Prosim o kontrolu Hijack this

Erricco · Příspěvekod **Erricco** » 23 bře 2009 16:53

Dobrý deň

Prosím o kontrolu hijack this logu, nakolko mam podozrenie na trojana v PC

Vopred dakujem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:19, on 23. 3. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\MuchTV\tvrmvcr.exe
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Documents and Settings\Jozef\Jozef.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl8] "D:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Jozef] D:\Documents and Settings\Jozef\Jozef.exe /i
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MuchTV Remote.lnk = ?
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - D:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7543 bytes

Reklama

Příspěvekod **jaro3** » 23 bře 2009 17:38

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Erricco · Příspěvekod **Erricco** » 23 bře 2009 17:42

tak tu je ten log

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1888
Windows 5.1.2600 Service Pack 3

23. 3. 2009 17:35:33
mbam-log-2009-03-23 (17-35-24).txt

Typ skenu: Rychlý sken
Objektu skenováno: 65718
Uplynulý cas: 1 minute(s), 44 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 16

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\Typelib\{60af7e75-d08e-fef7-4ae6-aab98e03212d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
D:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> No action taken.
D:\WINDOWS\system32\6Kn1TC5i.exe.a_a (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> No action taken.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
D:\WINDOWS\Temp\BN3D.tmp (Trojan.Agent) -> No action taken.

Příspěvekod **jaro3** » 23 bře 2009 17:53

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32+deaktivuj Spybot.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Erricco · Příspěvekod **Erricco** » 23 bře 2009 17:59

Takže tu je ten log z Malwarebytes po premazaní

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1888
Windows 5.1.2600 Service Pack 3

23. 3. 2009 17:51:29
mbam-log-2009-03-23 (17-51-29).txt

Typ skenu: Rychlý sken
Objektu skenováno: 65701
Uplynulý cas: 44 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 16

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\Typelib\{60af7e75-d08e-fef7-4ae6-aab98e03212d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
D:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\6Kn1TC5i.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Jozef\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\BN3D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Erricco · Příspěvekod **Erricco** » 23 bře 2009 18:07

