Kontrola logů
Napsal: 09 čer 2008 19:30
Zdravím chlapi.Chytil jsem nějakého šmejda a vypnul mi aktualizace a nemuzu se toho zbavit,posílám logy.Díky za pomoc.
SDFix: Version 1.121
Run by Uživatel on po 09.06.2008 at 18:23
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\svohost.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 18:26:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:aa,d8,03,43,cb,0b,a7,ef,b0,39,f7,3b,bc,71,df,b7,d3,8c,d2,93,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b4,ba,c7,d6,83,e1,71,48,13,19,46,6b,cb,72,ab,2e,4d,91,04,5a,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:ed,e9,25,9e,c0,ff,6c,e6,ea,31,2e,72,f1,df,09,18,ba,e8,26,9a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a1,20,71,37,36,c0,50,bd,da,34,07,81,58,59,c5,f5,37,eb,ad,8d,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:ed,e9,25,9e,c0,ff,6c,e6,ea,31,2e,72,f1,df,09,18,ba,e8,26,9a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,c9,86,eb,e5,9a,97,74,d1,8a,e5,2b,7d,02,3d,28,ef,3b,13,23,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:ed,e9,25,9e,c0,ff,6c,e6,ea,31,2e,72,f1,df,09,18,ba,e8,26,9a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a1,20,71,37,36,c0,50,bd,da,34,07,81,58,59,c5,f5,37,eb,ad,8d,fc,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,79,00,00,00,00,00,c8,71,a8,d4,df,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="3A694A5F43052D10AB425CEC6CA6BB2D05049C4591D087A36F41B1DFF7A8C1F520374E6664A8AD4770048C9CD6E0DD1247F297DCA1C24FEACECD2D22C282CAD081C5689E1D821A90FD67D7EE70540A36B423764AAE4643145AE45C559C806CCDB4B8D1783FB89F02B07E294A9F672A794EB9EE0D58A1AA6756DADE3478EC6C3FE0B3BA8534B49F1A34615CBC61C7DE1F65DC29494EE181125909CC1D5CD3415D05E146FCF426AFB58A2A3F7346E178D1A139C2C956D8F527504CAF10E2861AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74CFEBC9E127BECC74C9F23143AD43B1873E98C69C35E778D79ECF362E138D7E0DF704466D5363692E7E40659030CD0D34EA3186D6C619EEAA9BC360A81678E1AA0E4D147BB8579A1715DBBED090FFD52C1789D1009169726C5B33FB39ABF99EFB64EA08137ADE49B930763949F7E017BB3D40248D95575293442D823F971016EA4C8FECCC35B954A8C47EE9611212B7AC104FB8C161D5C1F0EBE9FA164D45FE19ED18F6251DDBA3CCF66253E1A5D60403A3818DAE58F09F91D6384FD116463DD8E4DC68244A919460491215CEBC01D80A107B4B4EAF1486F64504C8AA8C051B89284EEED75D589FD0358D143AB7D6B33AEE8089C3330FCF817868E1BCCAA800B7BA0266CAF9EF73F5BAFF9CBF0E6ED16CCBB979B47551C539E6D398A908ADBB44EB25E48B365642AD06F30D14A775AA69BC040BF9F1432FE164E0DB5F7E96356C6ADDBD0B4ABE2205854DEB3394A78AA6F1E32992B44DB41CF571F7F8179A9575067BA585B1A1C491D7FC555B0A1A72ACEDB703CCC5D4CA3CF1CD7CB1B8AD4608C1D6635C4FDCC10FCF3F71F9B6257F1F5E952C1D87F49F34E12730626942261D26E22C1FD45C4250C1B5AFCD5158D90549685C599E92DC1B715041B7BB1DF0CAA5D835E0E85E87A8FBF28DD31E5E3DB0D1987694E05E6E22C61EC7CE5A2F15552D173EA6CF5B0478394F1B47226876BF80BAD5228D8F6F1819B671F24C84FF8BA97B1510371A78694AD98FA524B389AA0E81FA7CC1575CA3FC780FE69AB82F30BDDCDF834F9EF772681D32B7D6F4D89C6145717570A0C8D22D298175CF5AB099BB7AE53D2B1BC9ECDEDAE4496CC301DDCD22750542FF8211A89656B9776FDBD7A1D0E5128E156C05833074C3145DC7E0C4EB109C79C0FAECC1F6E002C21C05DE7E978696EF4196B427590C7D75EE397AE926E78A59133A19328115E9A8B4F75DA5B5298D6FBF5EB3F3ED0C58440EC9AD492A9DC596F612CF7A17E955B7018D7FC964F5A052A705634F7A352AB392F79C1A38375C03CA6C3BC683A36D930201A2A24F93391D7A0023DF4B70431B7F86EEBFEED88ACA1A5A1D5BF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010cesk\xfd Preklad"
"UninstallString"="D:\Dokumenty\18 WoS American Long Haul\CZ_Unistall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010ce\x161tina do WinAVI Video Converter 7.6"
"UninstallString"="C:\Program Files\WinAVIVideoConverter\Odinstalovat.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Ultra Edition\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 8 Nov 2007 56 ..SHR --- "C:\WINDOWS\system32\6DD0CA0FB9.sys"
Sat 29 Mar 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 6 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
-------------------------------------------------
ComboFix 08-06-08.8 - Uživatel 2008-06-09 19:07:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1444 [GMT 2:00]
Running from: C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-09 18:15 . 2008-06-09 18:28 <DIR> d-------- C:\SDFix
2008-06-06 22:43 . 2008-06-06 22:43 <DIR> d----c--- C:\Program Files\QuickTime
2008-06-06 22:43 . 2008-06-06 22:43 <DIR> d----c--- C:\Program Files\Apple Software Update
2008-05-28 12:46 . 2008-05-28 12:46 <DIR> d----c--- C:\Program Files\Realtek AC97
2008-05-28 12:37 . 2008-05-28 12:37 23,600 --a--c--- C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-28 12:00 . 2008-05-28 12:00 <DIR> d----c--- C:\WINDOWS\nvidia icons
2008-05-27 10:18 . 2008-05-27 10:18 306,432 --a--c--- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-27 10:18 . 2007-12-20 10:41 29,440 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-05-27 10:17 . 2008-05-28 22:50 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2008
