PC-HELP.CZ

Dobrý den,
mám problém s Google Chromem, stále mi padá, musí se restartovat. Prosím poraďte, co mám dělat.

Díky Bobsch2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:30, on 28.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SaveSnap\SaveSnap.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [4shared Desktop] "C:\Program Files\4shared Desktop\desktop.exe" "startup"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: SaveSnap.lnk = C:\Program Files\SaveSnap\SaveSnap.exe
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{142625C9-79CF-40E8-92C9-5083C4A4ED88}: NameServer = 90.183.231.251,194.228.41.113
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10998 bytes

//Sekce Internet není ta pravá pro vložení logu HJT

//přesunuto

//mmm

možná seš tak navyklej na Operu jako já že mačkáš zavřít poslední panel a zavře se celej prohlížeč :lol:

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4260

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30.6.2010 16:39:53
mbam-log-2010-06-30 (16-39-53).txt

Typ skenu: Rychlý sken
Skenované objekty: 145996
Uplynulý čas: 9 minuta(y), 0 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

ComboFix 10-06-29.04 - Spravce 30.06.2010 23:24:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1502 [GMT 2:00]
Spuštěný z: c:\documents and settings\Spravce\Dokumenty\Downloads\Programs\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2009.04.19 10.11.33.log
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2009.05.31 11.40.08.log
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction - 2009.04.19 10.11.33.log
c:\program files\FlashGet Network\FlashGet universal\transaction - 2009.05.31 11.40.08.log
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\windows\system32\systeminfo.dll
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 21:13 . 2010-06-30 21:13 390144 ----a-w- c:\windows\system32\CF20932.exe
2010-06-26 11:31 . 2010-06-26 11:31 -------- d-----w- c:\program files\City Interactive
2010-06-19 16:28 . 2010-06-30 11:53 -------- d-----w- c:\program files\Internet Download Manager
2010-06-17 18:17 . 2010-06-17 18:17 -------- d-----w- c:\program files\Cesaro
2010-06-15 22:41 . 2010-06-15 22:41 -------- d-----w- C:\cb18d36be34f4fe945b84945
2010-06-06 09:10 . 2010-06-06 09:13 -------- d-----w- c:\program files\Microsoft AutoRoute 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 22:13 . 2004-08-18 12:00 441234 ----a-w- c:\windows\system32\perfh005.dat
2010-06-29 22:13 . 2004-08-18 12:00 83984 ----a-w- c:\windows\system32\perfc005.dat
2010-06-15 18:32 . 2009-08-21 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-13 19:26 . 2008-03-14 12:37 -------- d-----w- c:\program files\Google
2010-06-06 09:09 . 2008-03-14 16:05 -------- d-----w- c:\program files\MSECache
2010-06-06 08:27 . 2008-03-14 16:31 3208 ----a-w- c:\windows\im32st.dat
2010-06-05 06:43 . 2008-03-13 11:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 17:42 . 2010-05-30 17:42 -------- d-----w- c:\program files\Playlogic
2010-05-30 13:36 . 2008-03-13 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 12:01 . 2010-03-13 14:07 -------- d-----w- c:\program files\Opera
2010-05-23 11:50 . 2010-03-11 15:28 -------- d-----w- c:\program files\Maxthon2
2010-05-23 09:36 . 2010-05-23 09:36 -------- d-----w- c:\program files\Dzuso
2010-05-04 17:18 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2010-05-23 10:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 09:27 . 2008-12-06 02:12 -------- d-----w- c:\program files\Ubisoft
2010-05-02 09:14 . 2010-05-02 09:12 -------- d-----w- c:\program files\DAEMON Tools
2010-05-02 09:11 . 2009-03-14 12:44 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-05-02 09:10 . 2009-06-04 18:44 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ------w- c:\windows\system32\win32k.sys
2010-05-02 05:35 . 2010-05-01 14:28 -------- d-----w- c:\program files\Common Files\Nero
2010-05-02 05:35 . 2010-05-01 14:28 -------- d-----w- c:\program files\Nero
2010-04-29 13:39 . 2009-08-21 09:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-21 09:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-04 08:37 . 2010-04-04 08:37 14 ----a-w- c:\windows\system32\System32.sys
2010-04-04 07:39 . 2010-04-04 07:39 14 ----a-w- c:\windows\system32\Systemdrv.sys
2009-11-04 15:45 . 2009-11-04 15:45 347285 ----a-w- c:\program files\wicplug.cab
2009-11-04 15:42 . 2009-11-04 15:42 5310976 ----a-w- c:\program files\mediago13_x86.msi
2009-11-04 10:56 . 2009-11-04 10:56 19562 ----a-w- c:\program files\browsers.cab
2009-05-28 18:08 . 2009-05-28 18:08 1278500 ----a-w- c:\program files\aviplug.cab
2009-05-28 18:08 . 2009-05-28 18:08 1386632 ----a-w- c:\program files\atracplu.cab
2009-05-28 18:08 . 2009-05-28 18:08 1906014 ----a-w- c:\program files\cddrvs.cab
2009-05-28 18:08 . 2009-05-28 18:08 35956570 ----a-w- c:\program files\main.cab
2009-05-28 18:05 . 2009-05-28 18:05 417 ----a-w- c:\program files\sfxctrl.ach
2009-05-28 18:04 . 2009-05-28 18:04 17373696 ----a-w- c:\program files\mediago11_x86.msi
2009-05-27 20:27 . 2009-05-27 20:27 1264 ----a-w- c:\program files\setup.dat
2009-05-27 20:24 . 2009-05-27 20:24 87037 ----a-w- c:\program files\readme.cab
2009-05-27 20:24 . 2009-05-27 20:24 309992 ----a-w- c:\program files\msvcrt71.cab
2009-05-27 20:24 . 2009-05-27 20:24 179627 ----a-w- c:\program files\msvcrt.cab
2009-05-27 20:24 . 2009-05-27 20:24 170593 ----a-w- c:\program files\mmlib.cab
2009-05-27 20:24 . 2009-05-27 20:24 126433 ----a-w- c:\program files\mars.cab
2009-05-27 20:23 . 2009-05-27 20:23 2054411 ----a-w- c:\program files\cddb.cab
2009-05-27 20:23 . 2009-05-27 20:23 312204 ----a-w- c:\program files\addins.cab
2009-05-27 20:12 . 2009-05-27 20:12 127844 ----a-w- c:\program files\setup.zip
2009-04-23 01:59 . 2009-04-23 01:59 14546624 ----a-w- c:\program files\PlayStationStoreSetup.exe
2009-04-09 14:58 . 2009-04-09 14:58 2847000 ----a-w- c:\program files\PSNDownloaderSetup.exe
2009-03-24 15:20 . 2009-03-24 15:20 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-01-22 18:06 . 2009-01-22 18:06 12212040 ----a-w- c:\program files\WMFDist11-WindowsXP-x86-ENU.exe
2009-01-22 18:06 . 2009-01-22 18:06 4216840 ----a-w- c:\program files\vcredist2_x86.exe
2009-01-22 18:06 . 2009-01-22 18:06 2682880 ----a-w- c:\program files\vcredist_x86.exe
2009-01-22 18:06 . 2009-01-22 18:06 3327000 ----a-w- c:\program files\WindowsXP-KB942288-v3-x86.exe
2009-04-05 13:04 . 2009-03-28 13:15 387104 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-04-05 13:04 . 2009-03-28 13:15 9504 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2009-10-25 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_1$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-03-11 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-15 68856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-06-26 3179952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

