Vira jsem zavřela do truhly Avastu a do karnatény Ad-Aware, prosím o radu, co dál? POsílám výpis z SDFix
SDFix: Version 1.123
Run by U§ivatel on so 05.01.2008 at 10:00
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\UIVATE~1\Plocha\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 10:03:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\f\1t]
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,03,00,00,00,98,..
scanning hidden files ...
C:\WINDOWS\Temp\_av_proI.tm~a02756
C:\WINDOWS\Temp\_av_proI.tm~a02756\dld1.tmp 0 bytes
C:\WINDOWS\Temp\_av_proI.tm~a02756\setup.lok 0 bytes
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Messenger\loreta1703@seznam.cz\SharingMetadata\tadeaslipka@hotmail.com\DFSR\Staging\CS{E753C6B6-02B3-44E8-C821-7FAB676C5888}\01\10-{E753C6B6-02B3-44E8-C821-7FAB676C5888}-v1-{2C1E06C4-4264-46E8-B710-2942EA5EA424}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
"C:\\Documents and Settings\\U§ivatel\\Plocha\\czdcplusplus\\CZDC.exe"="C:\\Documents and Settings\\U§ivatel\\Plocha\\czdcplusplus\\CZDC.exe:*:Enabled:CZDC"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"D:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"="D:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\\Documents and Settings\\U§ivatel\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe"="C:\\Documents and Settings\\U§ivatel\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe:*:Enabled:Nero ControlCenter"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ascaron\\Patrician III\\Patrician3.exe"="C:\\Program Files\\Ascaron\\Patrician III\\Patrician3.exe:*:Enabled:Patrician3"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\UIVATE~1\Plocha\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 11 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Finished!
log z SDFix, prosím, co dál?
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
tady je log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:40, on 5.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Uživatel\Plocha\HiJackThis.exe
C:\WINDOWS\system32\imapi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9514 bytes
Scan saved at 10:43:40, on 5.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Uživatel\Plocha\HiJackThis.exe
C:\WINDOWS\system32\imapi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9514 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Log vypadá dobře.
Máš tam starou verzi Javy tak proveď její update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kde ti Avast hlásil toho vira?
Máš tam starou verzi Javy tak proveď její update:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kde ti Avast hlásil toho vira?
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
zatím díky
jdu konat dle tvých pokynů , avast hlásil vira v C:/System Volume Information/_restore}C82E358-AA32-4D05-993B-1AA953A4A25C}RP...
tak pracně jsem to opsala
Dík
tak pracně jsem to opsala
Dík
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
combofix.txt
ComboFix 08-01-04.1 - Uživatel 2008-01-05 11:42:51.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.571 [GMT 1:00]
Running from: C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Uživatel\Data aplikací\inst.exe
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-05 11:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 11:41 . 2008-01-05 11:41 <DIR> d-------- C:\Program Files\Java
2008-01-05 11:41 . 2008-01-05 11:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-05 11:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-05 09:59 . 2008-01-05 09:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-04 18:26 . 2008-01-04 18:41 <DIR> d-------- C:\HijackThis
2008-01-04 17:58 . 2008-01-04 17:58 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 17:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-04 17:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-04 17:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-04 17:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-04 17:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-04 17:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-04 00:51 . 2008-01-04 18:49 0 --a------ C:\23990098.$$$
2008-01-03 20:44 . 1980-01-01 01:00 147,968 --a------ C:\WINDOWS\R.COM
2008-01-03 20:44 . 1980-01-01 01:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-01-03 20:44 . 2008-01-04 18:58 50 --a------ C:\WINDOWS\Lic.xxx
2008-01-03 20:42 . 2008-01-05 10:28 <DIR> d-------- C:\Program Files\CCleaner
2008-01-01 17:13 . 2008-01-01 17:13 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-01 17:13 . 2008-01-01 17:13 <DIR> d-------- C:\Program Files\DIFX
2008-01-01 17:12 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-29 12:53 . 2007-12-29 12:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-29 12:39 . 2007-12-29 12:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-29 12:34 . 2001-09-20 05:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-12-29 12:34 . 2006-03-18 10:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-12-29 12:34 . 2006-07-26 07:25 247,808 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-12-29 12:34 . 2006-04-27 22:42 93,824 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-12-29 12:34 . 2006-02-07 07:54 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-12-29 12:08 . 2007-12-29 12:08 17,470 --a------ C:\WINDOWS\Ascd_tmp.ini