tu je log z combofix-u

ComboFix 09-03-22.01 - Jozef 2009-03-23 17:57:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2021.1456 [GMT 1:00]
Spuštěný z: d:\documents and settings\Jozef\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Jozef\Jozef.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-23 do 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-23 17:56 . 2009-03-23 17:56 61,440 --a------ d:\windows\system32\drivers\akcqar.sys
2009-03-23 17:32 . 2009-03-23 17:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-23 17:32 . 2009-03-23 17:32 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Malwarebytes
2009-03-23 17:32 . 2009-03-23 17:32 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-23 17:32 . 2009-02-11 10:19 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 17:32 . 2009-02-11 10:19 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-23 16:44 . 2009-03-23 16:44 <DIR> d-------- d:\program files\Trend Micro
2009-03-23 08:13 . 2009-03-23 08:13 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Ulead Systems
2009-03-22 21:44 . 2009-03-23 16:43 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-22 21:44 . 2009-03-22 21:56 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-22 21:00 . 2009-03-22 21:00 <DIR> dr------- d:\documents and settings\NetworkService\Oblíbené položky
2009-03-22 20:57 . 2004-10-11 18:21 372,736 -ra------ d:\windows\system32\LVUI2RC.dll
2009-03-22 20:57 . 2004-10-11 18:22 211,712 -ra------ d:\windows\system32\drivers\LV561AV.SYS
2009-03-22 20:57 . 2004-10-11 18:18 204,800 -ra------ d:\windows\system32\LVUI2.dll
2009-03-22 20:57 . 2004-10-11 18:16 204,800 -ra------ d:\windows\system32\lvcodec2.dll
2009-03-22 20:57 . 2004-10-11 18:14 106,496 -ra------ d:\windows\system32\lvcoinst.dll
2009-03-22 20:57 . 2004-10-11 18:18 22,016 -ra------ d:\windows\system32\drivers\LVUSBSta.sys
2009-03-22 20:57 . 2004-10-11 17:58 6,812 -ra------ d:\windows\system32\lvcoinst.ini
2009-03-22 20:56 . 2009-03-23 17:58 109 --a------ d:\windows\TSNV_I2C.INI
2009-03-22 20:41 . 2009-03-22 20:41 <DIR> d-------- d:\program files\Common Files\Logitech
2009-03-22 20:41 . 2004-12-14 19:16 53,248 -ra------ d:\windows\system32\InstMed.exe
2009-03-22 20:40 . 2009-03-22 20:40 <DIR> d-------- d:\program files\Logitech
2009-03-22 20:37 . 2008-04-13 22:16 85,248 --a------ d:\windows\system32\drivers\NABTSFEC.sys
2009-03-22 20:36 . 2009-03-22 20:36 <DIR> d-------- d:\windows\TVSETUP
2009-03-22 20:36 . 2003-03-07 07:00 24,000 -ra------ d:\windows\system32\drivers\PhTVTune.sys
2009-03-22 20:35 . 2003-12-11 11:15 626,960 -ra------ d:\windows\system32\hpvaut32.dll
2009-03-22 20:35 . 2003-12-11 11:15 487,424 -ra------ d:\windows\system32\hpvcp70.dll
2009-03-22 20:35 . 2003-12-11 11:15 344,064 -ra------ d:\windows\system32\hpvcr70.dll
2009-03-22 20:35 . 2003-12-11 11:15 44,544 -ra------ d:\windows\system32\MSXML4a.dll
2009-03-22 20:33 . 2009-03-22 20:33 <DIR> d-------- d:\program files\Common Files\Hewlett-Packard
2009-03-22 20:32 . 2009-03-22 20:37 85,288 --a------ d:\windows\hpgins01.dat
2009-03-22 20:32 . 2004-05-14 05:33 145 --------- d:\windows\hpgmdl01.dat
2009-03-22 20:16 . 2009-03-22 20:49 <DIR> d-------- d:\program files\SureThing CD Labeler 5
2009-03-22 20:02 . 2009-03-22 20:02 <DIR> d-------- d:\program files\Common Files\SureThing Shared
2009-03-22 19:56 . 2004-03-02 17:37 125,184 --------- d:\windows\system32\drivers\imagesrv.sys
2009-03-22 19:56 . 2004-03-02 17:37 5,504 --------- d:\windows\system32\drivers\imagedrv.sys
2009-03-22 19:55 . 2009-03-22 19:55 <DIR> d-------- d:\program files\Common Files\Ahead
2009-03-22 19:55 . 2009-03-22 19:55 <DIR> d-------- d:\program files\Ahead
2009-03-22 19:55 . 2004-07-26 17:16 1,568,768 --------- d:\windows\system32\ImagX7.dll
2009-03-22 19:55 . 2004-07-26 17:16 476,320 --------- d:\windows\system32\ImagXpr7.dll
2009-03-22 19:55 . 2004-07-26 17:16 471,040 --------- d:\windows\system32\ImagXRA7.dll
2009-03-22 19:55 . 2004-07-26 17:16 262,144 --------- d:\windows\system32\ImagXR7.dll
2009-03-22 19:55 . 2001-07-09 11:50 155,648 --a------ d:\windows\system32\NeroCheck.exe
2009-03-22 19:55 . 2000-06-26 11:45 106,496 --a------ d:\windows\system32\TwnLib20.dll
2009-03-22 19:44 . 2009-03-22 19:44 <DIR> d-------- d:\program files\uTorrent
2009-03-22 19:44 . 2009-03-22 20:55 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\uTorrent
2009-03-22 19:24 . 2009-03-22 19:24 <DIR> d-------- d:\program files\Ulead Systems
2009-03-22 19:24 . 2009-03-22 19:24 <DIR> d-------- d:\program files\Common Files\Ulead Systems
2009-03-22 19:24 . 2009-03-23 08:12 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Ulead Systems
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Elaborate Bytes
2009-03-22 19:18 . 2009-03-22 19:18 <DIR> d-------- d:\program files\Elaborate Bytes
2009-03-22 19:10 . 2009-03-22 19:16 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\HP
2009-03-22 19:10 . 2009-03-22 19:10 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\HP
2009-03-22 19:08 . 2009-03-22 19:08 <DIR> d-------- d:\program files\Common Files\Sonic Shared
2009-03-22 19:08 . 2009-03-22 19:08 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Sonic
2009-03-22 19:07 . 2009-03-22 19:07 <DIR> d-------- d:\windows\system32\URTTEMP
2009-03-22 19:06 . 2009-03-22 19:06 <DIR> d-------- d:\program files\Hewlett-Packard
2009-03-22 19:06 . 2009-03-22 19:08 <DIR> d-------- d:\program files\Common Files\HP
2009-03-22 19:05 . 2006-05-16 07:17 49,664 -ra------ d:\windows\system32\drivers\HPZid412.sys
2009-03-22 19:05 . 2006-05-16 07:17 16,496 -ra------ d:\windows\system32\drivers\HPZipr12.sys
2009-03-22 19:04 . 2006-03-03 21:03 282,680 --a------ d:\windows\system32\HPZidr12.dll
2009-03-22 19:04 . 2006-03-03 21:02 204,800 --a------ d:\windows\system32\HPZipr12.dll
2009-03-22 19:04 . 2006-03-03 21:02 94,208 --a------ d:\windows\system32\HPZipt12.dll
2009-03-22 19:04 . 2006-05-16 07:25 77,824 -ra------ d:\windows\system32\hpzids01.dll
2009-03-22 19:04 . 2006-03-03 21:03 69,632 --a------ d:\windows\system32\HPZipm12.exe
2009-03-22 19:04 . 2006-03-03 21:03 65,536 --a------ d:\windows\system32\HPZinw12.exe
2009-03-22 19:04 . 2006-03-03 21:02 57,344 --a------ d:\windows\system32\HPZisn12.dll
2009-03-22 19:04 . 2006-06-03 21:29 48,128 --a------ d:\windows\system32\hpz3l4pi.dll
2009-03-22 19:03 . 2009-03-22 20:35 <DIR> d-------- d:\program files\HP
2009-03-22 19:01 . 2009-03-22 19:10 135,358 --a------ d:\windows\HPHins12.dat
2009-03-22 19:01 . 2006-06-12 20:29 14,916 --------- d:\windows\hphmdl12.dat
2009-03-22 18:51 . 2009-03-22 18:51 <DIR> d-------- d:\program files\MSBuild
2009-03-22 18:51 . 2009-03-22 18:51 <DIR> d-------- d:\program files\Microsoft Works
2009-03-22 18:50 . 2009-03-22 18:50 <DIR> d-------- d:\program files\Microsoft.NET