c:\documents and settings\Spravce\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SaveSnap.lnk - c:\program files\SaveSnap\SaveSnap.exe [2009-10-28 1264128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Grand Theft Auto IV - Episodes From Liberty City\\EFLC.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25.5.2010 11:31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25.5.2010 11:31 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [23.6.2010 15:14 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25.5.2010 11:31 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25.5.2010 11:31 116784]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [14.2.2009 12:52 137344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25.5.2010 11:31 126392]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [14.2.2009 12:52 12032]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [13.3.2008 12:39 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.5.2010 22:55 102448]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [5.2.2009 17:45 8192]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100629.001\IDSXpx86.sys [30.6.2010 13:58 331640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 14:12 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.12.2009 23:32 90112]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3.11.2009 13:28 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3.11.2009 13:28 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3.11.2009 13:28 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3.11.2009 13:28 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3.11.2009 13:28 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3.11.2009 13:28 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3.11.2009 13:28 109864]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2008 14:41 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-03 10:00]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 12:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 12:12]

2010-06-30 c:\windows\Tasks\User_Feed_Synchronization-{2E5DA73F-0BA8-4C30-AF1B-54D15484F2F4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.live.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel -
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {142625C9-79CF-40E8-92C9-5083C4A4ED88} = 90.183.231.251,194.228.41.113
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-fsm - (no file)
HKCU-Run-WEBTRAN - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-4shared Desktop - c:\program files\4shared Desktop\desktop.exe
HKCU-Run-Nektra OEAPI - (no file)
HKLM-Run-4shared Update - c:\program files\4shared Desktop\checkUpdate.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-4shared Desktop - c:\program files\4shared Desktop\uninstall.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-PC Translator - c:\docume~1\Spravce\LOCALS~1\Temp\UN32.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 23:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\docume~1\Spravce\LOCALS~1\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5d,ed,c8,4d,27,c8,64,10,dc,25,b4,d4,9f,9a,06,27,9f,28,37,54,63,93,30,
3e,06,f7,12,61,c6,91,d8,dc,b1,af,33,0f,26,67,11,67,c1,c9,86,53,b0,de,f1,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,b5,6d,db,ae,fa,3f,36,1b,17,57,52,0d,32,de,1c,34,c1,28,0f,ad,
ea,57,92,7a,86,2e,f5,fc,d3,6a,bc,81,10,89,d9,72,d1,b1,65,ad,49,7c,7c,3b,7c,\
"rkeysecu"=hex:f4,0a,c6,8c,79,67,2c,20,ab,46,71,e7,d2,9e,42,2c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1ca46171-e959-4658-8b17-1a500633873d}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006a
"Therad"=dword:00000018

