browser.search.defaulturl -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 11:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1500)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2476)
e:\rootket\RocketDock\RocketDock.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
e:\nero\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
e:\netlimiter\NetLimiter 2 Pro\nlsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\PnkBstrA.exe
e:\alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-09 11:09:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-09 09:09
ComboFix2.txt 2012-10-09 08:39
ComboFix3.txt 2012-10-08 19:39
ComboFix4.txt 2009-08-13 16:36
ComboFix5.txt 2012-10-09 08:50
.
Před spuštěním: 6 675 349 504
Po spuštění: 6 589 997 056
.
- - End Of File - - 4A399E329138E3135744FE3F614C3DA6

[neca]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:12, on 9.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Rootket\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Adobe Reader cz\Reader\AcroRd32.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - E:\Tiskárna\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free dowload manager\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Tiskárna\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RocketDock] "E:\Rootket\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0824 -f video -m logitech -d 13.30.1394.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0824 -f video -m logitech -d 13.30.1394.0 (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://E:\Free dowload manager\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://E:\Free dowload manager\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://E:\Free dowload manager\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Common\Database\bin\fbserver.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Nero\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - E:\Sandra\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 10094 bytes

[neca]

SHA256: f79bfc5f7eaf608c99dc3472f19959a368c6368d00fb630ea6909511f7f23310
Název souboru: xmlB9.tmp
Detekce poměr: 0/44
Analýza Datum: 10.09.2012 09:26:57 UTC (0 Minut před)
00
Další podrobnosti
Analýza
Komentáře
Hlasování
Další informace
Antivirus Následek Aktualizovat
Agnitum - 20121008
AhnLab-V3 - 20121008
AntiVir - 20121008
Antiy-AVL - 20121008
Avast - 20121008
AVG - 20121008
BitDefender - 20121009
ByteHero - 20121004
CAT-QuickHeal - 20121009
ClamAV - 20121008
Commtouch - 20121008
Comodo - 20121008
DrWeb - 20121009
Emsisoft - 20120919
eSafe - 20121002
ESET NOD32- - 20121009
F-Prot - 20121008
F-Secure - 20121003
Fortinet - 20121008
GData - 20121009
Ikarus - 20121009
Jiangmin - 20121008
K7AntiVirus - 20121008
Kaspersky - 20121009
Kingsoft - 20121008
McAfee - 20121009
McAfee-GW-Edition - 20121008
Microsoft - 20121009
MicroWorld-eScan - 20121009
Norman - 20121009
nProtect - 20121008
Panda - 20121008
PCTools - 20121009
Stoupající - 20121008
Sophos - 20121009
SUPERAntiSpyware - 20121005
Symantec - 20121008
TheHacker - 20121009
TotalDefense - 20121008
TrendMicro - 20121009
TrendMicro-HouseCall - 20121009
VBA32 - 20121008
VIPRE - 20121008
ViRobot - 20121008



SHA256: c1e9ce7ffff045161d1d79e9de66d57cc1ec72cec2b04fdf0cc1bcd19e02301c
Název souboru: xmlA5E2.tmp
Detekce poměr: 0/43
Analýza Datum: 03.07.2011 07:44:07 UTC (1 rok, 7 měsíců ago)
00
Další podrobnosti
Analýza
Komentáře
Hlasování
Další informace
Antivirus Následek Aktualizovat
AhnLab-V3 - 20110307
AntiVir - 20110307
Antiy-AVL - 20110306
Avast - 20110223
Avast5 - 20110306
AVG - 20110306
BitDefender - 20110307
CAT-QuickHeal - 20110307
ClamAV - 20110305
Commtouch - 20110307
Comodo - 20110307
DrWeb - 20110307
Emsisoft - 20110307
eSafe - 20110306
eTrust-Vet - 20110304
F-Prot - 20110306
F-Secure - 20110307
Fortinet - 20110307
GData - 20110307
Ikarus - 20110307
Jiangmin - 20110307
K7AntiVirus - 20110305
Kaspersky - 20110307
McAfee - 20110307
McAfee-GW-Edition - 20110307
Microsoft - 20110307
NOD32 - 20110306
Norman - 20110306
nProtect - 20110215
Panda - 20110306
PCTools - 20110307
Prevx - 20110307
Stoupající - 20110306
Sophos - 20110307
SUPERAntiSpyware - 20110307
Symantec - 20110307
TheHacker - 20110306
TrendMicro - 20110307
TrendMicro-HouseCall - 20110307
VBA32 - 20110304
VIPRE - 20110307
ViRobot - 20110307
VirusBuster - 20110306
Blog | Twitter | contact@virustotal.com | Skupiny Google | ToS | Ochrana osobních ú



