Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:22, on 16.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Speeditup Free\SpeedItUp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SurfingEnhancer - {57636FBF-8C24-0D22-E203-3D4DFA59E2A4} - C:\Program Files\SurfingEnhancer\SurfingEnhancer-3.dll
O2 - BHO: cpmsky browser optimizer - {58446c83-f800-72d5-c3db-1258341e22c0} - C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - (no file)
O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nsv5B.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\byXPGVpN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{e5fe06ef-0a42-cf53-54cb-869ebe257683}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll" DllInit
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\31E6481A7A624C39BB43E8BF6390376C\Skype4COM.dll
O20 - Winlogon Notify: byXPGVpN - C:\WINDOWS\SYSTEM32\byXPGVpN.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9377 bytes
tak neviem,posielam... snad to zvladnem...
ComboFix 08-05-15.3 - admin 2008-05-16 22:48:12.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.593 [GMT 2:00]
Running from: C:\Documents and Settings\admin\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
C:\Program Files\Adzgalore Games Collection
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe
C:\Program Files\Adzgalore Games Collection\Lines.exe
C:\Program Files\Adzgalore Games Collection\uninstall.exe
C:\Program Files\Adzgalore Games Collection\VideoPool.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll
C:\WINDOWS\system32\abuosliu.ini
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\bktwkacp.ini
C:\WINDOWS\system32\bmiyhcbr.ini
C:\WINDOWS\system32\ceqojlix.ini
C:\WINDOWS\system32\cpmsky-uninst.exe
C:\WINDOWS\system32\cvvtaygh.ini
C:\WINDOWS\system32\cwseavop.ini
C:\WINDOWS\system32\dlcgsass.dll
C:\WINDOWS\system32\drxgdirs.ini
C:\WINDOWS\system32\gdsejmov.ini
C:\WINDOWS\system32\givywgqq.dll
C:\WINDOWS\system32\gwupmcna.ini
C:\WINDOWS\system32\hqtccnil.ini
C:\WINDOWS\system32\jguaefww.ini
C:\WINDOWS\system32\ktmfttwr.ini
C:\WINDOWS\system32\lnngnlsj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfejjbia.ini
C:\WINDOWS\system32\mraawknx.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\owdprawd.ini
C:\WINDOWS\system32\QpsCeMoq.ini
C:\WINDOWS\system32\QpsCeMoq.ini2
C:\WINDOWS\system32\rocpbocu.dll
C:\WINDOWS\system32\rqfdemuw.dll
C:\WINDOWS\system32\rwttfmtk.dll
C:\WINDOWS\system32\swubvmbs.dll
C:\WINDOWS\system32\trntxyev.ini
C:\WINDOWS\system32\vmlpsgfv.ini
C:\WINDOWS\system32\wsfbxrmh.ini
C:\WINDOWS\system32\xcylkjuq.ini
C:\WINDOWS\system32\xtbameop.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 13:21 . 2008-05-16 13:21 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-16 11:13 . 2008-05-16 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 10:21 . 2008-05-16 10:21 3,732 --a------ C:\WINDOWS\wtran32.INI
2008-05-16 10:21 . 2008-05-16 10:21 0 --a------ C:\WINDOWS\XXLGSC
2008-05-16 10:16 . 2008-05-16 10:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-16 10:16 . 2008-05-16 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 09:42 . 2008-05-16 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 16:53 . 2008-05-15 16:53 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_93285.LOG
2008-05-15 16:53 . 2008-05-15 16:53 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_69266.LOG
2008-05-15 16:53 . 2008-05-15 16:53 0 --ah----- C:\Documents and Settings\admin\ntuser.dat_TU_69180.LOG
2008-05-14 00:52 . 2008-05-16 10:22 538 --a------ C:\WINDOWS\webtran4.INI