2008-05-23 18:25 . 2008-05-23 18:25 <DIR> d-------- C:\Documents and Settings\Uivatel
2008-05-22 17:04 . 2008-05-22 17:04 <DIR> d----c--- C:\Program Files\FLVPlayer
2008-05-22 15:28 . 2008-06-06 22:38 <DIR> d----c--- C:\Program Files\AIMP2
2008-05-17 14:04 . 2008-05-18 14:52 <DIR> d----c--- C:\WINDOWS\system32\Adobe
2008-05-11 10:24 . 2008-05-11 10:24 <DIR> d----c--- C:\Program Files\Pyro Studios
2008-05-11 10:24 . 2008-05-11 10:24 262,144 --a--c--- C:\WINDOWS\system32\wrap_oal.dll
2008-05-11 10:24 . 2008-05-11 10:24 86,016 --a--c--- C:\WINDOWS\system32\OpenAL32.dll
2008-05-10 10:25 . 2008-05-10 10:25 <DIR> d----c--- C:\Program Files\GameShadow
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:55 --------- dc----w C:\Program Files\Lavasoft
2008-06-09 16:08 --------- dc----w C:\Program Files\Registry Genius
2008-06-09 14:56 --------- dc----w C:\Program Files\Mozilla Thunderbird
2008-06-01 08:39 --------- dc----w C:\Program Files\7-Zip
2008-05-28 10:23 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 10:23 --------- dc----w C:\Program Files\AMD
2008-05-20 15:02 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-05-10 08:14 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-05-05 22:15 --------- dc----w C:\Program Files\ScreenShots
2008-05-05 21:22 --------- dc----w C:\Program Files\Bonjour
2008-05-03 03:46 6,554,496 -c--a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-04-29 18:09 --------- dc----w C:\Program Files\Common Files\Skype
2008-04-20 12:40 --------- dc----w C:\Program Files\ACD Systems
2008-04-17 10:50 --------- dc----w C:\Program Files\OO Software
2008-04-14 09:05 --------- dc----w C:\Program Files\Common Files\Adobe
2008-04-14 08:58 --------- dc----w C:\Program Files\Common Files\Macrovision Shared
2008-04-14 06:53 40,840 -c--a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 06:53 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 06:53 139,656 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 06:53 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 06:52 69,632 -c--a-w C:\WINDOWS\notepad.exe
2008-04-14 06:52 50,688 -c--a-w C:\WINDOWS\twain_32.dll
2008-04-14 06:52 32,866 -c----w C:\WINDOWS\slrundll.exe
2008-04-14 06:52 283,648 -c--a-w C:\WINDOWS\winhlp32.exe
2008-04-14 06:52 147,968 -c--a-w C:\WINDOWS\regedit.exe
2008-04-14 06:52 11,325 -c----w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 06:52 10,752 -c--a-w C:\WINDOWS\hh.exe
2008-04-14 06:52 1,034,240 -c--a-w C:\WINDOWS\explorer.exe
2008-04-14 06:11 73,344 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 06:10 80,000 -c--a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 06:10 68,736 -c--a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 06:10 46,592 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 06:10 120,064 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 06:01 153,856 -c--a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 06:00 800,000 -c--a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:59 24,576 -c--a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:57 37,248 -c--a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:56 40,576 -c--a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:55 40,192 -c--a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:51 64,256 -c--a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:51 52,096 -c--a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:49 25,600 -c----w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:45 272,896 -c----w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:44 58,496 -c--a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:43 44,544 -c--a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:42 52,480 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:41 39,680 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:40 701,440 -c----w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 05:40 326,912 -c----w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 05:38 41,600 -c--a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:38 41,216 -c--a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:36 30,080 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:36 23,040 -c--a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:35 188,288 -c--a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 -c--a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 -c--a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 -c--a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 -c--a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 -c--a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 -c--a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 -c--a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 -c--a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 -c--a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 -c--a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 -c--a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 -c--a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 -c--a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 -c--a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 -c--a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 -c--a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 -c--a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 -c--a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 -c--a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 -c--a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 -c--a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 -c--a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 -c--a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 -c--a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 -c--a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 -c--a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 -c--a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 -c----w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 -c--a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 -c----w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 88,192 -c--a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 22:24 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 -c--a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 -c--a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 -c--a-w C:\WINDOWS\system32\drivers\http.sys
2007-11-08 18:00 56 -csh--r C:\WINDOWS\system32\6DD0CA0FB9.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:52 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 10:44 94208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-15 12:02 482760]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]
"OEXPRESS"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.EXE]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 04:58 69632]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 23:17 52256]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 14:42 968696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"M1000Mnt"="M1000Rmv.exe" []
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 08:52 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a--c--- 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a--c--- 2005-05-19 15:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 08:52]
R3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\system32\Drivers\M1000KNT.sys [2005-07-01 20:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 00:26]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 00:15]
S3 7ByteIo;7ByteIo;C:\Program Files\Hot CPU Tester Pro 4 LE\SysInfo.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 10:18]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2008-05-28 12:37]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 00:15]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 08:18:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-06 20:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:10:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:12:48 - machine was rebooted [U§ivatel]
ComboFix-quarantined-files.txt 2008-06-09 17:12:45
Adresářů: 13, Volných bajtů: 22,511,112,192
Adres ý…: 16, Volněch bajt…: 22,384,537,600
255 --- E O F --- 2008-05-20 15:02:19
----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:15, on 9.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Zaloha programu,her,cestin\Programy\Testy,čištění a sledování systému\PC Help\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SC1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4557098000
O17 - HKLM\System\CCS\Services\Tcpip\..\{B828B990-8A70-4555-AEF1-3083AF5B0F93}: NameServer = 10.1.1.1,10.1.1.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10782 bytes
-------------------------------------------
Díky
SDFix: Version 1.121
Run by Uživatel on po 09.06.2008 at 18:23
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\svohost.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 18:26:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemůže nalézt uvedený soubor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:aa,d8,03,43,cb,0b,a7,ef,b0,39,f7,3b,bc,71,df,b7,d3,8c,d2,93,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b4,ba,c7,d6,83,e1,71,48,13,19,46,6b,cb,72,ab,2e,4d,91,04,5a,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:ed,e9,25,9e,c0,ff,6c,e6,ea,31,2e,72,f1,df,09,18,ba,e8,26,9a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a1,20,71,37,36,c0,50,bd,da,34,07,81,58,59,c5,f5,37,eb,ad,8d,fc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:ed,e9,25,9e,c0,ff,6c,e6,ea,31,2e,72,f1,df,09,18,ba,e8,26,9a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,c9,86,eb,e5,9a,97,74,d1,8a,e5,2b,7d,02,3d,28,ef,3b,13,23,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:ed,e9,25,9e,c0,ff,6c,e6,ea,31,2e,72,f1,df,09,18,ba,e8,26,9a,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:00,b3,f9,0e,27,2f,84,b9,e2,43,21,13,ac,b4,74,3e,7d,bc,48,58,af,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,11,57,02,62,ba,eb,43,cd,b6,b3,6b,ff,8b,2c,75,52,1d,d4,dd,2a,..
