CombofixComboFix 09-07-09.08 - Francek 11.07.2009 16:58.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1535.948 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-11 do 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-11 12:45 . 2009-06-17 09:27 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 12:45 . 2009-07-11 12:45 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-07-11 12:45 . 2009-06-17 09:27 19096 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-07-01 09:31 . 2009-07-01 09:31 -------- d-----w- d:\windows\system32\wbem\Repository
2009-06-28 10:41 . 2009-06-28 10:42 -------- d-----w- d:\program files\Mumble
2009-06-24 11:20 . 2009-06-24 11:20 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-06-20 10:26 . 2009-07-06 06:48 -------- d-----w- d:\program files\Common Files\Symantec Shared
2009-06-20 10:26 . 2009-07-05 23:08 -------- d-----w- d:\program files\Norton Security Scan
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 14:19 . 2009-05-03 08:03 -------- d-----w- d:\program files\Steam
2009-07-11 12:57 . 2009-01-16 08:14 -------- d-----w- d:\program files\lg_fwupdate
2009-07-09 11:03 . 2009-03-12 20:04 -------- d-----w- d:\program files\EA GAMES
2009-07-09 11:03 . 2009-01-16 08:07 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-09 09:22 . 2009-01-17 12:27 -------- d-----w- d:\program files\FTP Commander
2009-07-07 23:24 . 2009-01-16 08:39 -------- d-----w- d:\program files\VideoLAN
2009-07-07 10:51 . 2009-01-16 08:14 -------- d-----w- d:\program files\Common Files\Adobe
2009-07-07 10:35 . 2009-01-17 14:15 -------- d-----w- d:\program files\CCleaner
2009-07-05 21:35 . 2009-05-17 08:13 -------- d-----w- d:\program files\Orbitdownloader
2009-07-01 12:07 . 2009-04-11 11:08 -------- d-----w- d:\program files\SpeedFan
2009-06-22 16:29 . 2009-01-16 11:43 -------- d-----w- d:\program files\cstrike
2009-06-10 18:35 . 2009-01-31 14:13 -------- d-----w- d:\program files\World of Warcraft
2009-06-04 15:27 . 2009-05-12 14:58 -------- d-----w- d:\program files\Valve Hammer Editor
2009-05-31 13:32 . 2009-05-31 13:22 127768 ----a-w- d:\windows\hpoins11.dat
2009-05-31 13:30 . 2009-05-31 13:30 -------- d-----w- d:\program files\Common Files\HP
2009-05-31 13:30 . 2009-05-31 13:25 -------- d-----w- d:\program files\HP
2009-05-31 13:28 . 2009-05-31 13:28 -------- d-----w- d:\program files\Hewlett-Packard
2009-05-31 13:28 . 2009-05-31 13:28 -------- d-----w- d:\program files\Common Files\Hewlett-Packard
2009-05-20 12:47 . 2009-05-20 12:47 -------- d-----w- d:\program files\A4Tech
2009-05-17 18:40 . 2009-01-23 14:58 -------- d-----w- d:\program files\Google
2009-05-08 08:33 . 2009-05-08 08:33 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-05-08 08:33 . 2009-05-08 08:33 2348 ----a-w- d:\windows\system32\ealregsnapshot1.reg
2009-05-03 09:45 . 2006-03-02 12:00 488620 ----a-w- d:\windows\system32\perfh005.dat
2009-05-03 09:45 . 2006-03-02 12:00 102082 ----a-w- d:\windows\system32\perfc005.dat
2009-04-17 12:53 . 2009-04-17 12:53 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-04-14 21:07 . 2009-04-14 21:07 2678 ----a-w- d:\windows\java\Packages\Data\WQOEIKS2.DAT
2009-04-14 21:07 . 2009-04-14 21:07 2678 ----a-w- d:\windows\java\Packages\Data\N17N3XZL.DAT
2009-04-14 21:07 . 2009-04-14 21:07 2678 ----a-w- d:\windows\java\Packages\Data\A8XB7VFP.DAT
2009-04-14 21:07 . 2009-04-14 21:07 2678 ----a-w- d:\windows\java\Packages\Data\6FXJXNNB.DAT
2004-10-01 14:00 . 2009-01-16 08:10 40960 ----a-w- d:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2006-03-02 12:00 802304 6ED57BDAAD00043872DC45984DA91096 d:\windows\system32\wininet.dll
[-] 2006-03-02 12:00 802304 6ED57BDAAD00043872DC45984DA91096 d:\windows\system32\dllcache\wininet.dll
[7] 2006-03-02 12:00 657408 50D263E3454E8357D13BB598129185AD d:\windows\VistaMizer\old\wininet.dll
[-] 2006-03-02 12:00 541696 96112B362A1F419384CE57E5D92C6267 d:\windows\system32\winlogon.exe
[-] 2006-03-02 12:00 541696 96112B362A1F419384CE57E5D92C6267 d:\windows\system32\dllcache\winlogon.exe
[7] 2006-03-02 12:00 502272 221C29AE1B4CC61D11D8B27DE78B2307 d:\windows\VistaMizer\old\winlogon.exe
[-] 2006-03-02 12:00 2316160 7CE10A3B823F3DB9B92E06383F37C64A d:\windows\system32\ntkrnlpa.exe
[7] 2006-03-02 12:00 2059008 E86DD06F2B8F919DDF23F78A3BF2AA23 d:\windows\VistaMizer\old\ntkrnlpa.exe
[-] 2006-03-02 12:00 2440320 32A866B57CB8B04B337A26DBC0FA09EE d:\windows\system32\ntoskrnl.exe
[7] 2006-03-02 12:00 2183168 12C80E46DCEC9B82473D1B1B9DA1F16B d:\windows\VistaMizer\old\ntoskrnl.exe
[-] 2006-03-02 12:00 1550848 52CF1BEECCD26FAC8B12A4310A5E47FE d:\windows\explorer.exe
[-] 2006-03-02 12:00 1550848 52CF1BEECCD26FAC8B12A4310A5E47FE d:\windows\system32\dllcache\explorer.exe
[7] 2006-03-02 12:00 1032704 53114D57AB73A406AC7F602227781A99 d:\windows\VistaMizer\old\explorer.exe
[-] 2006-03-02 12:00 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 d:\windows\system32\ctfmon.exe
[-] 2006-03-02 12:00 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 d:\windows\system32\dllcache\ctfmon.exe
[7] 2006-03-02 12:00 15360 A5BAA91475167161DEA02BA3C4CA4F59 d:\windows\VistaMizer\old\ctfmon.exe
[-] 2006-03-02 12:00 111104 D236E3B128029D7A01EB50F778FFF414 d:\windows\system32\wuauclt.exe
[-] 2006-03-02 12:00 111104 D236E3B128029D7A01EB50F778FFF414 d:\windows\system32\dllcache\wuauclt.exe