2009-03-22 18:49 . 2009-03-22 18:50 <DIR> d-------- d:\windows\SHELLNEW
2009-03-22 18:49 . 2009-03-22 18:49 <DIR> d-------- d:\program files\Microsoft Visual Studio 8
2009-03-22 18:48 . 2009-03-22 18:48 <DIR> dr-h----- D:\MSOCache
2009-03-22 18:48 . 2009-03-22 18:53 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-22 18:32 . 2009-03-22 18:41 <DIR> d-------- d:\program files\Mahjong Fortuna 2 Deluxe
2009-03-22 18:31 . 2009-03-22 18:31 <DIR> d-------- d:\program files\ReflexiveArcade
2009-03-21 22:54 . 2009-03-21 22:54 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Media Player Classic
2009-03-21 22:52 . 2009-03-22 20:32 38 --a------ d:\windows\FASTTV.INI
2009-03-21 22:20 . 2009-03-23 17:53 152 --a------ d:\windows\IFOLDER.INI
2009-03-21 22:13 . 2009-03-21 22:13 759 --a------ d:\windows\system32\spupdsvc.inf
2009-03-21 22:09 . 2007-04-17 10:32 2,455,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dat
2009-03-21 22:09 . 2007-03-08 06:09 1,024,000 -----c--- d:\windows\system32\dllcache\ieframe.dll.mui
2009-03-21 22:09 . 2008-12-21 00:03 459,264 -----c--- d:\windows\system32\dllcache\msfeeds.dll
2009-03-21 22:09 . 2008-12-21 00:03 267,776 -----c--- d:\windows\system32\dllcache\iertutil.dll
2009-03-21 22:09 . 2008-12-21 00:03 52,224 -----c--- d:\windows\system32\dllcache\msfeedsbs.dll
2009-03-21 22:09 . 2008-12-19 10:10 13,824 -----c--- d:\windows\system32\dllcache\ieudinit.exe
2009-03-21 22:08 . 2008-12-21 00:03 6,066,688 -----c--- d:\windows\system32\dllcache\ieframe.dll
2009-03-21 22:08 . 2008-12-21 00:03 383,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dll
2009-03-21 22:08 . 2008-12-21 00:03 63,488 -----c--- d:\windows\system32\dllcache\icardie.dll
2009-03-21 22:03 . 2009-03-23 17:53 <DIR> d-------- d:\program files\MuchTV
2009-03-21 22:03 . 2003-06-30 13:01 348,160 --a------ d:\windows\system32\TSCTVWDM.DLL
2009-03-21 22:03 . 2000-02-07 16:51 70,656 --a------ d:\windows\system32\NUVISION.AX
2009-03-21 22:03 . 2001-04-12 15:13 39,936 --a------ d:\windows\system32\TVSNAP.AX
2009-03-21 22:03 . 2003-04-14 20:50 21,060 --a------ d:\windows\TSCTVMSG.INI
2009-03-21 22:03 . 2009-03-23 17:53 15,427 --a------ d:\windows\TSCTVFM.INI
2009-03-21 22:03 . 2009-03-23 17:53 582 --a------ d:\windows\TSCTV.INI
2009-03-21 22:03 . 2009-03-22 08:25 128 --a------ d:\windows\TSCFM.INI
2009-03-21 22:03 . 2009-03-21 22:03 62 --a------ d:\windows\system32\ERRMSG.INI
2009-03-21 22:01 . 2008-06-14 18:35 272,128 --------- d:\windows\system32\drivers\bthport.sys
2009-03-21 22:01 . 2008-06-14 18:35 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 16:56 440 ----a-w d:\program files\prqroqpd.txt
2009-03-22 19:40 --------- d--h--w d:\program files\InstallShield Installation Information
2009-03-22 19:22 --------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2009-03-21 21:03 --------- d-----w d:\program files\Common Files\InstallShield
2009-03-21 20:58 --------- d-----w d:\documents and settings\Jozef\Data aplikací\Skype
2009-03-21 20:54 --------- d-----w d:\program files\Common Files\Skype
2009-03-21 20:54 --------- d-----w d:\documents and settings\All Users\Data aplikací\Skype
2009-03-21 20:54 --------- d-----r d:\program files\Skype
2009-03-21 20:53 --------- d-----w d:\program files\K-Lite Codec Pack
2009-03-21 20:53 --------- d-----w d:\program files\ESET
2009-03-21 20:53 --------- d-----w d:\documents and settings\All Users\Data aplikací\ESET
2009-03-21 20:52 --------- d-----w d:\program files\Google
2009-03-21 20:48 --------- d-----w d:\program files\Alcohol Soft
2009-03-21 20:45 685,816 ----a-w d:\windows\system32\drivers\sptd.sys
2009-03-21 20:44 --------- d-----w d:\documents and settings\Jozef\Data aplikací\Zoner
2009-03-21 20:43 --------- d-----w d:\program files\Zoner
2009-03-21 20:42 --------- d-----w d:\program files\Your Uninstaller 2008
2009-03-21 20:37 --------- d-----w d:\program files\Windows Media Connect 2
2009-03-21 20:37 --------- d-----w d:\documents and settings\Jozef\Data aplikací\URSoft
2009-03-21 20:35 --------- d-----w d:\program files\Opera
2009-03-21 20:34 --------- d-----w d:\documents and settings\Jozef\Data aplikací\CyberLink
2009-03-21 20:33 --------- d-----w d:\program files\CyberLink
2009-03-21 20:33 --------- d-----w d:\program files\Common Files\CyberLink
2009-03-21 20:33 --------- d-----w d:\documents and settings\All Users\Data aplikací\CyberLink
2009-03-21 20:31 603,904 ----a-w d:\windows\system32\TUProgSt.exe
2009-03-21 20:31 362,240 ----a-w d:\windows\system32\TuneUpDefragService.exe
2009-03-21 20:31 29,480 ----a-w d:\windows\system32\msxml3a.dll
2009-03-21 20:31 --------- d-sh--w d:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-21 20:31 --------- d-----w d:\program files\TuneUp Utilities 2009
2009-03-21 20:31 --------- d-----w d:\documents and settings\Jozef\Data aplikací\TuneUp Software
2009-03-21 20:31 --------- d-----w d:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-03-21 20:30 --------- d-----w d:\documents and settings\Jozef\Data aplikací\BSplayer PRO
2009-03-21 20:28 --------- d-----w d:\program files\Webteh
2009-03-21 19:56 --------- d-----w d:\program files\Common Files\Adobe
2009-03-21 19:56 --------- d-----w d:\documents and settings\Jozef\Data aplikací\InterTrust
2009-03-21 19:55 --------- d-----w d:\program files\Intel
2009-03-21 19:52 315,392 ----a-w d:\windows\HideWin.exe
2009-03-21 19:49 --------- d-----w d:\program files\Intel Desktop Board
2009-03-21 19:42 --------- d-----w d:\program files\MSXML 4.0
2009-03-21 19:39 --------- d-----w d:\program files\SEC
2009-03-21 19:32 --------- d-----w d:\program files\microsoft frontpage
2009-02-09 14:07 1,846,784 ----a-w d:\windows\system32\win32k.sys
2009-02-06 13:24 93,336 ----a-w d:\windows\system32\drivers\epfwtdir.sys
2009-02-06 13:23 106,208 ----a-w d:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w d:\windows\system32\drivers\eamon.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2007-04-01 135168]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2007-04-01 155648]
"Persistence"="d:\windows\system32\igfxpers.exe" [2007-04-01 131072]
"RemoteControl8"="d:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="d:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-04 d:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-12-21 d:\windows\system32\advpack.dll]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
MuchTV Remote.lnk - d:\program files\MuchTV\tvrmvcr.exe [2009-03-21 114688]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - d:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= d:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BDRegion"=d:\program files\Cyberlink\Shared Files\brs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\WINDOWS\\system32\\userinit.exe"=