2008-05-13 10:58 . 2008-05-13 10:58 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_25841.LOG
2008-05-13 10:58 . 2008-05-13 10:58 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_29099.LOG
2008-05-13 10:58 . 2008-05-13 10:58 0 --ah----- C:\Documents and Settings\admin\ntuser.dat_TU_54990.LOG
2008-05-12 22:28 . 2008-05-12 22:28 <DIR> d--hs---- C:\AntiSpywareMaster
2008-05-12 22:27 . 2008-05-12 22:27 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-12 22:04 . 2008-05-13 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-12 22:02 . 2008-05-13 10:48 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59 . 2008-05-12 21:59 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 16:06 . 2008-05-12 16:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 16:06 . 2008-05-12 16:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-12 13:33 . 2008-05-12 13:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55 . 2008-05-12 10:55 <DIR> d-------- C:\Program Files\directx
2008-05-12 10:52 . 2008-01-25 20:01 385,024 --a------ C:\WINDOWS\system32\WinNB57.dll
2008-05-12 10:52 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-05-12 08:12 . 2008-05-16 22:14 <DIR> d-------- C:\Program Files\SurfingEnhancer
2008-05-12 08:12 . 2008-05-12 10:52 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-05-12 08:12 . 2008-05-12 10:52 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-05-11 19:21 . 2008-05-11 19:33 <DIR> d-------- C:\Program Files\Rockstar Games
2008-05-05 15:04 . 2008-05-16 22:42 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-05-04 09:29 . 2008-05-04 09:43 34 --a------ C:\WINDOWS\cdplayer.ini
2008-05-04 09:23 . 2008-05-04 09:25 <DIR> d-------- C:\audiograbber
2008-05-03 19:20 . 2008-05-03 19:20 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_37309.LOG
2008-05-03 19:20 . 2008-05-03 19:20 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_10239.LOG
2008-05-03 19:20 . 2008-05-03 19:20 0 --ah----- C:\Documents and Settings\admin\ntuser.dat_TU_20995.LOG
2008-05-02 15:34 . 2008-05-16 13:10 2,736 --a------ C:\WINDOWS\wdict32.INI
2008-05-02 15:33 . 2008-05-14 00:51 <DIR> d-------- C:\Program Files\PC Translator
2008-04-30 11:03 . 2008-04-30 11:03 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_74891.LOG
2008-04-30 11:03 . 2008-04-30 11:03 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_76905.LOG
2008-04-30 11:03 . 2008-04-30 11:03 0 --ah----- C:\Documents and Settings\admin\ntuser.dat_TU_44837.LOG
2008-04-29 09:46 . 2008-04-29 09:46 <DIR> d-------- C:\Program Files\Each Program Mapi
2008-04-29 09:20 . 2008-05-16 21:14 304,160 --a------ C:\StiImg.dat
2008-04-27 15:25 . 2008-04-27 15:25 <DIR> d-------- C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 15:25 . 2008-04-27 15:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 18:47 . 2008-04-27 07:47 <DIR> d-------- C:\Program Files\Mahjong Holidays 2005
2008-04-26 18:25 . 2008-04-26 18:25 0 --ah----- C:\Documents and Settings\admin\ntuser.dat_TU_57883.LOG
2008-04-26 18:24 . 2008-04-26 18:24 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_43859.LOG
2008-04-26 18:24 . 2008-04-26 18:24 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_49508.LOG
2008-04-26 17:00 . 2008-04-26 17:00 <DIR> d-------- C:\Program Files\Opera
2008-04-26 16:14 . 2008-04-26 17:09 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-26 16:14 . 2008-04-26 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-26 16:14 . 2008-04-26 17:08 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-26 16:14 . 2007-12-20 11:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-26 06:58 . 2008-04-26 21:06 <DIR> d-------- C:\TuneUp 2008
