Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:41, on 25.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Users\inet\AppData\Local\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lukas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'inet')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... dcs-cz.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 8517 bytes
prosim o kontrolu logu Vyřešeno
pridani MWAV
Objekt "video activex access Trojan" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "personalantispy Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".alac". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ape". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".flac". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".hdmov". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ifo". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".k3g". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".m2t". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mpc". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mts". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".on2". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ra". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rmvb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tta". Provedené akce: Ponecháno, neodstraněno!.
Objekt "personalantispy Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".alac". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ape". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".flac". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".hdmov". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ifo". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".k3g". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".m2t". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mpc". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mts". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".on2". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ra". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rm". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rmvb". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tta". Provedené akce: Ponecháno, neodstraněno!.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
Odinstaluj:
Crawler toolbar
Fix v HJT:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Crawler toolbar
Fix v HJT:
Kód: Vybrat vše
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O13 - Gopher Prefix:Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1424
Windows 6.0.6001 Service Pack 1
26.11.2008 12:13:50
mbam-log-2008-11-26 (12-13-38).txt
Typ skenu: Rychlý sken
Objektu skenováno: 51742
Uplynulý cas: 4 minute(s), 11 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\Windows\logo1_.exe (Worm.Viking) -> No action taken.
C:\Windows\System32\systems.txt (Trojan.FakeAlert) -> No action taken.
Verze databáze: 1424
Windows 6.0.6001 Service Pack 1
26.11.2008 12:13:50
mbam-log-2008-11-26 (12-13-38).txt
Typ skenu: Rychlý sken
Objektu skenováno: 51742
Uplynulý cas: 4 minute(s), 11 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\Windows\logo1_.exe (Worm.Viking) -> No action taken.
C:\Windows\System32\systems.txt (Trojan.FakeAlert) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log .
Odinstaluj:
Crawler\Toolbar
Pokud máš 32bit. verzi windows vista:
Vypni rez. ochranu NOD32 a štít u ST.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log .
Odinstaluj:
Crawler\Toolbar
Pokud máš 32bit. verzi windows vista:
Vypni rez. ochranu NOD32 a štít u ST.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Malwarebytes' Anti-Malware 1.30
Database version: 1424
Windows 6.0.6001 Service Pack 1
26.11.2008 18:08:04
mbam-log-2008-11-26 (18-08-04).txt
Scan type: Quick Scan
Objects scanned: 49759
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Database version: 1424
Windows 6.0.6001 Service Pack 1
26.11.2008 18:08:04
mbam-log-2008-11-26 (18-08-04).txt
Scan type: Quick Scan
Objects scanned: 49759
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Re: prosim o kontrolu logu
ComboFix 08-11-26.03 - lukas 2008-11-26 18:34:41.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1237 [GMT 0:00]
Spuštěný z: c:\users\inet\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 13:23 . 2008-11-26 13:23 <DIR> d-------- c:\users\inet\AppData\Roaming\Malwarebytes
2008-11-26 13:22 . 2008-11-26 13:22 <DIR> d-------- c:\program files\ESET
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-26 12:07 . 2008-11-26 13:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 12:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 12:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-25 23:31 . 2007-11-22 06:44 201,320 --a------ c:\windows\System32\drivers\mfehidk.sys
2008-11-25 23:31 . 2007-11-22 06:44 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys
2008-11-25 23:31 . 2007-12-02 12:51 40,488 --a------ c:\windows\System32\drivers\mfesmfk.sys
2008-11-25 23:31 . 2007-11-22 06:44 35,240 --a------ c:\windows\System32\drivers\mfebopk.sys
2008-11-25 23:31 . 2007-11-22 06:44 33,832 --a------ c:\windows\System32\drivers\mferkdk.sys
2008-11-25 23:30 . 2008-11-25 23:52 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-25 23:30 . 2007-07-13 06:21 125,728 --a------ c:\windows\System32\drivers\Mpfp.sys
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\users\All Users\SiteAdvisor
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\programdata\SiteAdvisor
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\users\All Users\McAfee
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\programdata\McAfee
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\zts2.exe
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\System32\vcmgcd32.dll
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\System32\iifgfgf.dll
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\rundll16.exe
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\rundl132.dll
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\logo1_.exe
2008-11-25 22:18 . 2008-11-25 22:18 28 --a------ c:\windows\Lic.xxx
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\users\All Users\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\programdata\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-11-25 22:17 . 2008-11-25 22:17 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-11-25 22:17 . 2008-11-25 22:17 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-11-25 22:17 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-11-25 22:03 . 2008-11-25 22:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:28 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 19:28 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 19:28 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 19:28 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 19:28 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 21:35 . 2008-11-24 21:35 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\users\All Users\Nokia
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\programdata\Nokia
2008-11-24 21:23 . 2008-11-24 21:23 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-24 20:37 . 2008-11-24 20:37 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-24 20:36 . 2008-11-24 20:36 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-24 13:56 . 2008-11-24 13:56 0 --a------ c:\windows\nsreg.dat
2008-11-24 12:20 . 2008-11-24 15:46 <DIR> d-------- c:\users\inet\AppData\Roaming\LangSoft
2008-11-24 12:13 . 2008-11-24 12:13 2,686 --a------ c:\windows\TRNCOM.INI
2008-11-24 12:12 . 2008-11-24 12:12 34 --a------ c:\windows\WTRDCTM.INI
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\users\All Users\LangSoft
2008-11-24 12:11 . 2008-11-24 12:21 <DIR> d-------- C:\TRANSLAT
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\programdata\LangSoft