[7] 2006-03-02 12:00 111104 E9F9CD3C7F2E56505A0AC166580120E3 d:\windows\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-07-11_14.06.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 08:48 . 2009-07-11 14:09 32768 d:\windows\Temp\History\History.IE5\MSHist012009071120090712\index.dat
- 2009-07-11 08:48 . 2009-07-11 12:58 32768 d:\windows\Temp\History\History.IE5\MSHist012009071120090712\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2006-03-02 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="d:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="d:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
"LGODDFU"="d:\program files\lg_fwupdate\fwupdate.exe" [2009-01-16 548864]
"TV Card Remote Control Device Monitor"="d:\windows\713xRMTMon.exe" [2005-07-20 352256]
"snp2uvc"="d:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"tsnp2uvc"="d:\windows\tsnp2uvc.exe" [2007-07-11 237568]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"WheelMouse"="d:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2009-03-27 17567744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2006-03-02 25088]
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=d:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Scheduler for OEM.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Scheduler for OEM.lnk
backup=d:\windows\pss\Scheduler for OEM.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Francek^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=d:\documents and settings\Francek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=d:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\cstrike\\hl.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\Program Files\\Steam\\steamapps\\sidicze\\counter-strike\\hl.exe"=
"d:\\Program Files\\cstrike\\hlds.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\BROOD\\StarCraft.exe"=
"d:\\Program Files\\cstrike\\hltv.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [23.3.2009 20:49 28544]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [9.4.2009 13:18 16872]
R1 nltdi;nltdi;d:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [9.4.2009 10:43 93696]
S2 713xTVCard;SAA7135 TV Card;d:\windows\system32\drivers\SAA713x.sys [16.2.2009 14:40 289280]
S2 gupdate1c98f8cf18ccde0;Služba Google Update (gupdate1c98f8cf18ccde0);d:\program files\Google\Update\GoogleUpdate.exe [15.2.2009 18:46 133104]
S2 WDMTVTuner;Universal WDM TV Tuner;d:\windows\system32\drivers\WDMTuner.sys [16.2.2009 14:41 26880]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [9.4.2009 12:42 1684736]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
Obsah adresáře 'Naplánované úlohy'
2009-07-11 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 16:27]
2009-07-11 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 16:46]
2009-07-11 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 16:46]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://search.orbitdownloader.comuInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
FF - ProfilePath - d:\documents and settings\Francek\Data aplikací\Mozilla\Firefox\Profiles\n9ks5ags.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://seznam.cz/FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-11 17:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = d:\windows\713xRMTMon.exe???@t??????????S?e?`E7?x???U?I?ht??????????????x???????????????????x?7??????@7?????????????????x?7?t???hE7?????????S?e?x?7?e? ?x??????????????|4E7?@t??????????????@t??????????????????????????????????8t??h???????????8t??(???@t????A????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(824)
d:\windows\system32\sfc_os.dll
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\cscui.dll
d:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(2936)
d:\windows\system32\CRYPT32.dll
d:\windows\system32\MSASN1.dll
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\msi.dll
d:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
.
Celkový čas: 2009-07-11 17:07
ComboFix-quarantined-files.txt 2009-07-11 15:07
ComboFix2.txt 2009-07-11 14:09
Před spuštěním: 7 905 726 464
Po spuštění: 7 896 911 872
254
HijackthisLogfile of HijackThis v1.99.1
Scan saved at 17:10:33, on 11.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\lg_fwupdate\fwupdate.exe
D:\WINDOWS\713xRMTMon.exe
D:\WINDOWS\tsnp2uvc.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NetLimiter 2 Pro\NLClient.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\Steam\Steam.exe
D:\WINDOWS\explorer.exe
C:\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.orbitdownloader.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "D:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] D:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [snp2uvc] D:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] D:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WheelMouse] D:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download by Orbit -
res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -
res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit -
res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -
res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c98f8cf18ccde0) (gupdate1c98f8cf18ccde0) - Unknown owner - D:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