2008-04-20 14:36 . 2008-04-20 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-04-20 14:13 . 2008-04-20 14:13 <DIR> d-------- C:\Program Files\BitDownload
2008-04-20 14:13 . 2008-04-20 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-04-20 14:13 . 2008-04-20 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FireGlow
2008-04-20 14:13 . 2008-04-29 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\close poke frag ooze
2008-04-20 12:20 . 2008-04-20 12:21 88,953 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-20 12:20 . 2008-05-06 14:59 63,916 --a------ C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll-uninst.exe
2008-04-20 12:02 . 2008-04-20 12:02 <DIR> d-------- C:\Program Files\ToGo Game
2008-04-20 11:26 . 2008-04-20 14:13 <DIR> d-------- C:\Program Files\Atlantis
2008-04-20 11:16 . 2008-04-20 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-04-20 11:12 . 2008-04-20 11:12 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Chasing Dogs Studios
2008-04-20 10:31 . 2008-04-20 14:13 <DIR> d-------- C:\Program Files\Virtual Villagers
2008-04-19 21:18 . 2008-04-19 21:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-19 09:10 . 2008-04-19 09:42 <DIR> d-------- C:\Program Files\Ultimate Riders
2008-04-19 09:00 . 2008-05-13 10:58 6,291,456 --a------ C:\Documents and Settings\admin\ntuser.dat_BAK_54990
2008-04-19 09:00 . 2008-05-15 16:54 5,767,168 --a------ C:\Documents and Settings\admin\ntuser.dat_BAK_69180
2008-04-19 09:00 . 2008-04-26 18:25 5,505,024 --a------ C:\Documents and Settings\admin\ntuser.dat_BAK_57883
2008-04-19 09:00 . 2008-04-30 11:03 5,505,024 --a------ C:\Documents and Settings\admin\ntuser.dat_BAK_44837
2008-04-19 09:00 . 2008-05-02 21:55 5,505,024 --a------ C:\Documents and Settings\admin\ntuser.dat_BAK_20995
2008-04-18 19:16 . 2008-04-18 19:16 <DIR> d-------- C:\Program Files\Evonsoft Computer Repair
2008-04-18 19:16 . 2008-04-18 19:16 <DIR> d-------- C:\Documents and Settings\admin\Application Data\IObit
2008-04-18 19:13 . 2008-04-18 19:15 <DIR> d-------- C:\Program Files\A1Click Ultra PC Cleaner
2008-04-18 18:13 . 2008-04-18 18:24 <DIR> d-------- C:\Program Files\ICQToolbar
2008-04-18 17:59 . 2008-04-18 17:59 <DIR> d-------- C:\Documents and Settings\admin\Application Data\GlarySoft
2008-04-18 16:35 . 2008-04-18 16:35 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-04-18 16:35 . 2008-04-18 16:39 <DIR> d-------- C:\Program Files\Speeditup Free
2008-04-18 15:54 . 2008-04-18 15:54 <DIR> d-------- C:\Program Files\VSRevoGroup
2008-04-18 15:39 . 2008-05-13 10:17 <DIR> d-------- C:\Program Files\Common Files\SystemErrorFixer
2008-04-18 15:34 . 2008-04-18 18:01 <DIR> d-------- C:\Program Files\Absolute Uninstaller
2008-04-18 15:28 . 2008-04-18 15:32 <DIR> d-------- C:\Program Files\Smarty Uninstaller Pro
2008-04-18 15:28 . 2004-06-14 17:01 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-04-18 15:28 . 2006-03-25 12:59 167,683 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-18 15:28 . 2006-03-25 12:57 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll
2008-04-18 15:13 . 2008-04-18 15:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-18 15:13 . 2008-04-18 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 15:13 . 2008-04-18 15:46 <DIR> d-------- C:\Documents and Settings\admin\Application Data\AVG7
2008-04-17 11:31 . 2008-05-16 11:18 109,320 --a------ C:\WINDOWS\BM2324aa02.xml
2008-04-16 19:23 . 2008-04-16 19:23 37,888 --a------ C:\WINDOWS\system32\byXPGVpN.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 20:46 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype
2008-05-16 19:05 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
2008-05-16 08:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 06:03 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 09:08 --------- d-----w C:\Program Files\BitComet
2008-04-29 05:57 --------- d-----w C:\Program Files\Java
2008-04-27 11:31 --------- d-----w C:\Program Files\LimeWire
2008-04-20 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-04-20 09:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Chasing Dogs Studios
2008-04-18 16:19 --------- d-----w C:\Documents and Settings\admin\Application Data\ICQ
2008-04-15 21:38 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-15 21:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-15 16:27 --------- d-----w C:\Program Files\GrassSoft
2008-04-10 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-10 13:06 --------- d-----w C:\Program Files\Arctic Bear Advanced
2008-04-08 15:21 --------- d-----w C:\Program Files\Virtools
2008-04-01 22:59 --------- d-----w C:\Documents and Settings\admin\Application Data\AD ON Multimedia
2008-04-01 21:45 --------- d-----w C:\Program Files\Sadhu Systems
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-25 14:05 --------- d-----w C:\Documents and Settings\admin\Application Data\PlayFirst
2008-03-25 13:30 --------- d-----w C:\Program Files\Fish Tycoon
2008-03-23 20:05 --------- d-----w C:\Program Files\Alwil Software
2008-03-23 16:31 --------- d-----w C:\Program Files\MpcStar
2008-03-23 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-21 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PrettyMay
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 06:08 --------- d-----w C:\Program Files\Skype(2)
2008-03-18 06:08 --------- d-----w C:\Program Files\Skype
2008-03-18 06:08 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-18 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-18 06:07 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype(2)
2008-03-18 06:07 --------- d-----w C:\Documents and Settings\admin\Application Data\InstallShield
2008-03-17 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 13:19 --------- d-----w C:\Documents and Settings\admin\Application Data\LangSoft
2008-03-16 13:39 --------- d-----w C:\Documents and Settings\admin\Application Data\ICQ Toolbar
2008-03-16 12:50 --------- d-----w C:\Program Files\The KMPlayer
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-25 20:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57636FBF-8C24-0D22-E203-3D4DFA59E2A4}]
2007-12-30 22:48 1019904 --a------ C:\Program Files\SurfingEnhancer\SurfingEnhancer-3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{994B5FB4-0103-44A6-B6B3-C73572B362BC}]
2008-02-06 19:21 233472 --a------ C:\WINDOWS\system32\nsv5B.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07 68856]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [2008-03-09 04:49 908288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05 1953792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08 3965440]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-03-23 18:30 282624]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGVpN]
byXPGVpN.dll 2008-04-16 19:23 37888 C:\WINDOWS\system32\byXPGVpN.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Frag Ooze Cash Scr"=C:\Documents and Settings\All Users\Application Data\close poke frag ooze\Dead 1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15810:TCP"= 15810:TCP:BitComet 15810 TCP
"15810:UDP"= 15810:UDP:BitComet 15810 UDP
"26451:TCP"= 26451:TCP:BitComet 26451 TCP
"26451:UDP"= 26451:UDP:BitComet 26451 UDP