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,68,8d,47,d1,ca,3e,1e,0b,b2,3d,cf,66,d1,86,a0,ba,cf,29,9b,ed,
2a,75,e4,6b,42,54,ee,96,18,5d,c1,f9,43,b5,bb,80,ef,c5,8a,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bb,15,21,54,2e,df,a8,5f,0c,dc,71,1d,c2,c1,2c,f8,36,de,e5,12,c8,
ba,ae,59,9a,c3,fa,d6,a9,64,ff,9a,00,ae,88,8c,ba,79,fe,f0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f6f8b16c-cebf-45b8-a10e-e10254a46a71}]
@Denied: (Full) (Everyone)
"Model"=dword:000000af
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\idmmbc.dll
.
Celkový čas: 2010-06-30 23:30:39
ComboFix-quarantined-files.txt 2010-06-30 21:30

Před spuštěním: Volných bajtů: 143 376 633 856
Po spuštění: Volných bajtů: 155 627 786 240

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 188453882E444C0B6A2434316BBF9671

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\CF20932.exe
c:\windows\im32st.dat
c:\windows\system32\System32.sys
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat
c:\docume~1\Spravce\LOCALS~1\Temp\catchme.dll
c:\windows\system32\DRIVERS\klim5.sys

Folder::
c:\program files\DAEMON Tools Toolbar

Driver::
klim5

DDS::
uStart Page = hxxp://www.live.com
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

RegLock::
[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1ca46171-e959-4658-8b17-1a500633873d}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f6f8b16c-cebf-45b8-a10e-e10254a46a71}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\program files\setup.dat
c:\windows\system32\drivers\tcpip.sys

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

Soubor log.txt přijatý 2010.07.01 09:01:32 (UTC)
Současný stav: hotový
Výsledek: 0/41 (0%)
Kompaktní
Tisk výsledků
Antivirus Verze Poslední aktualizace Výsledek
a-squared 5.0.0.31 2010.07.01 -
AhnLab-V3 2010.07.01.00 2010.07.01 -
AntiVir 8.2.4.2 2010.07.01 -
Antiy-AVL 2.0.3.7 2010.06.30 -
Authentium 5.2.0.5 2010.07.01 -
Avast 4.8.1351.0 2010.06.30 -
Avast5 5.0.332.0 2010.06.30 -
AVG 9.0.0.836 2010.07.01 -
BitDefender 7.2 2010.07.01 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.01 -
Comodo 5275 2010.07.01 -
DrWeb 5.0.2.03300 2010.07.01 -
eSafe 7.0.17.0 2010.06.30 -
eTrust-Vet 36.1.7677 2010.06.30 -
F-Prot 4.6.1.107 2010.06.30 -
F-Secure 9.0.15370.0 2010.07.01 -
Fortinet 4.1.133.0 2010.06.30 -
GData 21 2010.07.01 -
Ikarus T3.1.1.84.0 2010.07.01 -
Jiangmin 13.0.900 2010.07.01 -
Kaspersky 7.0.0.125 2010.07.01 -
McAfee 5.400.0.1158 2010.07.01 -
McAfee-GW-Edition 2010.1 2010.06.30 -
Microsoft 1.5902 2010.07.01 -
NOD32 5241 2010.06.30 -
Norman 6.05.10 2010.07.01 -
nProtect 2010-06-30.01 2010.06.30 -
Panda 10.0.2.7 2010.06.30 -
PCTools 7.0.3.5 2010.07.01 -
Prevx 3.0 2010.07.01 -
Rising 22.54.03.04 2010.07.01 -
Sophos 4.54.0 2010.07.01 -
Sunbelt 6529 2010.07.01 -
Symantec 20101.1.0.89 2010.07.01 -
TheHacker 6.5.2.0.305 2010.06.30 -
TrendMicro 9.120.0.1004 2010.07.01 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.01 -
VBA32 3.12.12.5 2010.06.30 -
ViRobot 2010.6.29.3912 2010.07.01 -
VirusBuster 5.0.27.0 2010.06.30 -
Další informace
File size: 35968 bytes
MD5...: 8c093cb7a4781e259f0a7846211569a5
SHA1..: 77dafb6bc7bd1bdf44e4d5172be539e73dc3de27
SHA256: 6c3cd12d471d2527fa94eb57148766fe82bb45151b3c04b09a5d1111858c20ad
ssdeep: 768:eZwHkOeaqpqC5K5d+zcClIRku71CAxGZ8:zkOeaqpqC5K5d+zoCu7HgZ8
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ComboFix 10-06-30.03 - Spravce 01.07.2010 10:37:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1514 [GMT 2:00]
Spuštěný z: c:\documents and settings\Spravce\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Spravce\Plocha\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\docume~1\Spravce\LOCALS~1\Temp\catchme.dll"
"c:\windows\im32st.dat"
"c:\windows\system32\CF20932.exe"
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\drivers\fidbox2.dat"
"c:\windows\system32\DRIVERS\klim5.sys"
"c:\windows\system32\System32.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\windows\im32st.dat
c:\windows\system32\CF20932.exe
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\System32.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_klim5