2007-12-29 12:08 . 2004-04-28 16:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-29 12:08 . 2004-08-13 19:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-12-29 10:06 . 1997-07-06 20:22 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2007-12-24 17:46 . 2007-12-24 17:46 202,256 --a------ C:\AUTO.pat
2007-12-24 17:46 . 2007-12-24 17:46 115,004 --a------ C:\AUTO.pst
2007-12-24 17:27 . 2007-12-24 17:27 <DIR> d-------- C:\Program Files\Ascaron
2007-12-23 12:33 . 2007-12-28 16:53 1,852 --a------ C:\WINDOWS\MapaCR.INI
2007-12-23 09:37 . 2007-12-29 12:51 <DIR> d-------- C:\Program Files\Star Defender 4
2007-12-22 19:40 . 2007-12-29 12:51 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-22 19:23 . 2007-12-22 19:23 0 --a------ C:\WINDOWS\Irremote.ini
2007-12-22 17:42 . <DIR> C:\Documents and Settings\All Users\data aplikacađ
2007-12-22 17:41 . 2007-12-22 17:42 <DIR> d-------- C:\Documents and Settings\All Users\data aplikacađ
2007-12-22 15:06 . 2007-12-22 15:06 <DIR> d-------- C:\Program Files\PLANstudio
2007-12-21 22:24 . 2007-12-29 12:53 <DIR> d-------- C:\Program Files\Opera
2007-12-16 14:33 . 1980-01-01 01:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-16 14:33 . 2007-01-30 14:16 56,320 -ra------ C:\WINDOWS\system32\Iyvu9_32.dll
2007-12-16 14:31 . 2007-12-16 14:31 <DIR> d-------- C:\Program Files\Centauri
2007-12-15 19:51 . 2007-12-15 19:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-15 12:23 . 2007-12-16 11:11 1,254 --a------ C:\WINDOWS\wininit.ini
2007-12-15 10:53 . 2007-12-16 11:19 2,476 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-11 22:09 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:09 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 21:32 . 2007-12-29 18:24 <DIR> d-------- C:\Program Files\Picasa2
2007-12-11 00:26 . 2007-12-11 00:57 <DIR> d-------- C:\Program Files\DVDFab Gold 4
2007-12-07 22:16 . 2007-12-07 22:16 <DIR> d-------- C:\Program Files\DigitalPeers
2007-12-07 22:16 . 2007-02-28 13:00 108,752 --a------ C:\WINDOWS\system32\drivers\dptrackerd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 16:38 --------- d-----w C:\Program Files\Microsoft Works
2007-12-29 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 11:55 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-22 18:40 --------- d-----w C:\Program Files\Nero
2007-12-16 09:23 --------- d-----w C:\Program Files\Popisovač CD-DVD 3
2007-12-16 09:20 --------- d-----w C:\Program Files\Oberon Media
2007-12-10 23:27 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-10 06:25 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 10:02 --------- d-----w C:\Program Files\Canon
2007-12-01 10:01 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-01 10:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-01 10:00 --------- d-----w C:\Program Files\ScanSoft
2007-12-01 09:59 --------- d-----w C:\Program Files\ArcSoft
2007-12-01 09:49 --------- d-----w C:\Program Files\CanonBJ
2007-11-25 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-23 08:21 --------- d-----w C:\Program Files\An Aliens Tale
2007-11-23 07:07 --------- d-----w C:\Program Files\Fenix Team
2007-11-22 14:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 12:17 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-22 06:42 --------- d-----w C:\Program Files\PopCap Games
2007-11-21 19:11 --------- d-----w C:\Program Files\Trymedia
2007-11-21 18:16 --------- d-----w C:\Program Files\MumboJumbo
2007-11-20 04:49 --------- d-----w C:\Program Files\Microsoft Games
2007-11-19 14:40 --------- d-----w C:\Program Files\Revistronic
2007-11-18 10:11 --------- d-----w C:\Program Files\mp3
2007-11-17 14:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-15 22:36 --------- d-----w C:\Program Files\Pando Networks
2007-11-14 11:27 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:08 --------- d-----w C:\Program Files\directx
2007-11-08 13:09 --------- d-----w C:\Program Files\ICQ6
2007-11-07 11:21 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-11-07 08:12 --------- d-----w C:\Program Files\Camfrog
2007-11-07 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-06 16:32 --------- d-----w C:\Program Files\Skype
2007-11-06 16:32 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-06 16:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-06 14:28 --------- d-----w C:\Program Files\Lavasoft
2007-11-06 14:25 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-06 14:10 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-11-06 13:56 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-06 13:56 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo
2007-11-06 12:52 --------- d-----w C:\Program Files\Analog Devices
2007-11-06 12:47 --------- d-----w C:\Program Files\DVD Shrink