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 12:39]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 11:46]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-26 17:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 15:18:14 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-16 15:34:00 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 22:49:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-16 22:49:36
ComboFix-quarantined-files.txt 2008-05-16 20:49:22
Pre-Run: 27,589,922,816 bytes free
Post-Run: 27,583,066,112 bytes free
289 --- E O F --- 2008-05-16 11:21:13
Ok,prikladam teda : log z LopFind LopFind v4 © Čas: 20:35:25.95 Datum: 2008-05-17
******************************************
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\Documents and Settings\admin\Application Data
2008-05-12 21:59 <DIR> Symantec
2008-04-27 15:25 <DIR> .wyzo
2008-04-26 17:01 <DIR> Opera
2008-04-20 11:12 <DIR> Chasing Dogs Studios
2008-04-18 19:16 <DIR> IObit
2008-04-18 17:59 <DIR> GlarySoft
2008-04-18 15:13 <DIR> AVG7
2008-04-02 00:59 <DIR> AD ON Multimedia
2008-03-18 08:08 <DIR> Skype
2008-03-18 08:07 <DIR> ICQ
2008-03-17 16:50 <DIR> Skype(2)
2008-03-16 15:39 <DIR> ICQ Toolbar
2008-03-16 15:00 <DIR> Mozilla
2008-03-08 23:01 <DIR> Help
2008-02-27 08:33 <DIR> Media Player Classic
2008-02-25 16:00 <DIR> Teleca
2008-02-20 22:51 <DIR> CyberLink
2008-02-16 23:56 <DIR> Leadertech
2008-02-16 23:48 <DIR> AdobeAUM
2008-02-16 23:48 <DIR> AdobeUM
2008-02-06 01:13 <DIR> Bloom
2008-02-06 00:51 <DIR> Sun
2008-02-05 18:08 <DIR> PlayFirst
2008-02-01 01:09 <DIR> LangSoft
2008-01-31 22:37 <DIR> Codemasters
2008-01-31 22:36 <DIR> InstallShield
2008-01-31 20:14 <DIR> Microsoft Games
2008-01-31 00:59 <DIR> Google
2008-01-29 16:51 <DIR> ESET
2008-01-26 01:00 <DIR> TuneUp Software
2008-01-26 00:30 <DIR> LimeWire
2008-01-25 23:33 <DIR> MSN6
2008-01-25 22:33 <DIR> skypePM
2008-01-23 18:07 <DIR> Macromedia
2008-01-23 18:07 <DIR> Adobe
2008-01-23 17:01 <DIR> Ahead
2008-01-22 18:24 <DIR> Identities
2008-01-22 18:24 62 desktop.ini
2008-01-22 18:24 <DIR> ..
2008-01-22 18:24 <DIR> .
2008-01-22 18:24 <DIR> Microsoft
1 sŁborov, 62 bajtov
40 adres rov, 27534462976 vo–něch bajtov
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\Documents and Settings\All Users\Application Data
2008-05-16 10:16 <DIR> Lavasoft
2008-05-16 09:42 <DIR> nView_Profiles
2008-05-12 22:04 <DIR> Symantec
2008-04-26 16:14 <DIR> TuneUp Software
2008-04-20 14:36 <DIR> MSScanAppDataDir
2008-04-20 14:13 <DIR> Chasing Dogs Studios
2008-04-20 14:13 <DIR> FireGlow
2008-04-20 11:16 <DIR> Escape From Paradise
2008-04-18 15:13 <DIR> avg7
2008-04-10 19:10 <DIR> HipSoft
2008-03-25 16:05 <DIR> PlayFirst
2008-03-23 18:29 <DIR> Apple Computer
2008-03-21 11:35 <DIR> PrettyMay
2008-02-06 00:37 <DIR> Trymedia
2008-02-03 00:27 <DIR> Yahoo! Companion
2008-02-01 01:09 <DIR> LangSoft
2008-01-31 22:36 <DIR> InstallShield
2008-01-31 20:14 <DIR> Microsoft Games
2008-01-31 00:55 <DIR> Google
2008-01-29 16:52 <DIR> MSN6
2008-01-25 22:33 32 ezsid.dat
2008-01-25 21:06 <DIR> Skype
2008-01-25 15:37 <DIR> CyberLink
2008-01-23 17:13 <DIR> DVD Shrink
2008-01-23 16:51 <DIR> ESET
2008-01-23 16:49 <DIR> Adobe
2008-01-23 15:54 <DIR> NVIDIA
2008-01-22 19:50 <DIR> Windows Genuine Advantage
2008-01-22 19:03 62 desktop.ini
2008-01-22 19:03 <DIR> ..
2008-01-22 19:03 <DIR> .
2008-01-22 19:03 <DIR> Microsoft
2 sŁborov, 94 bajtov
30 adres rov, 27534462976 vo–něch bajtov
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\Documents and Settings\Default User\Application Data
2008-01-22 19:03 62 desktop.ini
2008-01-22 19:03 <DIR> ..