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-01 do 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 08:32 . 2010-07-01 08:32 390144 ----a-w- c:\windows\system32\CF22923.exe
2010-07-01 08:32 . 2010-07-01 08:31 390144 ----a-w- c:\windows\system32\CF22792.exe
2010-06-26 11:31 . 2010-06-26 11:31 -------- d-----w- c:\program files\City Interactive
2010-06-19 16:28 . 2010-06-30 11:53 -------- d-----w- c:\program files\Internet Download Manager
2010-06-17 18:17 . 2010-06-17 18:17 -------- d-----w- c:\program files\Cesaro
2010-06-15 22:41 . 2010-06-15 22:41 -------- d-----w- C:\cb18d36be34f4fe945b84945
2010-06-06 09:10 . 2010-06-06 09:13 -------- d-----w- c:\program files\Microsoft AutoRoute 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 07:45 . 2004-08-18 12:00 83984 ----a-w- c:\windows\system32\perfc005.dat
2010-07-01 07:45 . 2004-08-18 12:00 441234 ----a-w- c:\windows\system32\perfh005.dat
2010-06-15 18:32 . 2009-08-21 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-13 19:26 . 2008-03-14 12:37 -------- d-----w- c:\program files\Google
2010-06-06 09:09 . 2008-03-14 16:05 -------- d-----w- c:\program files\MSECache
2010-06-05 06:43 . 2008-03-13 11:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 17:42 . 2010-05-30 17:42 -------- d-----w- c:\program files\Playlogic
2010-05-30 13:36 . 2008-03-13 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 12:01 . 2010-03-13 14:07 -------- d-----w- c:\program files\Opera
2010-05-23 11:50 . 2010-03-11 15:28 -------- d-----w- c:\program files\Maxthon2
2010-05-23 09:36 . 2010-05-23 09:36 -------- d-----w- c:\program files\Dzuso
2010-05-04 17:18 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2010-05-23 10:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 09:27 . 2008-12-06 02:12 -------- d-----w- c:\program files\Ubisoft
2010-05-02 09:14 . 2010-05-02 09:12 -------- d-----w- c:\program files\DAEMON Tools
2010-05-02 09:11 . 2009-03-14 12:44 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2009-08-21 09:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-21 09:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-04 07:39 . 2010-04-04 07:39 14 ----a-w- c:\windows\system32\Systemdrv.sys
2009-11-04 15:45 . 2009-11-04 15:45 347285 ----a-w- c:\program files\wicplug.cab
2009-11-04 15:42 . 2009-11-04 15:42 5310976 ----a-w- c:\program files\mediago13_x86.msi
2009-11-04 10:56 . 2009-11-04 10:56 19562 ----a-w- c:\program files\browsers.cab
2009-05-28 18:08 . 2009-05-28 18:08 1278500 ----a-w- c:\program files\aviplug.cab
2009-05-28 18:08 . 2009-05-28 18:08 1386632 ----a-w- c:\program files\atracplu.cab
2009-05-28 18:08 . 2009-05-28 18:08 1906014 ----a-w- c:\program files\cddrvs.cab
2009-05-28 18:08 . 2009-05-28 18:08 35956570 ----a-w- c:\program files\main.cab
2009-05-28 18:05 . 2009-05-28 18:05 417 ----a-w- c:\program files\sfxctrl.ach
2009-05-28 18:04 . 2009-05-28 18:04 17373696 ----a-w- c:\program files\mediago11_x86.msi
2009-05-27 20:27 . 2009-05-27 20:27 1264 ----a-w- c:\program files\setup.dat
2009-05-27 20:24 . 2009-05-27 20:24 87037 ----a-w- c:\program files\readme.cab
2009-05-27 20:24 . 2009-05-27 20:24 309992 ----a-w- c:\program files\msvcrt71.cab
2009-05-27 20:24 . 2009-05-27 20:24 179627 ----a-w- c:\program files\msvcrt.cab
2009-05-27 20:24 . 2009-05-27 20:24 170593 ----a-w- c:\program files\mmlib.cab
2009-05-27 20:24 . 2009-05-27 20:24 126433 ----a-w- c:\program files\mars.cab
2009-05-27 20:23 . 2009-05-27 20:23 2054411 ----a-w- c:\program files\cddb.cab
2009-05-27 20:23 . 2009-05-27 20:23 312204 ----a-w- c:\program files\addins.cab
2009-05-27 20:12 . 2009-05-27 20:12 127844 ----a-w- c:\program files\setup.zip
2009-04-23 01:59 . 2009-04-23 01:59 14546624 ----a-w- c:\program files\PlayStationStoreSetup.exe
2009-04-09 14:58 . 2009-04-09 14:58 2847000 ----a-w- c:\program files\PSNDownloaderSetup.exe
2009-03-24 15:20 . 2009-03-24 15:20 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-01-22 18:06 . 2009-01-22 18:06 12212040 ----a-w- c:\program files\WMFDist11-WindowsXP-x86-ENU.exe
2009-01-22 18:06 . 2009-01-22 18:06 4216840 ----a-w- c:\program files\vcredist2_x86.exe
2009-01-22 18:06 . 2009-01-22 18:06 2682880 ----a-w- c:\program files\vcredist_x86.exe
2009-01-22 18:06 . 2009-01-22 18:06 3327000 ----a-w- c:\program files\WindowsXP-KB942288-v3-x86.exe
.