2008-11-24 12:10 . 2008-11-24 12:13 <DIR> d-------- c:\users\lukas\AppData\Roaming\LangSoft
2008-11-24 09:42 . 2008-11-24 09:42 <DIR> d-------- c:\users\lukas\Program Files
2008-11-23 23:38 . 2008-11-23 23:38 69 --a------ c:\windows\NeroDigital.ini
2008-11-23 23:37 . 2008-11-24 01:26 <DIR> d-------- c:\program files\The KMPlayer
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\users\All Users\vsosdk
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\programdata\vsosdk
2008-11-21 22:55 . 2008-11-24 22:02 <DIR> d-------- c:\users\inet\AppData\Roaming\Spyware Terminator
2008-11-20 23:50 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-20 23:50 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-20 23:50 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-20 23:50 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-20 23:50 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-20 16:08 . 2008-11-20 16:08 <DIR> d-------- c:\users\inet\AppData\Roaming\Intel
2008-11-20 15:57 . 2008-11-20 15:57 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-20 13:58 . 2008-11-20 13:58 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ Toolbar
2008-11-19 16:12 . 2008-11-19 16:14 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-11-19 16:11 . 2008-11-19 16:14 <DIR> d-------- c:\program files\ICQ6
2008-11-19 16:10 . 2008-11-19 16:10 <DIR> d-------- c:\program files\VSO
2008-11-19 16:10 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-19 16:10 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-11-19 16:10 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-11-19 16:10 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-11-19 16:10 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-11-19 16:10 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-11-19 16:10 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-11-19 16:00 . 2008-11-23 11:34 <DIR> d-------- c:\users\inet\AppData\Roaming\Vso
2008-11-19 16:00 . 2008-11-19 16:00 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-11-19 16:00 . 2008-11-19 16:10 47,360 --a------ c:\users\inet\AppData\Roaming\pcouffin.sys
2008-11-19 13:24 . 2008-11-19 13:25 <DIR> d-------- c:\users\All Users\Adobe
2008-11-19 13:24 . 2008-11-19 13:24 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-19 09:27 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 09:27 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 09:27 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 09:27 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 09:26 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 09:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 09:26 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 09:26 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 09:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 16:41 . 2008-11-18 16:42 <DIR> d-------- c:\program files\IrfanView
2008-11-18 12:03 . 2008-11-18 12:03 <DIR> d-------- c:\users\inet\AppData\Roaming\DivX
2008-11-18 11:28 . 2008-11-18 11:28 <DIR> d-------- c:\program files\CCleaner
2008-11-18 08:56 . 2008-11-18 08:56 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-18 08:56 . 2008-11-24 20:47 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-17 19:30 . 2008-11-17 19:30 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-17 19:28 . 2008-11-24 14:42 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-11-17 19:28 . 2008-11-20 13:36 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\programdata\PC Suite
2008-11-17 19:15 . 2008-11-17 19:15 <DIR> d-------- c:\program files\DIFX
2008-11-17 19:15 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-17 19:14 . 2008-11-17 19:15 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-17 19:13 . 2008-11-17 19:13 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\users\All Users\Installations
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\programdata\Installations
2008-11-17 19:11 . 2008-11-24 20:50 <DIR> d-------- c:\program files\Nokia
2008-11-17 19:11 . 2008-09-15 08:56 91,136 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-17 12:38 . 2008-11-25 23:06 <DIR> d-------- c:\program files\DivX
2008-11-16 19:10 . 2004-11-28 21:09 679,936 --a------ c:\windows\xvidcore.dll
2008-11-16 16:31 . 2008-11-16 16:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple
2008-11-16 16:30 . 2008-11-16 16:31 <DIR> d-------- c:\program files\QuickTime
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\program files\Apple Software Update
2008-11-15 23:48 . 2008-11-15 23:48 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-15 23:35 . 2008-11-15 23:35 <DIR> d-------- c:\users\inet\AppData\Roaming\Media Player Classic
2008-11-15 10:22 . 2008-11-16 08:41 <DIR> d-------- c:\users\inet\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\lukas\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\All Users\WEBREG
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\programdata\WEBREG
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 06:17 --------- d-----w c:\program files\Windows Mail
2008-11-13 23:49 174 --sha-w c:\program files\desktop.ini
2008-11-13 23:42 --------- d-----w c:\program files\Windows Sidebar
2008-11-13 23:42 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-13 23:42 --------- d-----w c:\program files\Windows Journal
2008-11-13 23:42 --------- d-----w c:\program files\Windows Defender
2008-11-13 23:42 --------- d-----w c:\program files\Windows Collaboration
2008-11-13 23:42 --------- d-----w c:\program files\Windows Calendar
2008-11-13 23:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-13 23:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-13 14:55 --------- d-sh--w c:\programdata\Plocha
2008-11-13 14:55 --------- d-sh--w c:\programdata\Oblíbené položky
2008-11-13 14:55 --------- d-sh--w c:\programdata\Šablony
2008-11-13 14:55 --------- d-sh--w c:\programdata\Nabídka Start
2008-11-13 14:55 --------- d-sh--w c:\programdata\Dokumenty
2008-11-13 14:55 --------- d-sh--w c:\programdata\Data aplikací
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-15 08:56 659,968 ----a-w c:\windows\System32\nmwcdcocls.dll
2008-09-15 08:29 1,112,288 ----a-w c:\windows\System32\wdfcoinstaller01007.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\lukas\Program Files\DNA\btdna.exe" [2008-11-24 342336]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-04 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B39ABB1-D309-4B7F-A49D-EA1B0DB46417}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25A61BB0-3141-4D96-A2E6-C4F42EE6E992}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{635E19C3-F34B-4DD0-8454-3715A2B08BC0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{6BF82CD5-4DFB-48B1-A577-76A1D6A59337}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{15E25E5E-A8D5-46EC-9651-586FCBE94EE2}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{C9CEE599-F98E-4455-A5CA-2386BACE2403}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0D85FCFC-F0A4-4CF1-AB5F-1D3D3768B64C}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{1C7B4732-A31F-4F2F-83F4-3672E1C8EA21}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"TCP Query User{CC617BD0-8FB7-426B-9242-E5CEE8A062EC}c:\\users\\lukas\\program files\\dna\\btdna.exe"= UDP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9E6D740E-3987-49F6-AF9B-2C880B492F82}c:\\users\\lukas\\program files\\dna\\btdna.exe"= TCP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{E35D6D28-1CF5-4B7F-B5E6-C6FF2E9727EC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E31DB95F-6E3D-41BA-9E1B-398A1EDB41E2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{C94727C6-F7AC-4139-801D-8B31D8BD7A78}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{A47F4D76-B318-448A-B2EA-3039D76E8170}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-11-13 72192]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-11-13 24576]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-11-13 1324544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\2asa3a92.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\users\lukas\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 18:36:03