"a0"=hex:20,01,00,00,5c,bf,1d,5e,ad,e0,69,f3,fc,67,33,9e,80,73,37,0d,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a1,20,71,37,36,c0,50,bd,da,34,07,81,58,59,c5,f5,37,eb,ad,8d,fc,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,79,00,00,00,00,00,c8,71,a8,d4,df,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="3A694A5F43052D10AB425CEC6CA6BB2D05049C4591D087A36F41B1DFF7A8C1F520374E6664A8AD4770048C9CD6E0DD1247F297DCA1C24FEACECD2D22C282CAD081C5689E1D821A90FD67D7EE70540A36B423764AAE4643145AE45C559C806CCDB4B8D1783FB89F02B07E294A9F672A794EB9EE0D58A1AA6756DADE3478EC6C3FE0B3BA8534B49F1A34615CBC61C7DE1F65DC29494EE181125909CC1D5CD3415D05E146FCF426AFB58A2A3F7346E178D1A139C2C956D8F527504CAF10E2861AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CFEBC9E127BECC74CFEBC9E127BECC74C9F23143AD43B1873E98C69C35E778D79ECF362E138D7E0DF704466D5363692E7E40659030CD0D34EA3186D6C619EEAA9BC360A81678E1AA0E4D147BB8579A1715DBBED090FFD52C1789D1009169726C5B33FB39ABF99EFB64EA08137ADE49B930763949F7E017BB3D40248D95575293442D823F971016EA4C8FECCC35B954A8C47EE9611212B7AC104FB8C161D5C1F0EBE9FA164D45FE19ED18F6251DDBA3CCF66253E1A5D60403A3818DAE58F09F91D6384FD116463DD8E4DC68244A919460491215CEBC01D80A107B4B4EAF1486F64504C8AA8C051B89284EEED75D589FD0358D143AB7D6B33AEE8089C3330FCF817868E1BCCAA800B7BA0266CAF9EF73F5BAFF9CBF0E6ED16CCBB979B47551C539E6D398A908ADBB44EB25E48B365642AD06F30D14A775AA69BC040BF9F1432FE164E0DB5F7E96356C6ADDBD0B4ABE2205854DEB3394A78AA6F1E32992B44DB41CF571F7F8179A9575067BA585B1A1C491D7FC555B0A1A72ACEDB703CCC5D4CA3CF1CD7CB1B8AD4608C1D6635C4FDCC10FCF3F71F9B6257F1F5E952C1D87F49F34E12730626942261D26E22C1FD45C4250C1B5AFCD5158D90549685C599E92DC1B715041B7BB1DF0CAA5D835E0E85E87A8FBF28DD31E5E3DB0D1987694E05E6E22C61EC7CE5A2F15552D173EA6CF5B0478394F1B47226876BF80BAD5228D8F6F1819B671F24C84FF8BA97B1510371A78694AD98FA524B389AA0E81FA7CC1575CA3FC780FE69AB82F30BDDCDF834F9EF772681D32B7D6F4D89C6145717570A0C8D22D298175CF5AB099BB7AE53D2B1BC9ECDEDAE4496CC301DDCD22750542FF8211A89656B9776FDBD7A1D0E5128E156C05833074C3145DC7E0C4EB109C79C0FAECC1F6E002C21C05DE7E978696EF4196B427590C7D75EE397AE926E78A59133A19328115E9A8B4F75DA5B5298D6FBF5EB3F3ED0C58440EC9AD492A9DC596F612CF7A17E955B7018D7FC964F5A052A705634F7A352AB392F79C1A38375C03CA6C3BC683A36D930201A2A24F93391D7A0023DF4B70431B7F86EEBFEED88ACA1A5A1D5BF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010cesk\xfd Preklad"
"UninstallString"="D:\Dokumenty\18 WoS American Long Haul\CZ_Unistall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010ce\x161tina do WinAVI Video Converter 7.6"
"UninstallString"="C:\Program Files\WinAVIVideoConverter\Odinstalovat.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Ultra Edition\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 8 Nov 2007 56 ..SHR --- "C:\WINDOWS\system32\6DD0CA0FB9.sys"
Sat 29 Mar 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 6 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
-------------------------------------------------
ComboFix 08-06-08.8 - Uživatel 2008-06-09 19:07:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1444 [GMT 2:00]
Running from: C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-09 18:15 . 2008-06-09 18:28 <DIR> d-------- C:\SDFix
2008-06-06 22:43 . 2008-06-06 22:43 <DIR> d----c--- C:\Program Files\QuickTime
2008-06-06 22:43 . 2008-06-06 22:43 <DIR> d----c--- C:\Program Files\Apple Software Update
2008-05-28 12:46 . 2008-05-28 12:46 <DIR> d----c--- C:\Program Files\Realtek AC97
2008-05-28 12:37 . 2008-05-28 12:37 23,600 --a--c--- C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-28 12:00 . 2008-05-28 12:00 <DIR> d----c--- C:\WINDOWS\nvidia icons
2008-05-27 10:18 . 2008-05-27 10:18 306,432 --a--c--- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-27 10:18 . 2007-12-20 10:41 29,440 --a--c--- C:\WINDOWS\system32\uxtuneup.dll
2008-05-27 10:17 . 2008-05-28 22:50 <DIR> d----c--- C:\Program Files\TuneUp Utilities 2008
2008-05-23 18:25 . 2008-05-23 18:25 <DIR> d-------- C:\Documents and Settings\Uivatel
2008-05-22 17:04 . 2008-05-22 17:04 <DIR> d----c--- C:\Program Files\FLVPlayer
2008-05-22 15:28 . 2008-06-06 22:38 <DIR> d----c--- C:\Program Files\AIMP2
2008-05-17 14:04 . 2008-05-18 14:52 <DIR> d----c--- C:\WINDOWS\system32\Adobe
2008-05-11 10:24 . 2008-05-11 10:24 <DIR> d----c--- C:\Program Files\Pyro Studios