R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;d:\windows\system32\TUProgSt.exe [2009-03-21 603904]
R3 PhTVTune;MuchTV Plus TVTuner;d:\windows\system32\drivers\PhTVTune.sys [2009-03-22 24000]
R3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [2008-05-04 210736]
S2 ati64si;ati64si;\??\d:\windows\system32\drivers\ati64si.sys --> d:\windows\system32\drivers\ati64si.sys [?]
S2 fips32cup;fips32cup;\??\d:\windows\system32\drivers\fips32cup.sys --> d:\windows\system32\drivers\fips32cup.sys [?]
S2 netsik;netsik;\??\d:\windows\system32\drivers\netsik.sys --> d:\windows\system32\drivers\netsik.sys [?]
S2 nicsk32;nicsk32;\??\d:\windows\system32\drivers\nicsk32.sys --> d:\windows\system32\drivers\nicsk32.sys [?]
S2 ws2_32sik;ws2_32sik;\??\d:\windows\system32\drivers\ws2_32sik.sys --> d:\windows\system32\drivers\ws2_32sik.sys [?]
S3 SureThing Labelflash service;SureThing Labelflash service;d:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-03-22 74384]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-03-23 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]

2009-03-22 d:\windows\Tasks\At1.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At10.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At11.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At12.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At13.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At14.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At15.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At16.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At17.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At18.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At19.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At2.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At20.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At21.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At22.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At23.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At24.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At25.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At26.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At27.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At28.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At29.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At3.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At30.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At31.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At32.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At33.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At34.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At35.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At36.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At37.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At38.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At39.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At4.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At40.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At41.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At42.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At43.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At44.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At45.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At46.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At47.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At48.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At5.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At6.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At7.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At8.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At9.job
- d:\windows\system32\6Kn1TC5i.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Jozef - d:\documents and settings\Jozef\Jozef.exe

.
------- Doplňkový sken -------
.
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 17:58:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\000.fcl"
.
Celkový čas: 2009-03-23 17:59:15
ComboFix-quarantined-files.txt 2009-03-23 16:59:13

Před spuštěním: Volných bajtů: 22 283 280 384
Po spuštění: Volných bajtů: 22,317,899,776