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-26 18:37:11
ComboFix-quarantined-files.txt 2008-11-26 18:37:09
ComboFix2.txt 2008-11-26 18:31:50
ComboFix3.txt 2008-11-26 18:19:48
Před spuštěním: Volných bajtů: 34 536 554 496
Po spuštění: Volných bajtů: 34,505,527,296
231 --- E O F --- 2008-11-25 23:41:41
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1237 [GMT 0:00]
Spuštěný z: c:\users\inet\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 13:23 . 2008-11-26 13:23 <DIR> d-------- c:\users\inet\AppData\Roaming\Malwarebytes
2008-11-26 13:22 . 2008-11-26 13:22 <DIR> d-------- c:\program files\ESET
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-26 12:07 . 2008-11-26 13:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 12:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 12:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-25 23:31 . 2007-11-22 06:44 201,320 --a------ c:\windows\System32\drivers\mfehidk.sys
2008-11-25 23:31 . 2007-11-22 06:44 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys
2008-11-25 23:31 . 2007-12-02 12:51 40,488 --a------ c:\windows\System32\drivers\mfesmfk.sys
2008-11-25 23:31 . 2007-11-22 06:44 35,240 --a------ c:\windows\System32\drivers\mfebopk.sys
2008-11-25 23:31 . 2007-11-22 06:44 33,832 --a------ c:\windows\System32\drivers\mferkdk.sys
2008-11-25 23:30 . 2008-11-25 23:52 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-25 23:30 . 2007-07-13 06:21 125,728 --a------ c:\windows\System32\drivers\Mpfp.sys
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\users\All Users\SiteAdvisor
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\programdata\SiteAdvisor
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\users\All Users\McAfee
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\programdata\McAfee
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\zts2.exe
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\System32\vcmgcd32.dll
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\System32\iifgfgf.dll
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\rundll16.exe
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\rundl132.dll
2008-11-25 22:21 . 2008-11-25 22:21 <DIR> d-a------ c:\windows\logo1_.exe
2008-11-25 22:18 . 2008-11-25 22:18 28 --a------ c:\windows\Lic.xxx
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\users\All Users\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\programdata\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-11-25 22:17 . 2008-11-25 22:17 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-11-25 22:17 . 2008-11-25 22:17 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-11-25 22:17 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-11-25 22:03 . 2008-11-25 22:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:28 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 19:28 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 19:28 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 19:28 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 19:28 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 21:35 . 2008-11-24 21:35 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\users\All Users\Nokia
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\programdata\Nokia
2008-11-24 21:23 . 2008-11-24 21:23 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-24 20:37 . 2008-11-24 20:37 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-24 20:36 . 2008-11-24 20:36 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-24 13:56 . 2008-11-24 13:56 0 --a------ c:\windows\nsreg.dat
2008-11-24 12:20 . 2008-11-24 15:46 <DIR> d-------- c:\users\inet\AppData\Roaming\LangSoft
2008-11-24 12:13 . 2008-11-24 12:13 2,686 --a------ c:\windows\TRNCOM.INI
2008-11-24 12:12 . 2008-11-24 12:12 34 --a------ c:\windows\WTRDCTM.INI
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\users\All Users\LangSoft
2008-11-24 12:11 . 2008-11-24 12:21 <DIR> d-------- C:\TRANSLAT
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\programdata\LangSoft
2008-11-24 12:10 . 2008-11-24 12:13 <DIR> d-------- c:\users\lukas\AppData\Roaming\LangSoft
2008-11-24 09:42 . 2008-11-24 09:42 <DIR> d-------- c:\users\lukas\Program Files
2008-11-23 23:38 . 2008-11-23 23:38 69 --a------ c:\windows\NeroDigital.ini
2008-11-23 23:37 . 2008-11-24 01:26 <DIR> d-------- c:\program files\The KMPlayer
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\users\All Users\vsosdk
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\programdata\vsosdk
2008-11-21 22:55 . 2008-11-24 22:02 <DIR> d-------- c:\users\inet\AppData\Roaming\Spyware Terminator
2008-11-20 23:50 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-20 23:50 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-20 23:50 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-20 23:50 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-20 23:50 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-20 16:08 . 2008-11-20 16:08 <DIR> d-------- c:\users\inet\AppData\Roaming\Intel
2008-11-20 15:57 . 2008-11-20 15:57 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-20 13:58 . 2008-11-20 13:58 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ Toolbar
2008-11-19 16:12 . 2008-11-19 16:14 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-11-19 16:11 . 2008-11-19 16:14 <DIR> d-------- c:\program files\ICQ6
2008-11-19 16:10 . 2008-11-19 16:10 <DIR> d-------- c:\program files\VSO
2008-11-19 16:10 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-19 16:10 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-11-19 16:10 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-11-19 16:10 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-11-19 16:10 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-11-19 16:10 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-11-19 16:10 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-11-19 16:00 . 2008-11-23 11:34 <DIR> d-------- c:\users\inet\AppData\Roaming\Vso
2008-11-19 16:00 . 2008-11-19 16:00 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-11-19 16:00 . 2008-11-19 16:10 47,360 --a------ c:\users\inet\AppData\Roaming\pcouffin.sys
2008-11-19 13:24 . 2008-11-19 13:25 <DIR> d-------- c:\users\All Users\Adobe
2008-11-19 13:24 . 2008-11-19 13:24 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-19 09:27 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 09:27 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 09:27 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 09:27 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 09:26 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 09:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 09:26 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 09:26 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 09:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 16:41 . 2008-11-18 16:42 <DIR> d-------- c:\program files\IrfanView
2008-11-18 12:03 . 2008-11-18 12:03 <DIR> d-------- c:\users\inet\AppData\Roaming\DivX
2008-11-18 11:28 . 2008-11-18 11:28 <DIR> d-------- c:\program files\CCleaner
2008-11-18 08:56 . 2008-11-18 08:56 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-18 08:56 . 2008-11-24 20:47 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-17 19:30 . 2008-11-17 19:30 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-17 19:28 . 2008-11-24 14:42 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-11-17 19:28 . 2008-11-20 13:36 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\programdata\PC Suite
2008-11-17 19:15 . 2008-11-17 19:15 <DIR> d-------- c:\program files\DIFX
2008-11-17 19:15 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-17 19:14 . 2008-11-17 19:15 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-17 19:13 . 2008-11-17 19:13 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\users\All Users\Installations
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\programdata\Installations
2008-11-17 19:11 . 2008-11-24 20:50 <DIR> d-------- c:\program files\Nokia
2008-11-17 19:11 . 2008-09-15 08:56 91,136 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-17 12:38 . 2008-11-25 23:06 <DIR> d-------- c:\program files\DivX
2008-11-16 19:10 . 2004-11-28 21:09 679,936 --a------ c:\windows\xvidcore.dll
2008-11-16 16:31 . 2008-11-16 16:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple
2008-11-16 16:30 . 2008-11-16 16:31 <DIR> d-------- c:\program files\QuickTime
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\program files\Apple Software Update
2008-11-15 23:48 . 2008-11-15 23:48 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-15 23:35 . 2008-11-15 23:35 <DIR> d-------- c:\users\inet\AppData\Roaming\Media Player Classic
2008-11-15 10:22 . 2008-11-16 08:41 <DIR> d-------- c:\users\inet\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\lukas\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\All Users\WEBREG
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\programdata\WEBREG
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 06:17 --------- d-----w c:\program files\Windows Mail
2008-11-13 23:49 174 --sha-w c:\program files\desktop.ini
2008-11-13 23:42 --------- d-----w c:\program files\Windows Sidebar
2008-11-13 23:42 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-13 23:42 --------- d-----w c:\program files\Windows Journal
2008-11-13 23:42 --------- d-----w c:\program files\Windows Defender
2008-11-13 23:42 --------- d-----w c:\program files\Windows Collaboration
2008-11-13 23:42 --------- d-----w c:\program files\Windows Calendar
2008-11-13 23:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-13 23:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-13 14:55 --------- d-sh--w c:\programdata\Plocha
2008-11-13 14:55 --------- d-sh--w c:\programdata\Oblíbené položky
2008-11-13 14:55 --------- d-sh--w c:\programdata\Šablony
2008-11-13 14:55 --------- d-sh--w c:\programdata\Nabídka Start
2008-11-13 14:55 --------- d-sh--w c:\programdata\Dokumenty
2008-11-13 14:55 --------- d-sh--w c:\programdata\Data aplikací
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-15 08:56 659,968 ----a-w c:\windows\System32\nmwcdcocls.dll
2008-09-15 08:29 1,112,288 ----a-w c:\windows\System32\wdfcoinstaller01007.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\lukas\Program Files\DNA\btdna.exe" [2008-11-24 342336]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-04 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B39ABB1-D309-4B7F-A49D-EA1B0DB46417}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25A61BB0-3141-4D96-A2E6-C4F42EE6E992}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{635E19C3-F34B-4DD0-8454-3715A2B08BC0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{6BF82CD5-4DFB-48B1-A577-76A1D6A59337}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{15E25E5E-A8D5-46EC-9651-586FCBE94EE2}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{C9CEE599-F98E-4455-A5CA-2386BACE2403}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0D85FCFC-F0A4-4CF1-AB5F-1D3D3768B64C}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{1C7B4732-A31F-4F2F-83F4-3672E1C8EA21}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"TCP Query User{CC617BD0-8FB7-426B-9242-E5CEE8A062EC}c:\\users\\lukas\\program files\\dna\\btdna.exe"= UDP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9E6D740E-3987-49F6-AF9B-2C880B492F82}c:\\users\\lukas\\program files\\dna\\btdna.exe"= TCP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{E35D6D28-1CF5-4B7F-B5E6-C6FF2E9727EC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E31DB95F-6E3D-41BA-9E1B-398A1EDB41E2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{C94727C6-F7AC-4139-801D-8B31D8BD7A78}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{A47F4D76-B318-448A-B2EA-3039D76E8170}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-11-13 72192]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-11-13 24576]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-11-13 1324544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\2asa3a92.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\users\lukas\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 18:36:03
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-26 18:37:11
ComboFix-quarantined-files.txt 2008-11-26 18:37:09
ComboFix2.txt 2008-11-26 18:31:50
ComboFix3.txt 2008-11-26 18:19:48
Před spuštěním: Volných bajtů: 34 536 554 496
Po spuštění: Volných bajtů: 34,505,527,296
231 --- E O F --- 2008-11-25 23:41:41
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Folder::
c:\windows\zts2.exe
c:\windows\System32\vcmgcd32.dll
c:\windows\System32\iifgfgf.dll
c:\windows\rundll16.exe
c:\windows\rundl132.dll
c:\windows\logo1_.exe
File::
c:\windows\Lic.xxx
c:\windows\nsreg.dat
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu
zapomel jsem vypnout Nod tak doufam ze to nevadi
ComboFix 08-11-26.03 - lukas 2008-11-26 19:44:36.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1321 [GMT 0:00]
Spuštěný z: c:\users\inet\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lukas\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\Lic.xxx
c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Lic.xxx
c:\windows\logo1_.exe
c:\windows\nsreg.dat
c:\windows\rundl132.dll
c:\windows\rundll16.exe
c:\windows\System32\iifgfgf.dll
c:\windows\System32\vcmgcd32.dll
c:\windows\zts2.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 19:43 . 2008-11-26 19:43 <DIR> d-------- C:\32788R22FWJFW
2008-11-26 13:23 . 2008-11-26 13:23 <DIR> d-------- c:\users\inet\AppData\Roaming\Malwarebytes
2008-11-26 13:22 . 2008-11-26 13:22 <DIR> d-------- c:\program files\ESET
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-26 12:07 . 2008-11-26 13:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 12:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 12:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-25 23:31 . 2007-11-22 06:44 201,320 --a------ c:\windows\System32\drivers\mfehidk.sys
2008-11-25 23:31 . 2007-11-22 06:44 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys
2008-11-25 23:31 . 2007-12-02 12:51 40,488 --a------ c:\windows\System32\drivers\mfesmfk.sys
2008-11-25 23:31 . 2007-11-22 06:44 35,240 --a------ c:\windows\System32\drivers\mfebopk.sys
2008-11-25 23:31 . 2007-11-22 06:44 33,832 --a------ c:\windows\System32\drivers\mferkdk.sys
2008-11-25 23:30 . 2008-11-25 23:52 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-25 23:30 . 2007-07-13 06:21 125,728 --a------ c:\windows\System32\drivers\Mpfp.sys
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\users\All Users\SiteAdvisor
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\programdata\SiteAdvisor
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\users\All Users\McAfee
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\programdata\McAfee
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\users\All Users\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\programdata\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-11-25 22:17 . 2008-11-25 22:17 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-11-25 22:17 . 2008-11-25 22:17 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-11-25 22:17 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-11-25 22:03 . 2008-11-25 22:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:28 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 19:28 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 19:28 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 19:28 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 19:28 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 21:35 . 2008-11-24 21:35 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\users\All Users\Nokia
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\programdata\Nokia
2008-11-24 21:23 . 2008-11-24 21:23 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-24 20:37 . 2008-11-24 20:37 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-24 20:36 . 2008-11-24 20:36 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-24 12:20 . 2008-11-24 15:46 <DIR> d-------- c:\users\inet\AppData\Roaming\LangSoft
2008-11-24 12:13 . 2008-11-24 12:13 2,686 --a------ c:\windows\TRNCOM.INI
2008-11-24 12:12 . 2008-11-24 12:12 34 --a------ c:\windows\WTRDCTM.INI
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\users\All Users\LangSoft
2008-11-24 12:11 . 2008-11-24 12:21 <DIR> d-------- C:\TRANSLAT
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\programdata\LangSoft
2008-11-24 12:10 . 2008-11-24 12:13 <DIR> d-------- c:\users\lukas\AppData\Roaming\LangSoft
2008-11-24 09:42 . 2008-11-24 09:42 <DIR> d-------- c:\users\lukas\Program Files
2008-11-23 23:38 . 2008-11-23 23:38 69 --a------ c:\windows\NeroDigital.ini
2008-11-23 23:37 . 2008-11-24 01:26 <DIR> d-------- c:\program files\The KMPlayer
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\users\All Users\vsosdk
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\programdata\vsosdk
2008-11-21 22:55 . 2008-11-24 22:02 <DIR> d-------- c:\users\inet\AppData\Roaming\Spyware Terminator
2008-11-20 23:50 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-20 23:50 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-20 23:50 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-20 23:50 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-20 23:50 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-20 16:08 . 2008-11-20 16:08 <DIR> d-------- c:\users\inet\AppData\Roaming\Intel
2008-11-20 15:57 . 2008-11-20 15:57 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-20 13:58 . 2008-11-20 13:58 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ Toolbar
2008-11-19 16:12 . 2008-11-19 16:14 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-11-19 16:11 . 2008-11-19 16:14 <DIR> d-------- c:\program files\ICQ6
2008-11-19 16:10 . 2008-11-19 16:10 <DIR> d-------- c:\program files\VSO
2008-11-19 16:10 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-19 16:10 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-11-19 16:10 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-11-19 16:10 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-11-19 16:10 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-11-19 16:10 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-11-19 16:10 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-11-19 16:00 . 2008-11-23 11:34 <DIR> d-------- c:\users\inet\AppData\Roaming\Vso
2008-11-19 16:00 . 2008-11-19 16:00 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-11-19 16:00 . 2008-11-19 16:10 47,360 --a------ c:\users\inet\AppData\Roaming\pcouffin.sys
2008-11-19 13:24 . 2008-11-19 13:25 <DIR> d-------- c:\users\All Users\Adobe
2008-11-19 13:24 . 2008-11-19 13:24 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-19 09:27 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 09:27 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 09:27 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 09:27 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 09:26 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 09:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 09:26 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 09:26 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 09:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 16:41 . 2008-11-18 16:42 <DIR> d-------- c:\program files\IrfanView
2008-11-18 12:03 . 2008-11-18 12:03 <DIR> d-------- c:\users\inet\AppData\Roaming\DivX
2008-11-18 11:28 . 2008-11-18 11:28 <DIR> d-------- c:\program files\CCleaner
2008-11-18 08:56 . 2008-11-18 08:56 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-18 08:56 . 2008-11-24 20:47 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-17 19:30 . 2008-11-17 19:30 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-17 19:28 . 2008-11-24 14:42 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-11-17 19:28 . 2008-11-20 13:36 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\programdata\PC Suite
2008-11-17 19:15 . 2008-11-17 19:15 <DIR> d-------- c:\program files\DIFX
2008-11-17 19:15 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-17 19:14 . 2008-11-17 19:15 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-17 19:13 . 2008-11-17 19:13 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\users\All Users\Installations
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\programdata\Installations
2008-11-17 19:11 . 2008-11-24 20:50 <DIR> d-------- c:\program files\Nokia
2008-11-17 19:11 . 2008-09-15 08:56 91,136 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-17 12:38 . 2008-11-25 23:06 <DIR> d-------- c:\program files\DivX
2008-11-16 19:10 . 2004-11-28 21:09 679,936 --a------ c:\windows\xvidcore.dll
2008-11-16 16:31 . 2008-11-16 16:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple
2008-11-16 16:30 . 2008-11-16 16:31 <DIR> d-------- c:\program files\QuickTime
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\program files\Apple Software Update
2008-11-15 23:48 . 2008-11-15 23:48 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-15 23:35 . 2008-11-15 23:35 <DIR> d-------- c:\users\inet\AppData\Roaming\Media Player Classic
2008-11-15 10:22 . 2008-11-16 08:41 <DIR> d-------- c:\users\inet\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\lukas\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\All Users\WEBREG
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\programdata\WEBREG
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Common Files\HP
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-14 22:35 . 2008-11-14 22:39 <DIR> d-------- c:\program files\HP
2008-11-14 22:32 . 2008-11-14 22:39 <DIR> d-------- c:\users\All Users\HP
2008-11-14 22:32 . 2008-11-14 22:39 <DIR> d-------- c:\programdata\HP
2008-11-14 22:32 . 2008-11-14 22:41 162,712 --a------ c:\windows\hpoins19.dat
2008-11-14 22:31 . 2006-12-16 06:19 573,440 --a------ c:\windows\System32\hpotscl1.dll
2008-11-14 22:31 . 2006-12-16 06:19 303,104 --a------ c:\windows\System32\hpovst01.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 06:17 --------- d-----w c:\program files\Windows Mail
2008-11-13 23:49 174 --sha-w c:\program files\desktop.ini
2008-11-13 23:42 --------- d-----w c:\program files\Windows Sidebar
2008-11-13 23:42 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-13 23:42 --------- d-----w c:\program files\Windows Journal
2008-11-13 23:42 --------- d-----w c:\program files\Windows Defender
2008-11-13 23:42 --------- d-----w c:\program files\Windows Collaboration
2008-11-13 23:42 --------- d-----w c:\program files\Windows Calendar
2008-11-13 23:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-13 23:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-13 14:55 --------- d-sh--w c:\programdata\Plocha
2008-11-13 14:55 --------- d-sh--w c:\programdata\Oblíbené položky
2008-11-13 14:55 --------- d-sh--w c:\programdata\Šablony
2008-11-13 14:55 --------- d-sh--w c:\programdata\Nabídka Start
2008-11-13 14:55 --------- d-sh--w c:\programdata\Dokumenty
2008-11-13 14:55 --------- d-sh--w c:\programdata\Data aplikací
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-15 08:56 659,968 ----a-w c:\windows\System32\nmwcdcocls.dll
2008-09-15 08:29 1,112,288 ----a-w c:\windows\System32\wdfcoinstaller01007.dll
.
((((((((((((((((((((((((((((( snapshot_st 26.11.2008_18.30.58,64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-26 18:22:48 2,484 ----a-w c:\windows\bthservsdp.dat
+ 2008-11-26 18:38:52 2,484 ----a-w c:\windows\bthservsdp.dat
- 2008-11-26 18:23:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-26 18:39:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-26 18:23:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-26 18:39:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-26 18:25:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-26 18:41:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-26 18:41:00 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-26 18:25:21 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-26 18:41:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-26 18:41:05 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-26 18:30:30 115,014 ----a-w c:\windows\System32\perfc005.dat
+ 2008-11-26 18:45:50 115,014 ----a-w c:\windows\System32\perfc005.dat
- 2008-11-26 18:30:30 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-26 18:45:50 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-26 18:30:30 598,838 ----a-w c:\windows\System32\perfh005.dat
+ 2008-11-26 18:45:50 598,838 ----a-w c:\windows\System32\perfh005.dat
- 2008-11-26 18:30:30 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-26 18:45:50 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-24 09:43:45 3,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2467396273-3757462575-1830845928-1000_UserData.bin
+ 2008-11-26 18:41:26 3,532 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2467396273-3757462575-1830845928-1000_UserData.bin
- 2008-11-26 18:25:34 59,536 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 18:41:26 59,608 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-26 18:25:32 35,252 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 18:41:23 35,300 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\lukas\Program Files\DNA\btdna.exe" [2008-11-24 342336]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-04 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B39ABB1-D309-4B7F-A49D-EA1B0DB46417}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25A61BB0-3141-4D96-A2E6-C4F42EE6E992}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{635E19C3-F34B-4DD0-8454-3715A2B08BC0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{6BF82CD5-4DFB-48B1-A577-76A1D6A59337}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{15E25E5E-A8D5-46EC-9651-586FCBE94EE2}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{C9CEE599-F98E-4455-A5CA-2386BACE2403}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0D85FCFC-F0A4-4CF1-AB5F-1D3D3768B64C}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{1C7B4732-A31F-4F2F-83F4-3672E1C8EA21}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"TCP Query User{CC617BD0-8FB7-426B-9242-E5CEE8A062EC}c:\\users\\lukas\\program files\\dna\\btdna.exe"= UDP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9E6D740E-3987-49F6-AF9B-2C880B492F82}c:\\users\\lukas\\program files\\dna\\btdna.exe"= TCP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{E35D6D28-1CF5-4B7F-B5E6-C6FF2E9727EC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E31DB95F-6E3D-41BA-9E1B-398A1EDB41E2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{C94727C6-F7AC-4139-801D-8B31D8BD7A78}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{A47F4D76-B318-448A-B2EA-3039D76E8170}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-11-13 72192]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-11-13 24576]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-26 38496]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-11-13 1324544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - MBAMSWISSARMY
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 19:46:30
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-26 19:47:45
ComboFix-quarantined-files.txt 2008-11-26 19:47:43
ComboFix2.txt 2008-11-26 18:37:12
ComboFix3.txt 2008-11-26 18:31:50
ComboFix4.txt 2008-11-26 18:19:48
Před spuštěním: Volných bajtů: 34 471 862 272
Po spuštění: Volných bajtů: 34,339,172,352
272 --- E O F --- 2008-11-25 23:41:41
ComboFix 08-11-26.03 - lukas 2008-11-26 19:44:36.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1321 [GMT 0:00]
Spuštěný z: c:\users\inet\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lukas\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\Lic.xxx
c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Lic.xxx
c:\windows\logo1_.exe
c:\windows\nsreg.dat
c:\windows\rundl132.dll
c:\windows\rundll16.exe
c:\windows\System32\iifgfgf.dll
c:\windows\System32\vcmgcd32.dll
c:\windows\zts2.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 19:43 . 2008-11-26 19:43 <DIR> d-------- C:\32788R22FWJFW
2008-11-26 13:23 . 2008-11-26 13:23 <DIR> d-------- c:\users\inet\AppData\Roaming\Malwarebytes
2008-11-26 13:22 . 2008-11-26 13:22 <DIR> d-------- c:\program files\ESET
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\lukas\AppData\Roaming\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-26 12:07 . 2008-11-26 12:07 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-26 12:07 . 2008-11-26 13:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 12:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 12:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-25 23:31 . 2007-11-22 06:44 201,320 --a------ c:\windows\System32\drivers\mfehidk.sys
2008-11-25 23:31 . 2007-11-22 06:44 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys
2008-11-25 23:31 . 2007-12-02 12:51 40,488 --a------ c:\windows\System32\drivers\mfesmfk.sys
2008-11-25 23:31 . 2007-11-22 06:44 35,240 --a------ c:\windows\System32\drivers\mfebopk.sys
2008-11-25 23:31 . 2007-11-22 06:44 33,832 --a------ c:\windows\System32\drivers\mferkdk.sys
2008-11-25 23:30 . 2008-11-25 23:52 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-25 23:30 . 2007-07-13 06:21 125,728 --a------ c:\windows\System32\drivers\Mpfp.sys
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\users\All Users\SiteAdvisor
2008-11-25 23:10 . 2008-11-25 23:10 <DIR> d-------- c:\programdata\SiteAdvisor
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\users\All Users\McAfee
2008-11-25 22:59 . 2008-11-25 23:53 <DIR> d-------- c:\programdata\McAfee
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\users\All Users\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 <DIR> d-------- c:\programdata\MicroWorld
2008-11-25 22:17 . 2008-11-25 22:17 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-11-25 22:17 . 2008-11-25 22:17 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-11-25 22:17 . 2008-11-25 22:17 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-11-25 22:17 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-11-25 22:03 . 2008-11-25 22:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:28 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 19:28 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 19:28 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 19:28 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 19:28 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 21:35 . 2008-11-24 21:35 <DIR> d-------- c:\users\lukas\AppData\Roaming\PC Suite
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\users\All Users\Nokia
2008-11-24 21:27 . 2008-11-24 21:27 <DIR> d-------- c:\programdata\Nokia
2008-11-24 21:23 . 2008-11-24 21:23 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-24 20:37 . 2008-11-24 20:37 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-24 20:36 . 2008-11-24 20:36 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-24 12:20 . 2008-11-24 15:46 <DIR> d-------- c:\users\inet\AppData\Roaming\LangSoft
2008-11-24 12:13 . 2008-11-24 12:13 2,686 --a------ c:\windows\TRNCOM.INI
2008-11-24 12:12 . 2008-11-24 12:12 34 --a------ c:\windows\WTRDCTM.INI
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\users\All Users\LangSoft
2008-11-24 12:11 . 2008-11-24 12:21 <DIR> d-------- C:\TRANSLAT
2008-11-24 12:11 . 2008-11-24 12:13 <DIR> d-------- c:\programdata\LangSoft
2008-11-24 12:10 . 2008-11-24 12:13 <DIR> d-------- c:\users\lukas\AppData\Roaming\LangSoft
2008-11-24 09:42 . 2008-11-24 09:42 <DIR> d-------- c:\users\lukas\Program Files
2008-11-23 23:38 . 2008-11-23 23:38 69 --a------ c:\windows\NeroDigital.ini
2008-11-23 23:37 . 2008-11-24 01:26 <DIR> d-------- c:\program files\The KMPlayer
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\users\All Users\vsosdk
2008-11-23 11:10 . 2008-11-23 11:10 <DIR> d-------- c:\programdata\vsosdk
2008-11-21 22:55 . 2008-11-24 22:02 <DIR> d-------- c:\users\inet\AppData\Roaming\Spyware Terminator
2008-11-20 23:50 . 2008-05-10 03:35 885,248 --a------ c:\windows\System32\RacEngn.dll
2008-11-20 23:50 . 2008-09-03 03:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-20 23:50 . 2008-09-03 03:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-20 23:50 . 2008-05-09 22:22 9,127 --a------ c:\windows\System32\RacUR.xml
2008-11-20 23:50 . 2008-05-09 22:22 153 --a------ c:\windows\System32\RacUREx.xml
2008-11-20 16:08 . 2008-11-20 16:08 <DIR> d-------- c:\users\inet\AppData\Roaming\Intel
2008-11-20 15:57 . 2008-11-20 15:57 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-20 13:58 . 2008-11-20 13:58 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ Toolbar
2008-11-19 16:12 . 2008-11-19 16:14 <DIR> d-------- c:\users\inet\AppData\Roaming\ICQ
2008-11-19 16:11 . 2008-11-19 16:14 <DIR> d-------- c:\program files\ICQ6
2008-11-19 16:10 . 2008-11-19 16:10 <DIR> d-------- c:\program files\VSO
2008-11-19 16:10 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-19 16:10 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-11-19 16:10 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-11-19 16:10 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-11-19 16:10 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-11-19 16:10 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-11-19 16:10 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-11-19 16:00 . 2008-11-23 11:34 <DIR> d-------- c:\users\inet\AppData\Roaming\Vso
2008-11-19 16:00 . 2008-11-19 16:00 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-11-19 16:00 . 2008-11-19 16:10 47,360 --a------ c:\users\inet\AppData\Roaming\pcouffin.sys
2008-11-19 13:24 . 2008-11-19 13:25 <DIR> d-------- c:\users\All Users\Adobe
2008-11-19 13:24 . 2008-11-19 13:24 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-19 09:27 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 09:27 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 09:27 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 09:27 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 09:26 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 09:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 09:26 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 09:26 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 09:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-18 16:41 . 2008-11-18 16:42 <DIR> d-------- c:\program files\IrfanView
2008-11-18 12:03 . 2008-11-18 12:03 <DIR> d-------- c:\users\inet\AppData\Roaming\DivX
2008-11-18 11:28 . 2008-11-18 11:28 <DIR> d-------- c:\program files\CCleaner
2008-11-18 08:56 . 2008-11-18 08:56 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-18 08:56 . 2008-11-24 20:47 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-17 19:30 . 2008-11-17 19:30 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-17 19:28 . 2008-11-24 14:42 <DIR> d-------- c:\users\inet\AppData\Roaming\PC Suite
2008-11-17 19:28 . 2008-11-20 13:36 <DIR> d-------- c:\users\inet\AppData\Roaming\Nokia
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-17 19:28 . 2008-11-17 19:29 <DIR> d-------- c:\programdata\PC Suite
2008-11-17 19:15 . 2008-11-17 19:15 <DIR> d-------- c:\program files\DIFX
2008-11-17 19:15 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-17 19:14 . 2008-11-17 19:15 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-17 19:13 . 2008-11-17 19:13 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\users\All Users\Installations
2008-11-17 19:11 . 2008-11-24 20:47 <DIR> d-------- c:\programdata\Installations
2008-11-17 19:11 . 2008-11-24 20:50 <DIR> d-------- c:\program files\Nokia
2008-11-17 19:11 . 2008-09-15 08:56 91,136 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-17 12:38 . 2008-11-25 23:06 <DIR> d-------- c:\program files\DivX
2008-11-16 19:10 . 2004-11-28 21:09 679,936 --a------ c:\windows\xvidcore.dll
2008-11-16 16:31 . 2008-11-16 16:31 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\users\All Users\Apple
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple Computer
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\programdata\Apple
2008-11-16 16:30 . 2008-11-16 16:31 <DIR> d-------- c:\program files\QuickTime
2008-11-16 16:30 . 2008-11-16 16:30 <DIR> d-------- c:\program files\Apple Software Update
2008-11-15 23:48 . 2008-11-15 23:48 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-15 23:35 . 2008-11-15 23:35 <DIR> d-------- c:\users\inet\AppData\Roaming\Media Player Classic
2008-11-15 10:22 . 2008-11-16 08:41 <DIR> d-------- c:\users\inet\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\lukas\AppData\Roaming\HP
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\users\All Users\WEBREG
2008-11-14 22:41 . 2008-11-14 22:41 <DIR> d-------- c:\programdata\WEBREG
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Common Files\HP
2008-11-14 22:38 . 2008-11-14 22:38 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-14 22:35 . 2008-11-14 22:39 <DIR> d-------- c:\program files\HP
2008-11-14 22:32 . 2008-11-14 22:39 <DIR> d-------- c:\users\All Users\HP
2008-11-14 22:32 . 2008-11-14 22:39 <DIR> d-------- c:\programdata\HP
2008-11-14 22:32 . 2008-11-14 22:41 162,712 --a------ c:\windows\hpoins19.dat
2008-11-14 22:31 . 2006-12-16 06:19 573,440 --a------ c:\windows\System32\hpotscl1.dll
2008-11-14 22:31 . 2006-12-16 06:19 303,104 --a------ c:\windows\System32\hpovst01.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 06:17 --------- d-----w c:\program files\Windows Mail
2008-11-13 23:49 174 --sha-w c:\program files\desktop.ini
2008-11-13 23:42 --------- d-----w c:\program files\Windows Sidebar
2008-11-13 23:42 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-13 23:42 --------- d-----w c:\program files\Windows Journal
2008-11-13 23:42 --------- d-----w c:\program files\Windows Defender
2008-11-13 23:42 --------- d-----w c:\program files\Windows Collaboration
2008-11-13 23:42 --------- d-----w c:\program files\Windows Calendar
2008-11-13 23:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-13 23:29 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-13 14:55 --------- d-sh--w c:\programdata\Plocha
2008-11-13 14:55 --------- d-sh--w c:\programdata\Oblíbené položky
2008-11-13 14:55 --------- d-sh--w c:\programdata\Šablony
2008-11-13 14:55 --------- d-sh--w c:\programdata\Nabídka Start
2008-11-13 14:55 --------- d-sh--w c:\programdata\Dokumenty
2008-11-13 14:55 --------- d-sh--w c:\programdata\Data aplikací
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-15 08:56 659,968 ----a-w c:\windows\System32\nmwcdcocls.dll
2008-09-15 08:29 1,112,288 ----a-w c:\windows\System32\wdfcoinstaller01007.dll
.
((((((((((((((((((((((((((((( snapshot_st 26.11.2008_18.30.58,64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-26 18:22:48 2,484 ----a-w c:\windows\bthservsdp.dat
+ 2008-11-26 18:38:52 2,484 ----a-w c:\windows\bthservsdp.dat
- 2008-11-26 18:23:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-26 18:39:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-26 18:23:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-26 18:39:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-26 18:25:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-26 18:41:00 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-26 18:41:00 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-26 18:25:21 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-26 18:41:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-26 18:41:05 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-26 18:30:30 115,014 ----a-w c:\windows\System32\perfc005.dat
+ 2008-11-26 18:45:50 115,014 ----a-w c:\windows\System32\perfc005.dat
- 2008-11-26 18:30:30 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-26 18:45:50 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-26 18:30:30 598,838 ----a-w c:\windows\System32\perfh005.dat
+ 2008-11-26 18:45:50 598,838 ----a-w c:\windows\System32\perfh005.dat
- 2008-11-26 18:30:30 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-26 18:45:50 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-24 09:43:45 3,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2467396273-3757462575-1830845928-1000_UserData.bin
+ 2008-11-26 18:41:26 3,532 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2467396273-3757462575-1830845928-1000_UserData.bin
- 2008-11-26 18:25:34 59,536 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 18:41:26 59,608 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-26 18:25:32 35,252 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 18:41:23 35,300 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\lukas\Program Files\DNA\btdna.exe" [2008-11-24 342336]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-04 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B39ABB1-D309-4B7F-A49D-EA1B0DB46417}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{25A61BB0-3141-4D96-A2E6-C4F42EE6E992}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{635E19C3-F34B-4DD0-8454-3715A2B08BC0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{6BF82CD5-4DFB-48B1-A577-76A1D6A59337}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{15E25E5E-A8D5-46EC-9651-586FCBE94EE2}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{C9CEE599-F98E-4455-A5CA-2386BACE2403}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0D85FCFC-F0A4-4CF1-AB5F-1D3D3768B64C}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= UDP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"UDP Query User{1C7B4732-A31F-4F2F-83F4-3672E1C8EA21}c:\\users\\inet\\appdata\\local\\skype\\phone\\skype.exe"= TCP:c:\users\inet\appdata\local\skype\phone\skype.exe:skype.exe
"TCP Query User{CC617BD0-8FB7-426B-9242-E5CEE8A062EC}c:\\users\\lukas\\program files\\dna\\btdna.exe"= UDP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9E6D740E-3987-49F6-AF9B-2C880B492F82}c:\\users\\lukas\\program files\\dna\\btdna.exe"= TCP:c:\users\lukas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{E35D6D28-1CF5-4B7F-B5E6-C6FF2E9727EC}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E31DB95F-6E3D-41BA-9E1B-398A1EDB41E2}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{C94727C6-F7AC-4139-801D-8B31D8BD7A78}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{A47F4D76-B318-448A-B2EA-3039D76E8170}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-11-13 72192]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-11-13 24576]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-26 38496]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-11-13 1324544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - MBAMSWISSARMY
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 19:46:30
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-26 19:47:45
ComboFix-quarantined-files.txt 2008-11-26 19:47:43
ComboFix2.txt 2008-11-26 18:37:12
ComboFix3.txt 2008-11-26 18:31:50
ComboFix4.txt 2008-11-26 18:19:48
Před spuštěním: Volných bajtů: 34 471 862 272
Po spuštění: Volných bajtů: 34,339,172,352
272 --- E O F --- 2008-11-25 23:41:41
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu
Log O.K. Vlož sem ještě nový log z HJT.Podívám se zítra.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu
jeste da se nejak oddelat vse od McAfee nejak mi to hlasi chybu pri instalci nodu diky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:31, on 26.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lukas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (User 'inet')
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'inet')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... dcs-cz.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 7194 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:31, on 26.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lukas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (User 'inet')
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'inet')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... dcs-cz.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 7194 bytes
Re: prosim o kontrolu logu
jeste da se nejak oddelat vse od McAfee nejak mi to hlasi chybu pri instalci nodu diky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:31, on 26.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lukas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (User 'inet')
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'inet')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... dcs-cz.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 7194 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:31, on 26.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\lukas\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (User 'inet')
O4 - HKUS\S-1-5-21-2467396273-3757462575-1830845928-1001\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'inet')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... dcs-cz.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 7194 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 104 hostů