------- Sigcheck -------

[-] 2009-10-25 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_1$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-06-30_21.28.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 08:44 . 2010-07-01 08:44 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-07-01 08:47 . 2010-07-01 08:47 16384 c:\windows\Temp\Perflib_Perfdata_248.dat
+ 2010-07-01 08:45 . 2010-07-01 08:45 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
- 2004-08-18 12:00 . 2010-06-29 22:13 72326 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-07-01 07:45 72326 c:\windows\system32\perfc009.dat
+ 2010-07-01 07:45 . 2010-07-01 07:45 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-18 12:00 . 2010-06-29 22:13 444450 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2010-07-01 07:45 444450 c:\windows\system32\perfh009.dat
+ 2010-07-01 07:45 . 2010-07-01 07:45 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-29 22:13 . 2010-06-29 22:13 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-29 22:13 . 2010-06-29 22:13 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-29 22:13 . 2010-06-29 22:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-29 22:13 . 2010-06-29 22:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-29 22:12 . 2010-06-29 22:13 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-29 22:12 . 2010-06-29 22:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-29 22:13 . 2010-06-29 22:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-07-01 07:45 . 2010-07-01 07:45 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-03-11 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-15 68856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-06-26 3179952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

c:\documents and settings\Spravce\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SaveSnap.lnk - c:\program files\SaveSnap\SaveSnap.exe [2009-10-28 1264128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Grand Theft Auto IV - Episodes From Liberty City\\EFLC.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25.5.2010 11:31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25.5.2010 11:31 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [23.6.2010 15:14 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25.5.2010 11:31 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25.5.2010 11:31 116784]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [14.2.2009 12:52 137344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25.5.2010 11:31 126392]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.12.2009 23:32 90112]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [14.2.2009 12:52 12032]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [13.3.2008 12:39 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.5.2010 22:55 102448]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [5.2.2009 17:45 8192]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100630.006\IDSXpx86.sys [1.7.2010 9:44 331640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 14:12 135664]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3.11.2009 13:28 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3.11.2009 13:28 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3.11.2009 13:28 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3.11.2009 13:28 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3.11.2009 13:28 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3.11.2009 13:28 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3.11.2009 13:28 109864]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2008 14:41 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-03 10:00]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 12:12]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 12:12]

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{2E5DA73F-0BA8-4C30-AF1B-54D15484F2F4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel -
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {142625C9-79CF-40E8-92C9-5083C4A4ED88} = 90.183.231.251,194.228.41.113
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 10:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5d,ed,c8,4d,27,c8,64,10,dc,25,b4,d4,9f,9a,06,27,9f,28,37,54,63,93,30,
3e,06,f7,12,61,c6,91,d8,dc,b1,af,33,0f,26,67,11,67,c1,c9,86,53,b0,de,f1,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,b5,6d,db,ae,fa,3f,36,1b,17,57,52,0d,32,de,1c,34,c1,28,0f,ad,
ea,57,92,7a,86,2e,f5,fc,d3,6a,bc,81,10,89,d9,72,d1,b1,65,ad,49,7c,7c,3b,7c,\
"rkeysecu"=hex:f4,0a,c6,8c,79,67,2c,20,ab,46,71,e7,d2,9e,42,2c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(1656)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2010-07-01 10:51:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-01 08:51
ComboFix2.txt 2010-06-30 21:30

Před spuštěním: Volných bajtů: 155 164 884 992
Po spuštění: Volných bajtů: 155 159 642 112

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D3FC83CEEF1E1C3948D202FAE005B315

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:30, on 1.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SaveSnap\SaveSnap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spravce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: SaveSnap.lnk = C:\Program Files\SaveSnap\SaveSnap.exe
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{142625C9-79CF-40E8-92C9-5083C4A4ED88}: NameServer = 90.183.231.251,194.228.41.113
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 10878 bytes

Znovu:
Toto otestuj na Virustotal
c:\program files\setup.dat
c:\windows\system32\drivers\tcpip.sys
c:\program files\mediago13_x86.msi

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\CF22923.exe
c:\windows\system32\CF22792.exe
c:\windows\system32\Systemdrv.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Budu večer , nebo pomůže bledulka.