2007-11-06 12:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-06 12:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 12:20 --------- d-----w C:\Program Files\ATI Technologies
2007-11-06 11:53 --------- d-----w C:\Program Files\IZArc
2007-11-06 11:23 --------- d-----w C:\Program Files\Alwil Software
2007-11-06 11:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-06 11:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [1980-01-01 01:00 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-09-21 21:34 294912]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22 36352]
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2007-10-05 12:33 5207368]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-11 14:43 181496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-07-14 09:24 49152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 15:38 1410600]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-21 05:04 847872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [1980-01-01 01:00 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Domino"=C:\WINDOWS\Domino.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [1980-01-01 01:00]
R3 ZSMC211;USB PC Camera (ZS211);C:\WINDOWS\system32\Drivers\ZS211.sys [2006-07-25 04:47]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:42 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-04 16:15:42 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job"
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.571 [GMT 1:00]
Running from: C:\Documents and Settings\Uživatel\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Uživatel\Data aplikací\inst.exe
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-05 11:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 11:41 . 2008-01-05 11:41 <DIR> d-------- C:\Program Files\Java
2008-01-05 11:41 . 2008-01-05 11:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-05 11:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-05 10:28 . 2008-01-05 10:28 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-05 09:59 . 2008-01-05 09:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-04 18:26 . 2008-01-04 18:41 <DIR> d-------- C:\HijackThis
2008-01-04 17:58 . 2008-01-04 17:58 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-01-04 17:08 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-04 17:08 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-04 17:08 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-04 17:08 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-04 17:08 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-04 17:08 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-04 00:51 . 2008-01-04 18:49 0 --a------ C:\23990098.$$$
2008-01-03 20:44 . 1980-01-01 01:00 147,968 --a------ C:\WINDOWS\R.COM
2008-01-03 20:44 . 1980-01-01 01:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-01-03 20:44 . 2008-01-04 18:58 50 --a------ C:\WINDOWS\Lic.xxx
2008-01-03 20:42 . 2008-01-05 10:28 <DIR> d-------- C:\Program Files\CCleaner
2008-01-01 17:13 . 2008-01-01 17:13 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-01 17:13 . 2008-01-01 17:13 <DIR> d-------- C:\Program Files\DIFX
2008-01-01 17:12 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-29 12:53 . 2007-12-29 12:53 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-29 12:39 . 2007-12-29 12:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-29 12:34 . 2001-09-20 05:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-12-29 12:34 . 2006-03-18 10:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-12-29 12:34 . 2006-07-26 07:25 247,808 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-12-29 12:34 . 2006-04-27 22:42 93,824 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-12-29 12:34 . 2006-02-07 07:54 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-12-29 12:08 . 2007-12-29 12:08 17,470 --a------ C:\WINDOWS\Ascd_tmp.ini
2007-12-29 12:08 . 2004-04-28 16:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-29 12:08 . 2004-08-13 19:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-12-29 10:06 . 1997-07-06 20:22 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2007-12-24 17:46 . 2007-12-24 17:46 202,256 --a------ C:\AUTO.pat
2007-12-24 17:46 . 2007-12-24 17:46 115,004 --a------ C:\AUTO.pst
2007-12-24 17:27 . 2007-12-24 17:27 <DIR> d-------- C:\Program Files\Ascaron
2007-12-23 12:33 . 2007-12-28 16:53 1,852 --a------ C:\WINDOWS\MapaCR.INI
2007-12-23 09:37 . 2007-12-29 12:51 <DIR> d-------- C:\Program Files\Star Defender 4
2007-12-22 19:40 . 2007-12-29 12:51 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-22 19:23 . 2007-12-22 19:23 0 --a------ C:\WINDOWS\Irremote.ini
2007-12-22 17:42 . <DIR> C:\Documents and Settings\All Users\data aplikacađ
2007-12-22 17:41 . 2007-12-22 17:42 <DIR> d-------- C:\Documents and Settings\All Users\data aplikacađ
2007-12-22 15:06 . 2007-12-22 15:06 <DIR> d-------- C:\Program Files\PLANstudio
2007-12-21 22:24 . 2007-12-29 12:53 <DIR> d-------- C:\Program Files\Opera
2007-12-16 14:33 . 1980-01-01 01:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-16 14:33 . 2007-01-30 14:16 56,320 -ra------ C:\WINDOWS\system32\Iyvu9_32.dll