2008-01-22 19:03 <DIR> Microsoft
2008-01-22 19:03 <DIR> .
1 sŁborov, 62 bajtov
3 adres rov, 27534458880 vo–něch bajtov
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\Documents and Settings\LocalService\Application Data
2008-04-18 15:13 <DIR> AVG7
2008-01-22 18:26 <DIR> Microsoft
2008-01-22 18:26 <DIR> ..
2008-01-22 18:26 <DIR> .
0 sŁborov, 0 bajtov
4 adres rov, 27534458880 vo–něch bajtov
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\Documents and Settings\NetworkService\Application Data
2008-01-22 18:26 <DIR> ..
2008-01-22 18:26 <DIR> Microsoft
2008-01-22 18:26 <DIR> .
0 sŁborov, 0 bajtov
3 adres rov, 27534458880 vo–něch bajtov
******************************************
2) Zjišťování přítomnosti ve složce Program Files:
a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\Program Files
2008-05-17 16:34 <DIR> .
2008-05-17 16:34 <DIR> ..
2008-04-18 19:15 <DIR> A1Click Ultra PC Cleaner
2008-04-18 18:01 <DIR> Absolute Uninstaller
2008-01-23 16:49 <DIR> Adobe
2008-01-31 22:33 <DIR> AGEIA Technologies
2008-02-06 20:07 <DIR> Alice Greenfingers
2008-03-23 22:05 <DIR> Alwil Software
2008-04-10 15:06 <DIR> Arctic Bear Advanced
2008-04-20 14:13 <DIR> Atlantis
2008-02-27 08:27 <DIR> AviSynth 2.5
2008-04-29 11:08 <DIR> BitComet
2008-02-13 20:57 <DIR> CDex_170b2(2)
2008-05-17 16:34 <DIR> Common Files
2008-01-22 18:16 <DIR> ComPlus Applications
2008-01-29 16:47 <DIR> CyberLink
2008-05-12 10:55 <DIR> directx
2008-04-29 09:46 <DIR> Each Program Mapi
2008-01-23 16:51 <DIR> ESET
2008-04-18 19:16 <DIR> Evonsoft Computer Repair
2008-03-25 15:30 <DIR> Fish Tycoon
2008-01-31 11:27 <DIR> Google
2008-04-15 18:27 <DIR> GrassSoft
2008-04-18 18:24 <DIR> ICQToolbar
2008-03-17 16:50 <DIR> InstallShield Installation Information
2008-04-10 09:50 <DIR> Internet Explorer
2008-04-29 07:57 <DIR> Java
2008-05-16 10:16 <DIR> Lavasoft
2008-04-27 13:31 <DIR> LimeWire
2008-04-27 07:47 <DIR> Mahjong Holidays 2005
2008-02-25 10:21 <DIR> MediaCoder
2008-01-29 16:50 <DIR> Messenger
2008-01-22 18:19 <DIR> microsoft frontpage
2008-01-31 20:13 <DIR> Microsoft Games
2008-01-29 16:51 <DIR> Microsoft Visual Studio
2008-01-22 19:29 <DIR> Movie Maker
2008-05-16 22:00 <DIR> Mozilla Firefox
2008-03-23 18:31 <DIR> MpcStar
2008-01-22 18:16 <DIR> MSN
2008-01-22 18:16 <DIR> MSN Gaming Zone
2008-01-23 16:59 <DIR> Nero
2008-01-22 19:28 <DIR> NetMeeting
2008-04-26 17:00 <DIR> Opera
2008-01-29 16:50 <DIR> Outlook Express
2008-05-14 00:51 <DIR> PC Translator
2008-02-03 00:35 <DIR> Real
2008-01-29 16:52 <DIR> Realtek
2008-01-30 16:00 <DIR> ReflexiveArcade
2008-05-11 19:33 <DIR> Rockstar Games
2008-04-01 23:45 <DIR> Sadhu Systems
2008-03-18 08:08 <DIR> Skype
2008-03-18 08:08 <DIR> Skype(2)
2008-04-18 15:32 <DIR> Smarty Uninstaller Pro
2008-04-18 16:39 <DIR> Speeditup Free
2008-01-29 16:52 <DIR> SystemRequirementsLab
2008-03-16 14:50 <DIR> The KMPlayer