ComboFix 10-06-30.03 - Spravce 01.07.2010 15:31:53.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1190 [GMT 2:00]
Spuštěný z: c:\documents and settings\Spravce\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Spravce\Plocha\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\CF22792.exe"
"c:\windows\system32\CF22923.exe"
"c:\windows\system32\Systemdrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CF22792.exe
c:\windows\system32\CF22923.exe
c:\windows\system32\Systemdrv.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-01 do 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 09:01 . 2010-07-01 09:02 -------- d-----w- c:\program files\VirusTotalUploader2
2010-06-26 11:31 . 2010-06-26 11:31 -------- d-----w- c:\program files\City Interactive
2010-06-19 16:28 . 2010-06-30 11:53 -------- d-----w- c:\program files\Internet Download Manager
2010-06-17 18:17 . 2010-06-17 18:17 -------- d-----w- c:\program files\Cesaro
2010-06-15 22:41 . 2010-06-15 22:41 -------- d-----w- C:\cb18d36be34f4fe945b84945
2010-06-06 09:10 . 2010-06-06 09:13 -------- d-----w- c:\program files\Microsoft AutoRoute 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 07:45 . 2004-08-18 12:00 83984 ----a-w- c:\windows\system32\perfc005.dat
2010-07-01 07:45 . 2004-08-18 12:00 441234 ----a-w- c:\windows\system32\perfh005.dat
2010-06-15 18:32 . 2009-08-21 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-13 19:26 . 2008-03-14 12:37 -------- d-----w- c:\program files\Google
2010-06-06 09:09 . 2008-03-14 16:05 -------- d-----w- c:\program files\MSECache
2010-06-05 06:43 . 2008-03-13 11:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 17:42 . 2010-05-30 17:42 -------- d-----w- c:\program files\Playlogic
2010-05-30 13:36 . 2008-03-13 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 12:01 . 2010-03-13 14:07 -------- d-----w- c:\program files\Opera
2010-05-23 11:50 . 2010-03-11 15:28 -------- d-----w- c:\program files\Maxthon2
2010-05-23 09:36 . 2010-05-23 09:36 -------- d-----w- c:\program files\Dzuso
2010-05-04 17:18 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2010-05-23 10:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2009-08-21 09:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-08-21 09:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-11-04 15:45 . 2009-11-04 15:45 347285 ----a-w- c:\program files\wicplug.cab
2009-11-04 15:42 . 2009-11-04 15:42 5310976 ----a-w- c:\program files\mediago13_x86.msi
2009-11-04 10:56 . 2009-11-04 10:56 19562 ----a-w- c:\program files\browsers.cab
2009-05-28 18:08 . 2009-05-28 18:08 1278500 ----a-w- c:\program files\aviplug.cab
2009-05-28 18:08 . 2009-05-28 18:08 1386632 ----a-w- c:\program files\atracplu.cab
2009-05-28 18:08 . 2009-05-28 18:08 1906014 ----a-w- c:\program files\cddrvs.cab
2009-05-28 18:08 . 2009-05-28 18:08 35956570 ----a-w- c:\program files\main.cab
2009-05-28 18:05 . 2009-05-28 18:05 417 ----a-w- c:\program files\sfxctrl.ach
2009-05-28 18:04 . 2009-05-28 18:04 17373696 ----a-w- c:\program files\mediago11_x86.msi
2009-05-27 20:27 . 2009-05-27 20:27 1264 ----a-w- c:\program files\setup.dat
2009-05-27 20:24 . 2009-05-27 20:24 87037 ----a-w- c:\program files\readme.cab
2009-05-27 20:24 . 2009-05-27 20:24 309992 ----a-w- c:\program files\msvcrt71.cab
2009-05-27 20:24 . 2009-05-27 20:24 179627 ----a-w- c:\program files\msvcrt.cab
2009-05-27 20:24 . 2009-05-27 20:24 170593 ----a-w- c:\program files\mmlib.cab
2009-05-27 20:24 . 2009-05-27 20:24 126433 ----a-w- c:\program files\mars.cab
2009-05-27 20:23 . 2009-05-27 20:23 2054411 ----a-w- c:\program files\cddb.cab
2009-05-27 20:23 . 2009-05-27 20:23 312204 ----a-w- c:\program files\addins.cab
2009-05-27 20:12 . 2009-05-27 20:12 127844 ----a-w- c:\program files\setup.zip
2009-04-23 01:59 . 2009-04-23 01:59 14546624 ----a-w- c:\program files\PlayStationStoreSetup.exe
2009-04-09 14:58 . 2009-04-09 14:58 2847000 ----a-w- c:\program files\PSNDownloaderSetup.exe
2009-03-24 15:20 . 2009-03-24 15:20 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-01-22 18:06 . 2009-01-22 18:06 12212040 ----a-w- c:\program files\WMFDist11-WindowsXP-x86-ENU.exe
2009-01-22 18:06 . 2009-01-22 18:06 4216840 ----a-w- c:\program files\vcredist2_x86.exe
2009-01-22 18:06 . 2009-01-22 18:06 2682880 ----a-w- c:\program files\vcredist_x86.exe
2009-01-22 18:06 . 2009-01-22 18:06 3327000 ----a-w- c:\program files\WindowsXP-KB942288-v3-x86.exe
.

------- Sigcheck -------

[-] 2009-10-25 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_1$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-07-01_08.46.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-01 13:37 . 2010-07-01 13:37 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2010-07-01 13:39 . 2010-07-01 13:39 16384 c:\windows\Temp\Perflib_Perfdata_2a4.dat
+ 2010-07-01 13:39 . 2010-07-01 13:39 16384 c:\windows\Temp\Perflib_Perfdata_270.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-03-11 26624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-15 68856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-06-26 3179952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

c:\documents and settings\Spravce\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SaveSnap.lnk - c:\program files\SaveSnap\SaveSnap.exe [2009-10-28 1264128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Grand Theft Auto IV - Episodes From Liberty City\\EFLC.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2008 14:41 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25.5.2010 11:31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25.5.2010 11:31 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [23.6.2010 15:14 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25.5.2010 11:31 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25.5.2010 11:31 116784]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [14.2.2009 12:52 137344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25.5.2010 11:31 126392]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.12.2009 23:32 90112]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [14.2.2009 12:52 12032]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [13.3.2008 12:39 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27.5.2010 22:55 102448]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [5.2.2009 17:45 8192]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100630.006\IDSXpx86.sys [1.7.2010 9:44 331640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.2.2010 14:12 135664]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [3.11.2009 13:28 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [3.11.2009 13:28 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [3.11.2009 13:28 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [3.11.2009 13:28 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [3.11.2009 13:28 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [3.11.2009 13:28 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [3.11.2009 13:28 109864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-03 10:00]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 12:12]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 12:12]

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{2E5DA73F-0BA8-4C30-AF1B-54D15484F2F4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: E&xportovat do aplikace Microsoft Office Excel -
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {142625C9-79CF-40E8-92C9-5083C4A4ED88} = 90.183.231.251,194.228.41.113
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 15:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spol.sys >>UNKNOWN [0x8A581938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> prosync1.sys @ 0xb85b0661
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7c7cbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7c89a21
SendHandler -> NDIS.sys @ 0xb7c6787b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5d,ed,c8,4d,27,c8,64,10,dc,25,b4,d4,9f,9a,06,27,9f,28,37,54,63,93,30,
3e,06,f7,12,61,c6,91,d8,dc,b1,af,33,0f,26,67,11,67,c1,c9,86,53,b0,de,f1,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1659004503-1343024091-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,b5,6d,db,ae,fa,3f,36,1b,17,57,52,0d,32,de,1c,34,c1,28,0f,ad,
ea,57,92,7a,86,2e,f5,fc,d3,6a,bc,81,10,89,d9,72,d1,b1,65,ad,49,7c,7c,3b,7c,\
"rkeysecu"=hex:f4,0a,c6,8c,79,67,2c,20,ab,46,71,e7,d2,9e,42,2c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(3028)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-07-01 15:44:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-01 13:44
ComboFix2.txt 2010-07-01 08:51
ComboFix3.txt 2010-06-30 21:30

Před spuštěním: Volných bajtů: 155 290 357 760
Po spuštění: Volných bajtů: 155 273 838 592

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D016E102F6770962F8ED5549EC681207

Znovu:
Toto otestuj na Virustotal
c:\program files\setup.dat
c:\windows\system32\drivers\tcpip.sys
c:\program files\mediago13_x86.msi

Jak to vypadá s Google Chromem??

Čuss, Google Chrome, potíže stále trvají.

File setup.dat received on 2010.07.01 13:04:58 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.01 -
AhnLab-V3 2010.07.01.05 2010.07.01 -
AntiVir 8.2.4.2 2010.07.01 -
Antiy-AVL 2.0.3.7 2010.06.30 -
Authentium 5.2.0.5 2010.07.01 -
Avast 4.8.1351.0 2010.07.01 -
Avast5 5.0.332.0 2010.07.01 -
AVG 9.0.0.836 2010.07.01 -
BitDefender 7.2 2010.07.01 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.01 -
Comodo 5278 2010.07.01 -
DrWeb 5.0.2.03300 2010.07.01 -
eSafe 7.0.17.0 2010.06.30 -
eTrust-Vet 36.1.7679 2010.07.01 -
F-Prot 4.6.1.107 2010.06.30 -
F-Secure 9.0.15370.0 2010.07.01 -
Fortinet 4.1.133.0 2010.07.01 -
GData 21 2010.07.01 -
Ikarus T3.1.1.84.0 2010.07.01 -
Jiangmin 13.0.900 2010.07.01 -
Kaspersky 7.0.0.125 2010.07.01 -
McAfee 5.400.0.1158 2010.07.01 -
McAfee-GW-Edition 2010.1 2010.06.30 -
Microsoft 1.5902 2010.07.01 -
NOD32 5243 2010.07.01 -
Norman 6.05.10 2010.07.01 -
nProtect 2010-07-01.01 2010.07.01 -
Panda 10.0.2.7 2010.07.01 -
PCTools 7.0.3.5 2010.07.01 -
Prevx 3.0 2010.07.01 -
Rising 22.54.03.05 2010.07.01 -
Sophos 4.54.0 2010.07.01 -
Sunbelt 6530 2010.07.01 -
Symantec 20101.1.0.89 2010.07.01 -
TheHacker 6.5.2.0.305 2010.06.30 -
TrendMicro 9.120.0.1004 2010.07.01 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.01 -
VBA32 3.12.12.5 2010.07.01 -
ViRobot 2010.6.29.3912 2010.07.01 -
VirusBuster 5.0.27.0 2010.06.30 -
Additional information
File size: 1264 bytes
MD5 : b4eb9cef994d9f5b11744ed1713cb86a
SHA1 : 312471f6952fd3c06b2d71376029ebcc0adf87b5
SHA256: 95e324e851b15d710260de4bbfb69606110f1674121b923d12dd6ff0fcc9865b
TrID : File type identification
Unknown!
ssdeep: 24:iWVB0SQCG+LZZRDemGFRDKcQm6cPCYvZebOHDgZTkziZguvc6ZF:iqcCfbOFReIPf8YSkzNuJj
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.00 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.28 -
Avast 4.8.1351.0 2010.05.28 -
Avast5 5.0.332.0 2010.05.28 -
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.28 -
CAT-QuickHeal 10.00 2010.05.28 -
ClamAV 0.96.0.3-git 2010.05.28 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.28 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7516 2010.05.28 -
F-Prot 4.6.0.103 2010.05.28 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.28 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.28 -
Microsoft 1.5802 2010.05.28 -
NOD32 5152 2010.05.28 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
Panda 10.0.2.7 2010.05.27 -
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.28 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6367 2010.05.28 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 -
VBA32 3.12.12.5 2010.05.27 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.27 -
Additional information
File size: 361600 bytes
MD5 : cbeebeb899e31ef52b962cb31fc8ca5c
SHA1 : bb35759a536bbb8da3b21de5f450385b333e1c25
SHA256: 41f7af89da20be99b45ed8db714be0709547b93a2fc2421703eb288521122ec4
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x50D23
timedatestamp.....: 0x485B99AD (Fri Jun 20 13:51:09 2008)
machinetype.......: 0x14C (Intel I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3F05A 0x3F080 6.58 469827b02f4403f5236e017c0c4bc49a
.rdata 0x3F400 0x574 0x580 4.44 0eb5bdbba26ed4d079a201f965266cb4
.data 0x3F980 0xA4A4 0xA500 0.06 ea0c5005c163289d0c29ae80301cb86f
PAGE 0x49E80 0x1F85 0x2000 6.38 29223020b8202f58b61651e2099c84e8
PAGELK 0x4BE80 0x6F2 0x700 6.19 d82540f4886ebcffb849774114194524
PAGEIPMc 0x4C580 0x2781 0x2800 6.43 bb13276e642dee8cf0a818967e06b022
.edata 0x4ED80 0x341 0x380 5.23 32781ababdbcd87358c1d1eb84509dd0
INIT 0x4F100 0x5936 0x5980 6.19 fcef6dffef02997844f4ea0ed6e144fe
.rsrc 0x54A80 0x3F0 0x400 3.41 3fd0d62483602aa6ce780c14866b4e39
.reloc 0x54E80 0x3590 0x3600 6.79 1e3ca28ef6ff9cf6fa16149dbf4fe144

( 4 imports )

> hal.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> ndis.sys: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> tdi.sys: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 1 exports )

> ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 6144:QJVxTJMCOHOcecOeaVrith/CC/LxGh5wCQCzKLQ/xsczo:QDxTl2OzryZCAQ4CQDQ/
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Protocol Driver
original name: tcpip.sys
internal name: tcpip.sys
file version.: 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.27 -
AhnLab-V3 5.0.0.2 2010.01.27 -
AntiVir 7.9.1.150 2010.01.26 -
Antiy-AVL 2.0.3.7 2010.01.27 -
Authentium 5.2.0.5 2010.01.27 -
Avast 4.8.1351.0 2010.01.26 -
AVG 9.0.0.730 2010.01.26 -
BitDefender 7.2 2010.01.27 -
CAT-QuickHeal 10.00 2010.01.27 -
ClamAV 0.94.1 2010.01.27 -
Comodo 3722 2010.01.27 -
DrWeb 5.0.1.12222 2010.01.27 -
eSafe 7.0.17.0 2010.01.26 -
eTrust-Vet 35.2.7263 2010.01.27 -
F-Prot 4.5.1.85 2010.01.27 -
F-Secure 9.0.15370.0 2010.01.27 -
Fortinet 4.0.14.0 2010.01.27 -
GData 19 2010.01.27 -
Ikarus T3.1.1.80.0 2010.01.27 -
Jiangmin 13.0.900 2010.01.27 -
K7AntiVirus 7.10.957 2010.01.26 -
Kaspersky 7.0.0.125 2010.01.27 -
McAfee 5873 2010.01.26 -
McAfee+Artemis 5873 2010.01.26 -
McAfee-GW-Edition 6.8.5 2010.01.27 -
Microsoft 1.5406 2010.01.27 -
NOD32 4808 2010.01.26 -
Norman 6.04.03 2010.01.26 -
nProtect 2009.1.8.0 2010.01.27 -
Panda 10.0.2.2 2010.01.26 -
PCTools 7.0.3.5 2010.01.27 -
Prevx 3.0 2010.01.27 -
Rising 22.32.02.01 2010.01.27 -
Sophos 4.50.0 2010.01.27 -
Sunbelt 3.2.1858.2 2010.01.27 -
Symantec 20091.2.0.41 2010.01.27 -
TheHacker 6.5.0.9.165 2010.01.27 -
TrendMicro 9.120.0.1004 2010.01.27 -
VBA32 3.12.12.1 2010.01.26 -
ViRobot 2010.1.27.2157 2010.01.27 -
VirusBuster 5.0.21.0 2010.01.26 -
Additional information
File size: 5310976 bytes
MD5 : 29867c8e32182cf28ce7e6377f9026f8
SHA1 : 331ab37b1c89ec0d1bb24f219430f1d2ba859fc6
SHA256: 8ed463ddacaea30f37922715b6421b507bbc7bdf21d4a96f9f3b7c8a42189a96
TrID : File type identification
Microsoft Windows Installer (88.6%)
Windows SDK Setup Transform Script (6.1%)
Windows Movie Maker project (4.5%)
Generic OLE2 / Multistream Compound File (0.7%)
ssdeep: 98304:F8eBT0KZnAd+/JujM69ye9A7aSinYIlIFoRcbPoJrF7m8QyQBA7a5ORkZ97:DuKZdJujHy9YIKrF7iyO
PEiD : -
RDS : NSRL Reference Data Set
-
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

PC-HELP.CZ

Problém s Google Chromem

Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem

Re: Problém s Google Chromem