355 --- E O F --- 2009-03-23 11:09:03

Erricco · Příspěvekod **Erricco** » 23 bře 2009 18:07

tu je log z combofix-u

ComboFix 09-03-22.01 - Jozef 2009-03-23 17:57:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2021.1456 [GMT 1:00]
Spuštěný z: d:\documents and settings\Jozef\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Jozef\Jozef.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-23 do 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-23 17:56 . 2009-03-23 17:56 61,440 --a------ d:\windows\system32\drivers\akcqar.sys
2009-03-23 17:32 . 2009-03-23 17:32 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-23 17:32 . 2009-03-23 17:32 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Malwarebytes
2009-03-23 17:32 . 2009-03-23 17:32 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-23 17:32 . 2009-02-11 10:19 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 17:32 . 2009-02-11 10:19 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-23 16:44 . 2009-03-23 16:44 <DIR> d-------- d:\program files\Trend Micro
2009-03-23 08:13 . 2009-03-23 08:13 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Ulead Systems
2009-03-22 21:44 . 2009-03-23 16:43 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-22 21:44 . 2009-03-22 21:56 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-22 21:00 . 2009-03-22 21:00 <DIR> dr------- d:\documents and settings\NetworkService\Oblíbené položky
2009-03-22 20:57 . 2004-10-11 18:21 372,736 -ra------ d:\windows\system32\LVUI2RC.dll
2009-03-22 20:57 . 2004-10-11 18:22 211,712 -ra------ d:\windows\system32\drivers\LV561AV.SYS
2009-03-22 20:57 . 2004-10-11 18:18 204,800 -ra------ d:\windows\system32\LVUI2.dll
2009-03-22 20:57 . 2004-10-11 18:16 204,800 -ra------ d:\windows\system32\lvcodec2.dll
2009-03-22 20:57 . 2004-10-11 18:14 106,496 -ra------ d:\windows\system32\lvcoinst.dll
2009-03-22 20:57 . 2004-10-11 18:18 22,016 -ra------ d:\windows\system32\drivers\LVUSBSta.sys
2009-03-22 20:57 . 2004-10-11 17:58 6,812 -ra------ d:\windows\system32\lvcoinst.ini
2009-03-22 20:56 . 2009-03-23 17:58 109 --a------ d:\windows\TSNV_I2C.INI
2009-03-22 20:41 . 2009-03-22 20:41 <DIR> d-------- d:\program files\Common Files\Logitech
2009-03-22 20:41 . 2004-12-14 19:16 53,248 -ra------ d:\windows\system32\InstMed.exe
2009-03-22 20:40 . 2009-03-22 20:40 <DIR> d-------- d:\program files\Logitech
2009-03-22 20:37 . 2008-04-13 22:16 85,248 --a------ d:\windows\system32\drivers\NABTSFEC.sys
2009-03-22 20:36 . 2009-03-22 20:36 <DIR> d-------- d:\windows\TVSETUP
2009-03-22 20:36 . 2003-03-07 07:00 24,000 -ra------ d:\windows\system32\drivers\PhTVTune.sys
2009-03-22 20:35 . 2003-12-11 11:15 626,960 -ra------ d:\windows\system32\hpvaut32.dll
2009-03-22 20:35 . 2003-12-11 11:15 487,424 -ra------ d:\windows\system32\hpvcp70.dll
2009-03-22 20:35 . 2003-12-11 11:15 344,064 -ra------ d:\windows\system32\hpvcr70.dll
2009-03-22 20:35 . 2003-12-11 11:15 44,544 -ra------ d:\windows\system32\MSXML4a.dll
2009-03-22 20:33 . 2009-03-22 20:33 <DIR> d-------- d:\program files\Common Files\Hewlett-Packard
2009-03-22 20:32 . 2009-03-22 20:37 85,288 --a------ d:\windows\hpgins01.dat
2009-03-22 20:32 . 2004-05-14 05:33 145 --------- d:\windows\hpgmdl01.dat
2009-03-22 20:16 . 2009-03-22 20:49 <DIR> d-------- d:\program files\SureThing CD Labeler 5
2009-03-22 20:02 . 2009-03-22 20:02 <DIR> d-------- d:\program files\Common Files\SureThing Shared
2009-03-22 19:56 . 2004-03-02 17:37 125,184 --------- d:\windows\system32\drivers\imagesrv.sys
2009-03-22 19:56 . 2004-03-02 17:37 5,504 --------- d:\windows\system32\drivers\imagedrv.sys
2009-03-22 19:55 . 2009-03-22 19:55 <DIR> d-------- d:\program files\Common Files\Ahead
2009-03-22 19:55 . 2009-03-22 19:55 <DIR> d-------- d:\program files\Ahead
2009-03-22 19:55 . 2004-07-26 17:16 1,568,768 --------- d:\windows\system32\ImagX7.dll
2009-03-22 19:55 . 2004-07-26 17:16 476,320 --------- d:\windows\system32\ImagXpr7.dll
2009-03-22 19:55 . 2004-07-26 17:16 471,040 --------- d:\windows\system32\ImagXRA7.dll
2009-03-22 19:55 . 2004-07-26 17:16 262,144 --------- d:\windows\system32\ImagXR7.dll
2009-03-22 19:55 . 2001-07-09 11:50 155,648 --a------ d:\windows\system32\NeroCheck.exe
2009-03-22 19:55 . 2000-06-26 11:45 106,496 --a------ d:\windows\system32\TwnLib20.dll
2009-03-22 19:44 . 2009-03-22 19:44 <DIR> d-------- d:\program files\uTorrent
2009-03-22 19:44 . 2009-03-22 20:55 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\uTorrent
2009-03-22 19:24 . 2009-03-22 19:24 <DIR> d-------- d:\program files\Ulead Systems