2008-05-11 10:24 . 2008-05-11 10:24 262,144 --a--c--- C:\WINDOWS\system32\wrap_oal.dll
2008-05-11 10:24 . 2008-05-11 10:24 86,016 --a--c--- C:\WINDOWS\system32\OpenAL32.dll
2008-05-10 10:25 . 2008-05-10 10:25 <DIR> d----c--- C:\Program Files\GameShadow
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:55 --------- dc----w C:\Program Files\Lavasoft
2008-06-09 16:08 --------- dc----w C:\Program Files\Registry Genius
2008-06-09 14:56 --------- dc----w C:\Program Files\Mozilla Thunderbird
2008-06-01 08:39 --------- dc----w C:\Program Files\7-Zip
2008-05-28 10:23 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 10:23 --------- dc----w C:\Program Files\AMD
2008-05-20 15:02 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-05-10 08:14 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-05-05 22:15 --------- dc----w C:\Program Files\ScreenShots
2008-05-05 21:22 --------- dc----w C:\Program Files\Bonjour
2008-05-03 03:46 6,554,496 -c--a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-04-29 18:09 --------- dc----w C:\Program Files\Common Files\Skype
2008-04-20 12:40 --------- dc----w C:\Program Files\ACD Systems
2008-04-17 10:50 --------- dc----w C:\Program Files\OO Software
2008-04-14 09:05 --------- dc----w C:\Program Files\Common Files\Adobe
2008-04-14 08:58 --------- dc----w C:\Program Files\Common Files\Macrovision Shared
2008-04-14 06:53 40,840 -c--a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 06:53 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 06:53 139,656 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 06:53 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 06:52 69,632 -c--a-w C:\WINDOWS\notepad.exe
2008-04-14 06:52 50,688 -c--a-w C:\WINDOWS\twain_32.dll
2008-04-14 06:52 32,866 -c----w C:\WINDOWS\slrundll.exe
2008-04-14 06:52 283,648 -c--a-w C:\WINDOWS\winhlp32.exe
2008-04-14 06:52 147,968 -c--a-w C:\WINDOWS\regedit.exe
2008-04-14 06:52 11,325 -c----w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 06:52 10,752 -c--a-w C:\WINDOWS\hh.exe
2008-04-14 06:52 1,034,240 -c--a-w C:\WINDOWS\explorer.exe
2008-04-14 06:11 73,344 -c--a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 06:10 80,000 -c--a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 06:10 68,736 -c--a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 06:10 46,592 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 06:10 120,064 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 06:01 153,856 -c--a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 06:00 800,000 -c--a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:59 24,576 -c--a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 05:57 37,248 -c--a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 05:56 40,576 -c--a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 05:55 40,192 -c--a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 05:51 64,256 -c--a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:51 52,096 -c--a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:49 25,600 -c----w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:45 272,896 -c----w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:44 58,496 -c--a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:43 44,544 -c--a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 05:42 52,480 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 05:41 39,680 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 05:40 701,440 -c----w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 05:40 326,912 -c----w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 05:38 41,600 -c--a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 05:38 41,216 -c--a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 05:36 30,080 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:36 23,040 -c--a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 05:35 188,288 -c--a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 -c--a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 -c--a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 -c--a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 -c--a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 -c--a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 -c--a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 -c--a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 -c--a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 -c--a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 -c--a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 -c--a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 -c--a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 -c--a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 -c--a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 -c--a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 -c--a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 -c--a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 -c--a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 -c--a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 -c--a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 -c--a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 -c--a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 -c--a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 -c--a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 -c--a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 -c--a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 -c--a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 -c--a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 30,592 -c----w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 14,592 -c--a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,800 -c----w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,288 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:25 202,624 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 22:24 88,192 -c--a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 22:24 11,264 -c--a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 -c--a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 -c--a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 -c--a-w C:\WINDOWS\system32\drivers\http.sys
2007-11-08 18:00 56 -csh--r C:\WINDOWS\system32\6DD0CA0FB9.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:52 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 10:44 94208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-15 12:02 482760]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]
"OEXPRESS"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.EXE]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 04:58 69632]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 23:17 52256]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-07-09 14:42 968696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"M1000Mnt"="M1000Rmv.exe" []
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 08:52 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a--c--- 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a--c--- 2005-05-19 15:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 08:52]
R3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\system32\Drivers\M1000KNT.sys [2005-07-01 20:36]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-14 00:26]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 00:15]
S3 7ByteIo;7ByteIo;C:\Program Files\Hot CPU Tester Pro 4 LE\SysInfo.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 10:18]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2008-05-28 12:37]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 00:15]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 08:18:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-06 20:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:10:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
.
**************************************************************************
.
Completion time: 2008-06-09 19:12:48 - machine was rebooted [U§ivatel]
ComboFix-quarantined-files.txt 2008-06-09 17:12:45
Adresářů: 13, Volných bajtů: 22,511,112,192
Adres ý…: 16, Volněch bajt…: 22,384,537,600
255 --- E O F --- 2008-05-20 15:02:19
----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:15, on 9.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Zaloha programu,her,cestin\Programy\Testy,čištění a sledování systému\PC Help\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SC1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4557098000
O17 - HKLM\System\CCS\Services\Tcpip\..\{B828B990-8A70-4555-AEF1-3083AF5B0F93}: NameServer = 10.1.1.1,10.1.1.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10782 bytes
-------------------------------------------
Díky