2008-04-20 12:02 <DIR> ToGo Game
2008-02-24 15:18 <DIR> Total Video Player
2008-05-16 11:13 <DIR> Trend Micro
2008-04-26 17:09 <DIR> TuneUp Utilities 2008
2008-01-30 19:52 <DIR> Ubisoft
2008-04-19 09:42 <DIR> Ultimate Riders
2008-01-22 18:24 <DIR> Uninstall Information
2008-01-22 19:49 <DIR> VIA
2008-04-08 17:21 <DIR> Virtools
2008-04-20 14:13 <DIR> Virtual Villagers
2008-04-18 15:54 <DIR> VSRevoGroup
2008-01-23 17:31 <DIR> Webteh
2008-01-29 16:52 <DIR> Winamp
2008-01-29 16:50 <DIR> Windows Media Player
2008-01-22 19:28 <DIR> Windows NT
2008-01-22 18:16 <DIR> WindowsUpdate
2008-04-16 16:21 <DIR> WinRAR
2008-01-22 18:19 <DIR> xerox
2008-02-03 01:51 <DIR> Yahoo!
0 sŁborov, 0 bajtov
75 adres rov, 27,534,454,784 vo–něch bajtov
b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:
Nebyly nalezeny žádné podvodné programy.
******************************************
3) Vyhledávání a odstranění podezřelých .job souborů:
a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\WINDOWS\Tasks
2008-04-30 11:21 374 éklid 1 kliknutˇm.job
2008-01-26 01:00 376 1-Click Maintenance.job
2008-01-22 18:18 6 SA.DAT
2008-01-22 18:17 65 desktop.ini
2008-01-22 18:17 <DIR> ..
2008-01-22 18:17 <DIR> .
4 sŁborov, 821 bajtov
2 adres rov, 27,534,454,784 vo–něch bajtov
––––––––––––––––––––––––––––––––––––––––––
b) Zjišťování vlastností přítomných .job souborů:
[TRACE] Enumerating jobs and queues
[TRACE] Activating job '1-Click Maintenance.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\TuneUp Utilities 2008\OneClick.exe'
Parameters: '/schedulestart'
WorkingDirectory: ''
Comment: 'Runs 1-Click Maintenance at specified times'
Creator: 'admin'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 05/16/2008 17:15:00
NextRun: 05/23/2008 17:15:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 06/01/2005
EndDate: 06/03/2010
StartTime: 17:15
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[TRACE] Activating job 'Úklid 1 kliknutím.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\TuneUp Utilities 2008\OneClick.exe'
Parameters: '/schedulestart'
WorkingDirectory: ''
Comment: 'Spustí Úklid 1 kliknutím v naplánovaný čas'
Creator: 'admin'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 05/16/2008 17:15:00
NextRun: 05/23/2008 17:15:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 06/01/2005
EndDate: 06/03/2010
StartTime: 17:15
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
––––––––––––––––––––––––––––––––––––––––––
c) Nalezené a odstraněné nežádoucí soubory:
––––––––––––––––––––––––––––––––––––––––––
d) Soubory přítomné v adresáři po vymazání:
Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931
Věpis adres ra C:\WINDOWS\Tasks
2008-04-30 11:21 374 éklid 1 kliknutˇm.job
2008-01-26 01:00 376 1-Click Maintenance.job
2008-01-22 18:18 6 SA.DAT
2008-01-22 18:17 65 desktop.ini
2008-01-22 18:17 <DIR> ..
2008-01-22 18:17 <DIR> .