2009-03-22 19:24 . 2009-03-22 19:24 <DIR> d-------- d:\program files\Common Files\Ulead Systems
2009-03-22 19:24 . 2009-03-23 08:12 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Ulead Systems
2009-03-22 19:19 . 2009-03-22 19:19 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Elaborate Bytes
2009-03-22 19:18 . 2009-03-22 19:18 <DIR> d-------- d:\program files\Elaborate Bytes
2009-03-22 19:10 . 2009-03-22 19:16 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\HP
2009-03-22 19:10 . 2009-03-22 19:10 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\HP
2009-03-22 19:08 . 2009-03-22 19:08 <DIR> d-------- d:\program files\Common Files\Sonic Shared
2009-03-22 19:08 . 2009-03-22 19:08 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Sonic
2009-03-22 19:07 . 2009-03-22 19:07 <DIR> d-------- d:\windows\system32\URTTEMP
2009-03-22 19:06 . 2009-03-22 19:06 <DIR> d-------- d:\program files\Hewlett-Packard
2009-03-22 19:06 . 2009-03-22 19:08 <DIR> d-------- d:\program files\Common Files\HP
2009-03-22 19:05 . 2006-05-16 07:17 49,664 -ra------ d:\windows\system32\drivers\HPZid412.sys
2009-03-22 19:05 . 2006-05-16 07:17 16,496 -ra------ d:\windows\system32\drivers\HPZipr12.sys
2009-03-22 19:04 . 2006-03-03 21:03 282,680 --a------ d:\windows\system32\HPZidr12.dll
2009-03-22 19:04 . 2006-03-03 21:02 204,800 --a------ d:\windows\system32\HPZipr12.dll
2009-03-22 19:04 . 2006-03-03 21:02 94,208 --a------ d:\windows\system32\HPZipt12.dll
2009-03-22 19:04 . 2006-05-16 07:25 77,824 -ra------ d:\windows\system32\hpzids01.dll
2009-03-22 19:04 . 2006-03-03 21:03 69,632 --a------ d:\windows\system32\HPZipm12.exe
2009-03-22 19:04 . 2006-03-03 21:03 65,536 --a------ d:\windows\system32\HPZinw12.exe
2009-03-22 19:04 . 2006-03-03 21:02 57,344 --a------ d:\windows\system32\HPZisn12.dll
2009-03-22 19:04 . 2006-06-03 21:29 48,128 --a------ d:\windows\system32\hpz3l4pi.dll
2009-03-22 19:03 . 2009-03-22 20:35 <DIR> d-------- d:\program files\HP
2009-03-22 19:01 . 2009-03-22 19:10 135,358 --a------ d:\windows\HPHins12.dat
2009-03-22 19:01 . 2006-06-12 20:29 14,916 --------- d:\windows\hphmdl12.dat
2009-03-22 18:51 . 2009-03-22 18:51 <DIR> d-------- d:\program files\MSBuild
2009-03-22 18:51 . 2009-03-22 18:51 <DIR> d-------- d:\program files\Microsoft Works
2009-03-22 18:50 . 2009-03-22 18:50 <DIR> d-------- d:\program files\Microsoft.NET
2009-03-22 18:49 . 2009-03-22 18:50 <DIR> d-------- d:\windows\SHELLNEW
2009-03-22 18:49 . 2009-03-22 18:49 <DIR> d-------- d:\program files\Microsoft Visual Studio 8
2009-03-22 18:48 . 2009-03-22 18:48 <DIR> dr-h----- D:\MSOCache
2009-03-22 18:48 . 2009-03-22 18:53 <DIR> d-------- d:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-22 18:32 . 2009-03-22 18:41 <DIR> d-------- d:\program files\Mahjong Fortuna 2 Deluxe
2009-03-22 18:31 . 2009-03-22 18:31 <DIR> d-------- d:\program files\ReflexiveArcade
2009-03-21 22:54 . 2009-03-21 22:54 <DIR> d-------- d:\documents and settings\Jozef\Data aplikací\Media Player Classic
2009-03-21 22:52 . 2009-03-22 20:32 38 --a------ d:\windows\FASTTV.INI
2009-03-21 22:20 . 2009-03-23 17:53 152 --a------ d:\windows\IFOLDER.INI
2009-03-21 22:13 . 2009-03-21 22:13 759 --a------ d:\windows\system32\spupdsvc.inf
2009-03-21 22:09 . 2007-04-17 10:32 2,455,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dat
2009-03-21 22:09 . 2007-03-08 06:09 1,024,000 -----c--- d:\windows\system32\dllcache\ieframe.dll.mui
2009-03-21 22:09 . 2008-12-21 00:03 459,264 -----c--- d:\windows\system32\dllcache\msfeeds.dll
2009-03-21 22:09 . 2008-12-21 00:03 267,776 -----c--- d:\windows\system32\dllcache\iertutil.dll
2009-03-21 22:09 . 2008-12-21 00:03 52,224 -----c--- d:\windows\system32\dllcache\msfeedsbs.dll
2009-03-21 22:09 . 2008-12-19 10:10 13,824 -----c--- d:\windows\system32\dllcache\ieudinit.exe
2009-03-21 22:08 . 2008-12-21 00:03 6,066,688 -----c--- d:\windows\system32\dllcache\ieframe.dll
2009-03-21 22:08 . 2008-12-21 00:03 383,488 -----c--- d:\windows\system32\dllcache\ieapfltr.dll
2009-03-21 22:08 . 2008-12-21 00:03 63,488 -----c--- d:\windows\system32\dllcache\icardie.dll
2009-03-21 22:03 . 2009-03-23 17:53 <DIR> d-------- d:\program files\MuchTV
2009-03-21 22:03 . 2003-06-30 13:01 348,160 --a------ d:\windows\system32\TSCTVWDM.DLL
2009-03-21 22:03 . 2000-02-07 16:51 70,656 --a------ d:\windows\system32\NUVISION.AX
2009-03-21 22:03 . 2001-04-12 15:13 39,936 --a------ d:\windows\system32\TVSNAP.AX
2009-03-21 22:03 . 2003-04-14 20:50 21,060 --a------ d:\windows\TSCTVMSG.INI
2009-03-21 22:03 . 2009-03-23 17:53 15,427 --a------ d:\windows\TSCTVFM.INI
2009-03-21 22:03 . 2009-03-23 17:53 582 --a------ d:\windows\TSCTV.INI
2009-03-21 22:03 . 2009-03-22 08:25 128 --a------ d:\windows\TSCFM.INI
2009-03-21 22:03 . 2009-03-21 22:03 62 --a------ d:\windows\system32\ERRMSG.INI
2009-03-21 22:01 . 2008-06-14 18:35 272,128 --------- d:\windows\system32\drivers\bthport.sys
2009-03-21 22:01 . 2008-06-14 18:35 272,128 -----c--- d:\windows\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 16:56 440 ----a-w d:\program files\prqroqpd.txt
2009-03-22 19:40 --------- d--h--w d:\program files\InstallShield Installation Information
2009-03-22 19:22 --------- d---a-w d:\documents and settings\All Users\Data aplikací\TEMP
2009-03-21 21:03 --------- d-----w d:\program files\Common Files\InstallShield
2009-03-21 20:58 --------- d-----w d:\documents and settings\Jozef\Data aplikací\Skype
2009-03-21 20:54 --------- d-----w d:\program files\Common Files\Skype
2009-03-21 20:54 --------- d-----w d:\documents and settings\All Users\Data aplikací\Skype
2009-03-21 20:54 --------- d-----r d:\program files\Skype
2009-03-21 20:53 --------- d-----w d:\program files\K-Lite Codec Pack
2009-03-21 20:53 --------- d-----w d:\program files\ESET
2009-03-21 20:53 --------- d-----w d:\documents and settings\All Users\Data aplikací\ESET
2009-03-21 20:52 --------- d-----w d:\program files\Google
2009-03-21 20:48 --------- d-----w d:\program files\Alcohol Soft
2009-03-21 20:45 685,816 ----a-w d:\windows\system32\drivers\sptd.sys
2009-03-21 20:44 --------- d-----w d:\documents and settings\Jozef\Data aplikací\Zoner
2009-03-21 20:43 --------- d-----w d:\program files\Zoner
2009-03-21 20:42 --------- d-----w d:\program files\Your Uninstaller 2008
2009-03-21 20:37 --------- d-----w d:\program files\Windows Media Connect 2
2009-03-21 20:37 --------- d-----w d:\documents and settings\Jozef\Data aplikací\URSoft
2009-03-21 20:35 --------- d-----w d:\program files\Opera
2009-03-21 20:34 --------- d-----w d:\documents and settings\Jozef\Data aplikací\CyberLink
2009-03-21 20:33 --------- d-----w d:\program files\CyberLink
2009-03-21 20:33 --------- d-----w d:\program files\Common Files\CyberLink
2009-03-21 20:33 --------- d-----w d:\documents and settings\All Users\Data aplikací\CyberLink
2009-03-21 20:31 603,904 ----a-w d:\windows\system32\TUProgSt.exe
2009-03-21 20:31 362,240 ----a-w d:\windows\system32\TuneUpDefragService.exe
2009-03-21 20:31 29,480 ----a-w d:\windows\system32\msxml3a.dll
2009-03-21 20:31 --------- d-sh--w d:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-21 20:31 --------- d-----w d:\program files\TuneUp Utilities 2009
2009-03-21 20:31 --------- d-----w d:\documents and settings\Jozef\Data aplikací\TuneUp Software
2009-03-21 20:31 --------- d-----w d:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-03-21 20:30 --------- d-----w d:\documents and settings\Jozef\Data aplikací\BSplayer PRO
2009-03-21 20:28 --------- d-----w d:\program files\Webteh
2009-03-21 19:56 --------- d-----w d:\program files\Common Files\Adobe
2009-03-21 19:56 --------- d-----w d:\documents and settings\Jozef\Data aplikací\InterTrust
2009-03-21 19:55 --------- d-----w d:\program files\Intel
2009-03-21 19:52 315,392 ----a-w d:\windows\HideWin.exe
2009-03-21 19:49 --------- d-----w d:\program files\Intel Desktop Board
2009-03-21 19:42 --------- d-----w d:\program files\MSXML 4.0
2009-03-21 19:39 --------- d-----w d:\program files\SEC
2009-03-21 19:32 --------- d-----w d:\program files\microsoft frontpage
2009-02-09 14:07 1,846,784 ----a-w d:\windows\system32\win32k.sys
2009-02-06 13:24 93,336 ----a-w d:\windows\system32\drivers\epfwtdir.sys
2009-02-06 13:23 106,208 ----a-w d:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w d:\windows\system32\drivers\eamon.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2007-04-01 135168]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2007-04-01 155648]
"Persistence"="d:\windows\system32\igfxpers.exe" [2007-04-01 131072]
"RemoteControl8"="d:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="d:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"LVCOMSX"="d:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-04 d:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-12-21 d:\windows\system32\advpack.dll]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
MuchTV Remote.lnk - d:\program files\MuchTV\tvrmvcr.exe [2009-03-21 114688]
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - d:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= d:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BDRegion"=d:\program files\Cyberlink\Shared Files\brs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\WINDOWS\\system32\\userinit.exe"=

R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;d:\windows\system32\TUProgSt.exe [2009-03-21 603904]
R3 PhTVTune;MuchTV Plus TVTuner;d:\windows\system32\drivers\PhTVTune.sys [2009-03-22 24000]
R3 PSched;Plánovač paketů technologie QoS;d:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [2008-05-04 210736]
S2 ati64si;ati64si;\??\d:\windows\system32\drivers\ati64si.sys --> d:\windows\system32\drivers\ati64si.sys [?]
S2 fips32cup;fips32cup;\??\d:\windows\system32\drivers\fips32cup.sys --> d:\windows\system32\drivers\fips32cup.sys [?]
S2 netsik;netsik;\??\d:\windows\system32\drivers\netsik.sys --> d:\windows\system32\drivers\netsik.sys [?]
S2 nicsk32;nicsk32;\??\d:\windows\system32\drivers\nicsk32.sys --> d:\windows\system32\drivers\nicsk32.sys [?]
S2 ws2_32sik;ws2_32sik;\??\d:\windows\system32\drivers\ws2_32sik.sys --> d:\windows\system32\drivers\ws2_32sik.sys [?]
S3 SureThing Labelflash service;SureThing Labelflash service;d:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-03-22 74384]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-03-23 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]

2009-03-22 d:\windows\Tasks\At1.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At10.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At11.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At12.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At13.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At14.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At15.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At16.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At17.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At18.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At19.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At2.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At20.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At21.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At22.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At23.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At24.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At25.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At26.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At27.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At28.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At29.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At3.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At30.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At31.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At32.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At33.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At34.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At35.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-23 d:\windows\Tasks\At36.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At37.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At38.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At39.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At4.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At40.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At41.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At42.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At43.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At44.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At45.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At46.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At47.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At48.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At5.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At6.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At7.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At8.job
- d:\windows\system32\6Kn1TC5i.exe []

2009-03-22 d:\windows\Tasks\At9.job
- d:\windows\system32\6Kn1TC5i.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Jozef - d:\documents and settings\Jozef\Jozef.exe

.
------- Doplňkový sken -------
.
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 17:58:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\000.fcl"
.
Celkový čas: 2009-03-23 17:59:15
ComboFix-quarantined-files.txt 2009-03-23 16:59:13

Před spuštěním: Volných bajtů: 22 283 280 384
Po spuštění: Volných bajtů: 22,317,899,776

355 --- E O F --- 2009-03-23 11:09:03

Příspěvekod **jaro3** » 23 bře 2009 19:23

Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
ati64si
fips32cup
netsik
nicsk32
ws2_32sik

:Reg

:Files
d:\windows\system32\drivers\akcqar.sys
d:\program files\prqroqpd.txt
d:\windows\system32\drivers\ati64si.sys
d:\windows\system32\drivers\fips32cup.sys
d:\windows\system32\drivers\netsik.sys
d:\windows\system32\drivers\nicsk32.sys
d:\windows\Tasks\At1.job
d:\windows\system32\6Kn1TC5i.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Erricco · Příspěvekod **Erricco** » 24 bře 2009 18:51

Tak tu je ten log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver ati64si deleted successfully.

Service\Driver fips32cup deleted successfully.

Service\Driver netsik deleted successfully.

Service\Driver nicsk32 deleted successfully.

Service\Driver ws2_32sik deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder d:\windows\system32\drivers\akcqar.sys not found.
File/Folder d:\program files\prqroqpd.txt not found.
File/Folder d:\windows\system32\drivers\ati64si.sys not found.
File/Folder d:\windows\system32\drivers\fips32cup.sys not found.
File/Folder d:\windows\system32\drivers\netsik.sys not found.
File/Folder d:\windows\system32\drivers\nicsk32.sys not found.
File/Folder d:\windows\Tasks\At1.job not found.
File/Folder d:\windows\system32\6Kn1TC5i.exe not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_5C2S5sjkIUXh3Dfpx9Ck scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_5C2S5sjkIUXh3Dfpx9Ck-journal scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\~DF327C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_184405

Erricco · Příspěvekod **Erricco** » 24 bře 2009 19:03

a tu je log po reštarte :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver ati64si deleted successfully.

Service\Driver fips32cup deleted successfully.

Service\Driver netsik deleted successfully.

Service\Driver nicsk32 deleted successfully.

Service\Driver ws2_32sik deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder d:\windows\system32\drivers\akcqar.sys not found.
File/Folder d:\program files\prqroqpd.txt not found.
File/Folder d:\windows\system32\drivers\ati64si.sys not found.
File/Folder d:\windows\system32\drivers\fips32cup.sys not found.
File/Folder d:\windows\system32\drivers\netsik.sys not found.
File/Folder d:\windows\system32\drivers\nicsk32.sys not found.
File/Folder d:\windows\Tasks\At1.job not found.
File/Folder d:\windows\system32\6Kn1TC5i.exe not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_5C2S5sjkIUXh3Dfpx9Ck scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_5C2S5sjkIUXh3Dfpx9Ck-journal scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\~DF327C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_184405

Files moved on Reboot...
File D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_5C2S5sjkIUXh3Dfpx9Ck not found!
File D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_5C2S5sjkIUXh3Dfpx9Ck-journal not found!
D:\DOCUME~1\Jozef\LOCALS~1\Temp\hpodvd09.log moved successfully.
File D:\DOCUME~1\Jozef\LOCALS~1\Temp\~DF327C.tmp not found!
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0011\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0010\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0009\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0008\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0007\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

Příspěvekod **jaro3** » 24 bře 2009 19:08

Takže se omlouvám , vše O.K. až na ty job, zapomněl jsem hvězdičku ve scriptu...
Takže to samé s tímto:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
d:\windows\Tasks\At*.job
d:\windows\system32\6Kn1TC5i.exe 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Zase log z OTMoveIt3
jsem na odchodu , takže možná až zítra....

Erricco · Příspěvekod **Erricco** » 24 bře 2009 19:36

ok tak ten log :)
Ja tu budem zajtra až po 18:00 večer znova, takže potom sa ozvem.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder d:\windows\Tasks\At*.job not found.
File/Folder d:\windows\system32\6Kn1TC5i.exe not found.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_klG5ABXCZ0YDKMxZnnDG scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_klG5ABXCZ0YDKMxZnnDG-journal scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. D:\DOCUME~1\Jozef\LOCALS~1\Temp\~DF9A55.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_192637

Files moved on Reboot...
File D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_klG5ABXCZ0YDKMxZnnDG not found!
File D:\DOCUME~1\Jozef\LOCALS~1\Temp\etilqs_klG5ABXCZ0YDKMxZnnDG-journal not found!
D:\DOCUME~1\Jozef\LOCALS~1\Temp\hpodvd09.log moved successfully.
File D:\DOCUME~1\Jozef\LOCALS~1\Temp\~DF9A55.tmp not found!
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
D:\Documents and Settings\Jozef\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

Prosim o kontrolu Hijack this

Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Re: Prosim o kontrolu Hijack this

Kdo je online