2007-12-16 14:31 . 2007-12-16 14:31 <DIR> d-------- C:\Program Files\Centauri
2007-12-15 19:51 . 2007-12-15 19:51 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-15 12:23 . 2007-12-16 11:11 1,254 --a------ C:\WINDOWS\wininit.ini
2007-12-15 10:53 . 2007-12-16 11:19 2,476 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-11 22:09 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:09 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 21:32 . 2007-12-29 18:24 <DIR> d-------- C:\Program Files\Picasa2
2007-12-11 00:26 . 2007-12-11 00:57 <DIR> d-------- C:\Program Files\DVDFab Gold 4
2007-12-07 22:16 . 2007-12-07 22:16 <DIR> d-------- C:\Program Files\DigitalPeers
2007-12-07 22:16 . 2007-02-28 13:00 108,752 --a------ C:\WINDOWS\system32\drivers\dptrackerd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 16:38 --------- d-----w C:\Program Files\Microsoft Works
2007-12-29 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 11:55 --------- d-----w C:\Program Files\GameSpy Arcade
2007-12-22 18:40 --------- d-----w C:\Program Files\Nero
2007-12-16 09:23 --------- d-----w C:\Program Files\Popisovač CD-DVD 3
2007-12-16 09:20 --------- d-----w C:\Program Files\Oberon Media
2007-12-10 23:27 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-10 06:25 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 10:02 --------- d-----w C:\Program Files\Canon
2007-12-01 10:01 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-01 10:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-01 10:00 --------- d-----w C:\Program Files\ScanSoft
2007-12-01 09:59 --------- d-----w C:\Program Files\ArcSoft
2007-12-01 09:49 --------- d-----w C:\Program Files\CanonBJ
2007-11-25 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-23 08:21 --------- d-----w C:\Program Files\An Aliens Tale
2007-11-23 07:07 --------- d-----w C:\Program Files\Fenix Team
2007-11-22 14:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 12:17 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-22 06:42 --------- d-----w C:\Program Files\PopCap Games
2007-11-21 19:11 --------- d-----w C:\Program Files\Trymedia
2007-11-21 18:16 --------- d-----w C:\Program Files\MumboJumbo
2007-11-20 04:49 --------- d-----w C:\Program Files\Microsoft Games
2007-11-19 14:40 --------- d-----w C:\Program Files\Revistronic
2007-11-18 10:11 --------- d-----w C:\Program Files\mp3
2007-11-17 14:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-15 22:36 --------- d-----w C:\Program Files\Pando Networks
2007-11-14 11:27 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:08 --------- d-----w C:\Program Files\directx
2007-11-08 13:09 --------- d-----w C:\Program Files\ICQ6
2007-11-07 11:21 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-11-07 08:12 --------- d-----w C:\Program Files\Camfrog
2007-11-07 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-06 16:32 --------- d-----w C:\Program Files\Skype
2007-11-06 16:32 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-06 16:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-06 14:28 --------- d-----w C:\Program Files\Lavasoft
2007-11-06 14:25 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-06 14:10 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-11-06 13:56 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-06 13:56 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo
2007-11-06 12:52 --------- d-----w C:\Program Files\Analog Devices
2007-11-06 12:47 --------- d-----w C:\Program Files\DVD Shrink
2007-11-06 12:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-06 12:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 12:20 --------- d-----w C:\Program Files\ATI Technologies
2007-11-06 11:53 --------- d-----w C:\Program Files\IZArc
2007-11-06 11:23 --------- d-----w C:\Program Files\Alwil Software
2007-11-06 11:20 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-06 11:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [1980-01-01 01:00 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-09-21 21:34 294912]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22 36352]
"Pando"="C:\Program Files\Pando Networks\Pando\pando.exe" [2007-10-05 12:33 5207368]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-11 14:43 181496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-07-14 09:24 49152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 15:38 1410600]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-21 05:04 847872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [1980-01-01 01:00 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Domino"=C:\WINDOWS\Domino.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [1980-01-01 01:00]
R3 ZSMC211;USB PC Camera (ZS211);C:\WINDOWS\system32\Drivers\ZS211.sys [2006-07-25 04:47]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:15:42 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-04 16:15:42 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job"
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.