SHA256: 710411c63bcce70b8e0d5c80246e07e551129e927c22144121691a6026a32ac5
Název souboru: xmlB8.tmp
Detekce poměr: 0/44
Analýza Datum: 10.09.2012 09:23:59 UTC (5 Minut před)
00
Další podrobnosti
Analýza
Komentáře
Hlasování
Další informace
Antivirus Následek Aktualizovat
Agnitum - 20121008
AhnLab-V3 - 20121008
AntiVir - 20121008
Antiy-AVL - 20121008
Avast - 20121008
AVG - 20121008
BitDefender - 20121009
ByteHero - 20121007
CAT-QuickHeal - 20121009
ClamAV - 20121008
Commtouch - 20121008
Comodo - 20121008
DrWeb - 20121009
Emsisoft - 20120919
eSafe - 20121002
ESET NOD32- - 20121009
F-Prot - 20121008
F-Secure - 20121003
Fortinet - 20121008
GData - 20121009
Ikarus - 20121009
Jiangmin - 20121008
K7AntiVirus - 20121008
Kaspersky - 20121009
Kingsoft - 20121008
McAfee - 20121009
McAfee-GW-Edition - 20121008
Microsoft - 20121009
MicroWorld-eScan - 20121009
Norman - 20121009
nProtect - 20121008
Panda - 20121008
PCTools - 20121009
Stoupající - 20121008
Sophos - 20121009
SUPERAntiSpyware - 20121005
Symantec - 20121008
TheHacker - 20121009
TotalDefense - 20121008
TrendMicro - 20121009
TrendMicro-HouseCall - 20121009
VBA32 - 20121008
VIPRE - 20121008
ViRobot - 20121008
Blog | Twitter | contact@virustotal.com | Skupiny Google | ToS | Ochrana osob



SHA256: c25f00d1e8a5a8eb22feda6d3bdba1112d7ea032547ef6266638ce8b7a429824
Název souboru: ezolaq.bat
Detekce poměr: 0/44
Analýza Datum: 10.09.2012 09:30:11 UTC (0 Minut před)
00
Další podrobnosti
Analýza
Komentáře
Hlasování
Další informace
Antivirus Následek Aktualizovat
Agnitum - 20121008
AhnLab-V3 - 20121008
AntiVir - 20121008
Antiy-AVL - 20121008
Avast - 20121008
AVG - 20121008
BitDefender - 20121009
ByteHero - 20121009
CAT-QuickHeal - 20121009
ClamAV - 20121008
Commtouch - 20121008
Comodo - 20121008
DrWeb - 20121009
Emsisoft - 20120919
eSafe - 20121002
ESET NOD32- - 20121009
F-Prot - 20121008
F-Secure - 20121003
Fortinet - 20121008
GData - 20121009
Ikarus - 20121009
Jiangmin - 20121008
K7AntiVirus - 20121008
Kaspersky - 20121009
Kingsoft - 20121008
McAfee - 20121009
McAfee-GW-Edition - 20121008
Microsoft - 20121009
MicroWorld-eScan - 20121009
Norman - 20121009
nProtect - 20121008
Panda - 20121008
PCTools - 20121009
Stoupající - 20121008
Sophos - 20121009
SUPERAntiSpyware - 20121005
Symantec - 20121008
TheHacker - 20121009
TotalDefense - 20121008
TrendMicro - 20121009
TrendMicro-HouseCall - 20121009
VBA32 - 20121008
VIPRE - 20121008
ViRobot - 20121008
Blog | Twitter | contact@virustotal.com | Skupiny Google | ToS | Ochrana osobních údajů


Detekovalo 0 viru.

[neca]

swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 11:44:32
-----------------------------
11:44:32.062 OS Version: Windows 5.1.2600 Service Pack 3
11:44:32.062 Number of processors: 2 586 0x6B02
11:44:32.062 ComputerName: R-EA1E41DDAD294 UserName: Roman
11:44:32.781 Initialize success
11:44:49.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
11:44:49.203 Disk 0 Vendor: WDC_WD16 10.0 Size: 152627MB BusType: 3
11:44:49.218 Disk 0 MBR read successfully
11:44:49.218 Disk 0 MBR scan
11:44:49.218 Disk 0 Windows XP default MBR code
11:44:49.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 44123 MB offset 63
11:44:49.218 Disk 0 Partition - 00 0F Extended LBA 108501 MB offset 90365625
11:44:49.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 90483 MB offset 90365688
11:44:49.234 Disk 0 Partition - 00 05 Extended 18018 MB offset 275675400
11:44:49.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18018 MB offset 275675463
11:44:49.265 Disk 0 scanning sectors +312576705
11:44:49.328 Disk 0 scanning C:\WINDOWS\system32\drivers
11:44:56.046 Service scanning
11:45:15.406 Modules scanning
11:45:21.281 Disk 0 trace - called modules:
11:45:21.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys SCSIPORT.SYS nvgts.sys
11:45:21.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e3838]
11:45:21.312 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a6ff030]
11:45:21.312 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a738998]
11:45:21.312 Scan finished successfully
11:45:38.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roman\Plocha\MBR.dat"
11:45:38.468 The log file has been saved successfully to "C:\Documents and Settings\Roman\Plocha\aswMBR.txt"

Pro jistotu.

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0824 -f video -m logitech -d 13.30.1394.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0824 -f video -m logitech -d 13.30.1394.0 (User 'Default user')

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll:
Collect::
c:\documents and settings\All Users\Data aplikací\xmlBA.tmp
c:\documents and settings\All Users\Data aplikací\xmlB9.tmp
c:\documents and settings\All Users\Data aplikací\xmlB8.tmp
c:\program files\Common Files\ezolaq.bat

File::
c:\windows\system32\CF1583.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[neca]

ComboFix 12-10-08.03 - Roman 09.10.2012 20:42:41.13.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1255 [GMT 2:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Roman\Plocha\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\system32\CF1583.exe"
.
file zipped: c:\documents and settings\All Users\Data aplikací\xmlB8.tmp
file zipped: c:\documents and settings\All Users\Data aplikací\xmlB9.tmp
file zipped: c:\documents and settings\All Users\Data aplikací\xmlBA.tmp
file zipped: c:\program files\Common Files\ezolaq.bat
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\xmlB8.tmp
c:\documents and settings\All Users\Data aplikací\xmlB9.tmp
c:\documents and settings\All Users\Data aplikací\xmlBA.tmp
c:\program files\Common Files\ezolaq.bat
c:\windows\system32\CF1583.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-09 do 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 18:15 . 2012-10-09 18:15 0 ----a-w- c:\windows\ativpsrm.bin
2012-10-08 22:55 . 2012-10-08 23:21 -------- d-----w- C:\World_of_Tanks_Setup
2012-10-08 22:18 . 2012-07-04 04:22 938368 ----a-w- c:\windows\system32\ativvamv.dll
2012-10-08 22:18 . 2012-07-04 04:05 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-10-08 22:18 . 2012-07-04 03:48 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-10-08 22:18 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2012-10-08 22:06 . 2012-07-04 04:36 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2012-10-08 22:06 . 2012-07-04 04:38 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-10-08 22:00 . 2012-10-08 22:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-10-08 21:57 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-10-08 21:56 . 2012-10-08 21:57 -------- d-----w- c:\program files\ATI Technologies
2012-10-08 21:46 . 2012-10-08 21:46 -------- d-----w- C:\AMD
2012-10-08 16:41 . 2012-10-08 16:47 -------- d-----w- c:\program files\WhoCrashed
2012-10-08 06:06 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-10-07 11:45 . 2012-10-07 11:45 388096 ----a-r- c:\documents and settings\Roman\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-07 11:45 . 2012-10-07 11:45 -------- d-----w- c:\program files\Trend Micro
2012-10-05 14:45 . 2012-03-19 17:01 65128 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-10-05 14:45 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-10-05 14:39 . 2012-10-05 14:52 -------- d-----w- c:\documents and settings\Roman\Local Settings\Data aplikací\Pokki
2012-09-28 18:59 . 2012-09-28 18:59 -------- d-----w- c:\program files\Fair Trading Technology - MT4
2012-09-27 17:18 . 2012-09-29 08:16 -------- d-----w- c:\documents and settings\Roman\Data aplikací\wargaming.net
2012-09-16 08:03 . 2012-09-16 08:03 -------- d-----w- c:\program files\Common Files\Java
2012-09-16 08:02 . 2012-09-16 08:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 16:36 . 2012-08-10 09:21 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 16:36 . 2011-06-08 05:46 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 08:02 . 2012-07-02 11:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 08:02 . 2012-02-19 17:18 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-16 08:02 . 2010-04-28 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2012-02-01 08:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2009-08-12 17:33 . 2009-08-12 17:33 16559 ----a-w- c:\program files\Common Files\ugax.com
2011-03-18 17:55 . 2011-04-03 19:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\rootket\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Roman\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"NetLimiter 2 Client"=e:\netlimiter\NetLimiter 2 Pro\NLClient.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"InCD"=e:\nero\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"MuralPixAgent"=e:\měnič tapet na ploše\MuralPix\MpAgent.exe /r
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\E torent stahovač\\uTorrent\\utorrent.exe"=
"e:\\Sandra\\SiSoftware Sandra Lite 2009.SP3\\RpcAgentSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"e:\\MT 5 Admirál\\metatester.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"e:\\Skype\\Phone\\Skype.exe"=
"e:\\Sandra\\SiSoftware Sandra Lite 2009.SP3\\WNt500x86\\RpcSandraSrv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [9.3.2011 15:53 752128]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.1.2012 21:47 239168]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 hgeibflo;hgeibflo;c:\windows\system32\drivers\hgeibflo.sys [2.1.2012 23:49 258392]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9.3.2011 15:53 3975088]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 8:34 974944]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [30.1.2012 20:54 14976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [30.3.2011 19:00 1523008]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1.4.2011 7:11 450848]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9.3.2011 15:54 163232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [8.10.2012 23:57 103040]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12.10.2009 20:00 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.8.2012 11:22 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.3.2010 20:55 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [27.3.2010 18:47 23456]
S3 etdrv;etdrv;c:\windows\etdrv.sys [19.7.2009 20:53 17488]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\common\Database\bin\fbserver.exe [13.2.2010 22:30 1527900]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\sandra\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe [26.11.2009 20:01 98488]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 16:36]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Stáhnout Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://e:\free dowload manager\Free Download Manager\dlall.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\2cvs1s08.default\
FF - prefs.js: browser.search.defaulturl -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2116)
e:\rootket\RocketDock\RocketDock.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
e:\nero\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\netlimiter\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\PnkBstrA.exe
e:\alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-09 21:15:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-09 19:15
ComboFix2.txt 2012-10-09 09:09
ComboFix3.txt 2012-10-09 08:39
ComboFix4.txt 2012-10-08 19:39
ComboFix5.txt 2012-10-09 18:41
.
Před spuštěním: 6 774 501 376
Po spuštění: 6 754 983 936
.
- - End Of File - - 1AD273FCA08F71D8393869393CC2D0BA
Nahr nˇ probŘhlo ŁspŘçnŘ



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:19, on 9.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Nero\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Alcohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Rootket\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Roman\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - E:\Tiskárna\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free dowload manager\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Tiskárna\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RocketDock] "E:\Rootket\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://E:\Free dowload manager\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://E:\Free dowload manager\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://E:\Free dowload manager\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Common\Database\bin\fbserver.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Nero\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - E:\Sandra\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 9710 bytes

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Jak se chová PC?

[neca]

Při zadání do pole spustit mi windows hlásí že nenašel ComboFix. Jak ho tedy mám jinak smazat?

[neca]

Tak už se mi povedl smazat ComboFix.
Ovladače na grafiku jsem nainstaloval nové a přidal jsem chladič na hard disk, vše dle vašich rad. Nyní teplota HD 35 C.
PC zatím stabilní, uvidíme jak ho zatížím. Určitě dám zítra vědět.
Ještě jeden dotaz, co s tím bylo?
Zatím naschle

[jaro3]

Nákazy a driver GK.

Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[neca]

Dobře až to řádně otestuji, dnes zatím nebyl čas, udělám fajfku, zatím moc děkuji.
A co jsem dlužen?
Naschledanou