4 sŁborov, 821 bajtov
2 adres rov, 27,534,434,304 vo–něch bajtov
******************************************
4) Zjišťování přítomnosti v registru:
a) Vyhledávání spouštěcích bodů v registru:
Nebyly nalezeny žádné spouštěcí body v registru.
b) Export výjimek IE pop-up blockeru:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"PopupMgr"="yes"
c) Export povolení Windows firewallu:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
a taky log z SUPERAntiSpywareSUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/17/2008 at 09:01 PM
Application Version : 4.0.1154
Core Rules Database Version : 3463
Trace Rules Database Version: 1454
Scan type : Complete Scan
Total Scan Time : 00:13:02
Memory items scanned : 391
Memory threats detected : 0
Registry items scanned : 5032
Registry threats detected : 11
File items scanned : 15184
File threats detected : 29
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\InprocServer32
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\InprocServer32#ThreadingModel
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\ProgID
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\Programmable
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\TypeLib
HKCR\CLSID\{994B5FB4-0103-44A6-B6B3-C73572B362BC}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\NSV5B.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994B5FB4-0103-44A6-B6B3-C73572B362BC}
Adware.Tracking Cookie
C:\Documents and Settings\admin\Cookies\admin@casalemedia[4].txt
C:\Documents and Settings\admin\Cookies\admin@please[3].txt
C:\Documents and Settings\admin\Cookies\admin@yadro[1].txt
C:\Documents and Settings\admin\Cookies\admin@cgi-bin[2].txt
C:\Documents and Settings\admin\Cookies\admin@ad.zanox[2].txt
C:\Documents and Settings\admin\Cookies\admin@antispywaremaster[2].txt
C:\Documents and Settings\admin\Cookies\admin@tracking.publicidees[2].txt
C:\Documents and Settings\admin\Cookies\admin@vote4warez[1].txt
C:\Documents and Settings\admin\Cookies\admin@lokimann.rajce.idnes[1].txt
C:\Documents and Settings\admin\Cookies\admin@please[1].txt
C:\Documents and Settings\admin\Cookies\admin@toplist[1].txt
C:\Documents and Settings\admin\Cookies\admin@ad1.clickhype[1].txt
C:\Documents and Settings\admin\Cookies\admin@statcounter[2].txt
C:\Documents and Settings\admin\Cookies\admin@load[2].txt
C:\Documents and Settings\admin\Cookies\admin@server.cpmstar[2].txt
C:\Documents and Settings\admin\Cookies\admin@titanclicks[1].txt
C:\Documents and Settings\admin\Cookies\admin@rajce.idnes[3].txt
C:\Documents and Settings\admin\Cookies\admin@banner.prestigecasino[3].txt
C:\Documents and Settings\admin\Cookies\admin@banners.moreniche[2].txt
C:\Documents and Settings\admin\Cookies\admin@tribalfusion[3].txt
C:\Documents and Settings\admin\Cookies\admin@zedo[1].txt
C:\Documents and Settings\admin\Cookies\admin@clickaider[1].txt
C:\Documents and Settings\admin\Cookies\admin@adrenaline[1].txt
Malware.LocusSoftware Inc/PCPrivacyTool
HKLM\Software\Purchased Products
Trojan.LocusSoftware/WSC-Installer
C:\DOWNLOADS\INSTALLER_SBD_EN.EXE
Adware.AdRotator/CPMSky
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F44F791F-1972-48E4-B068-A10F0C872763}\RP8\A0004344.EXE
Adware.AdRotate/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F44F791F-1972-48E4-B068-A10F0C872763}\RP8\A0004345.DLL
Trojan.Downloader-Gen/FotoMoto-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F44F791F-1972-48E4-B068-A10F0C872763}\RP9\A0005455.DLL
Adware.Mirar/NetNucleus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F44F791F-1972-48E4-B068-A10F0C872763}\RP9\A0005456.DLL
»»»»»»»»»»»»» Konec výpisu «««««««««««««««
fix.reg