Vypni obnovu systému:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře control sysdm.cpl,,4 Otevře se ti okno na záložce Obnovení systému a tam zaškrtni možnost Vypnout nástroj Obnova systému na všech jednotkách a klikni na tlačítko Ok. Restartuj Pc.
Pak si zapni opačným postupem Obnovu systému.
Pokud jsi tak ještě neučinila tak si aktualizuj tu Javu. Pak by to mělo být v pořádku.
Vypni obnovu systému:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře control sysdm.cpl,,4 Otevře se ti okno na záložce Obnovení systému a tam zaškrtni možnost Vypnout nástroj Obnova systému na všech jednotkách a klikni na tlačítko Ok. Restartuj Pc.
Pak si zapni opačným postupem Obnovu systému.
Pokud jsi tak ještě neučinila tak si aktualizuj tu Javu. Pak by to mělo být v pořádku.
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
fajn
javu mám, postupuju krok za krokem podle tebe, všechno si i vytisknu, mělo by mi to zlikvidovat i toho vira? Díky. Jinak tohle jsou tady PREFEKTNÍ rady a pomocníci.!!!
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
jsem tu
tak problém je v tom, že se mi neobjevuje ta záložka Obnovení systému 
-
loreta1703
- nováček
- Příspěvky: 10
- Registrován: leden 08
- Pohlaví:
- Stav:
Offline
podařilo se mi to najít
teď ještě dotaz, z té truhly to můžu vyhodit? a z jakého důvodu mi obrazovka, když ji vypnu zůstává bílá, místo aby zčernala a občas, když chci otevřít z plochy jakoukoliv sožku , tak mi jen přeblikne obraz, zmizí všechny ikony, a pak se objeví, ale složka se neotevře? Většinou pomůže to otevřít přes pravé tlačítko 
) Může za to taky vir?
Díky
) Může za to taky vir?
Díky
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Zkus se dostat k té obnově ještě takto:
Klikni pravým tlačítkem myši na Tento počítač -> Vlastnosti -> Obnova systému a zaškrtni volbu Vypnout nástroj obnova systému na všech jednotkách. Klikni na OK. Pak restartuj PC.
Po nejetí zpět do Windows si opačným způsobem můžeš zapnout obnovu systému zpět tím že zruším zatržení u již zmíněné položky.
Dej vědět jak to vypadá. Možná by mohla pomoc reinstalace služby obnovy systém, ale k tomu bude pravděpodobně potře instalační CD s Windows.
Ty infikované soubory z truhly můžeš vymazat.
S tou obrazovkou netuším, to bude asi spíš problém hardware.
Klikni pravým tlačítkem myši na Tento počítač -> Vlastnosti -> Obnova systému a zaškrtni volbu Vypnout nástroj obnova systému na všech jednotkách. Klikni na OK. Pak restartuj PC.
Po nejetí zpět do Windows si opačným způsobem můžeš zapnout obnovu systému zpět tím že zruším zatržení u již zmíněné položky.
Dej vědět jak to vypadá. Možná by mohla pomoc reinstalace služby obnovy systém, ale k tomu bude pravděpodobně potře instalační CD s Windows.
Ty infikované soubory z truhly můžeš vymazat.
S tou obrazovkou netuším, to bude asi spíš problém hardware.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti