Mno pořád se mi laguje comp, vyskakuje donekonečna wokno NODu32 a hlásí pořád ty samé virusy dookola...
Pro jistotu sem v NetLimiteru zakázal něaký program asi C:/windows/system32/ a tam něaký router.exe nebo tak něak....
Mno a tak se obracím na Vás, aby jste mi poradili co s tím... . :-)
PŘEDEM DíKY...
LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:09, on 13.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Visual Tool Tip\VisualToolTip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamCleaner\RamCleaner.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\PowerArchiver\PAStarter.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\Yod'm3D\Yodm3D.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\z2 Remote2PC\R2PCServ.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinFast\WFDTV\DVBTAP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 82.98.86.178 dlfzr.cn
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual Tool Tip\VisualToolTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\RamCleaner.exe -s
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PAStarter.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\Yod'm3D\Yodm3D.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8B29C2-C2F2-4812-8F7D-BD41BBC14B09}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: z2 Remote2PC Server (z2 R2PC Server) - z2 Software - C:\Program Files\z2 Remote2PC\R2PCServ.exe
--
End of file - 15925 bytes
Hodně prosím o kontrolu logu....
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
jeden log stačí 
vítej na fóru PC-HELP 
spust služby- napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Routing Service (Routing),zastav a typ spuštění dej na zakázáno.
najdi a smaž C:\WINDOWS\system32\routing.exe
(líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení)
potom restartuj a pošli novej log z hijackthis a info o kompu
vítej na fóru PC-HELP
spust služby- napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Routing Service (Routing),zastav a typ spuštění dej na zakázáno.
najdi a smaž C:\WINDOWS\system32\routing.exe
(líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení)
potom restartuj a pošli novej log z hijackthis a info o kompu
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
-
Figi
- nováček
- Příspěvky: 17
- Registrován: leden 08
- Bydliště: okolí ovy
- Pohlaví:
- Stav:
Offline
- Kontakt:
uhummm
no.... nejen že mi ten prográmek zakázal na chvíli net, ale i vymazal autoruny z Hdd a nemám už ikonky u hdd
a tky mi nejde většina programů, jako TrueTransparency a vymazal mi i pár dobrých vĚciček (nebo že by to byly viry???) a ukončil většinu věcí z Tray...
RESTARTUJU comp a uvidím jak bude...
Zde je LOG:
ComboFix 08-01-13.1 - SergioAmuneli 2008-01-13 17:15:06.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.343 [GMT 1:00]
Running from: C:\Documents and Settings\SergioAmuneli\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\WINDOWS
C:\WINDOWS\WINDOWS\Vista Dock\Data\General.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Icons.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Position.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Style.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultIcons\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultIcons\Unknown.png
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\background.ini
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\bg.png
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\sep.png
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\separator.ini
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\Docklets\Defaults.ini
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Clock.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Control Panel.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Folder.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Internet Shortcut.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Computer.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Documents.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Music.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Network Places.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Pictures.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Options.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Recycle Bin (full).png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Recycle Bin.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\MouseHook.dll
C:\WINDOWS\WINDOWS\Vista Dock\Vista Dock.exe
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.
2008-01-13 17:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 16:17 . 2008-01-13 16:21 <DIR> d---s---- C:\Program Files\Trend Micro
2008-01-12 18:04 . 2008-01-12 18:04 6,011 --a------ C:\WINDOWS\W!n V!sta.Theme
2008-01-12 12:02 . 2008-01-12 12:03 <DIR> d---s---- C:\Program Files\toycon
2008-01-12 11:19 . 2008-01-12 11:25 <DIR> d--h----- C:\NST
2008-01-12 10:11 . 2008-01-12 10:11 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\ViStart
2008-01-12 00:19 . 2008-01-12 12:10 2,322,816 --a------ C:\WINDOWS\system32\kernel1.exe
2008-01-12 00:19 . 2008-01-12 11:09 2,322,816 --a------ C:\WINDOWS\system32\KERNEL.TMP
2008-01-12 00:16 . 2099-08-22 09:53 355 -rahs---- C:\BOOT.BKK
2008-01-12 00:01 . 2008-01-12 00:01 244 --ah----- C:\sqmnoopt01.sqm
2008-01-12 00:01 . 2008-01-12 00:01 232 --ah----- C:\sqmdata01.sqm
2008-01-11 23:55 . 2008-01-12 00:06 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Contacts
2008-01-11 23:53 . 2008-01-12 00:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-11 23:53 . 2008-01-12 00:05 <DIR> d---s---- C:\Program Files\MSN Messenger
2008-01-11 23:53 . 2008-01-11 23:53 268 --ah----- C:\sqmdata00.sqm
2008-01-11 23:53 . 2008-01-11 23:53 244 --ah----- C:\sqmnoopt00.sqm
2008-01-11 21:20 . 2008-01-11 21:24 5,110 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-11 21:06 . 2008-01-11 21:06 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-11 20:40 . 2008-01-11 20:40 0 --------- C:\WINDOWS\WB.ini
2008-01-11 20:37 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-11 20:30 . 2008-01-11 20:30 654,257 --a------ C:\WINDOWS\Clown Fish.jpg
2008-01-10 18:48 . 2008-01-10 18:48 86,226 --a------ C:\WINDOWS\Grass.jpg
2008-01-10 18:44 . 2008-01-10 18:34 175,426 --a------ C:\WINDOWS\Grass Ripples.jpg
2008-01-10 17:40 . 2008-01-10 17:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-10 17:40 . 2008-01-10 17:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-10 17:40 . 2008-01-10 17:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-10 16:53 . 2008-01-10 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\sentinel
2008-01-10 15:41 . 2008-01-10 15:43 <DIR> d---s---- C:\nod_upd
2008-01-09 18:03 . 2008-01-09 18:07 <DIR> d---s---- C:\Program Files\RocketDock
2008-01-01 12:44 . 2008-01-01 12:47 <DIR> d---s---- C:\Program Files\DivX
2007-12-31 13:58 . 2008-01-06 16:28 <DIR> d---s---- C:\Program Files\QIP Infium
2007-12-31 11:02 . 2007-12-31 11:02 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-31 10:27 . 2008-01-13 16:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\skypePM
2007-12-31 10:27 . 2007-12-31 10:27 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-12-31 10:15 . 2008-01-13 16:57 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Skype
2007-12-31 10:14 . 2007-12-31 17:05 <DIR> d---s---- C:\Program Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-31 10:07 . 2007-12-31 17:04 <DIR> d---s---- C:\Program Files\Macromedia
2007-12-31 10:07 . 2007-12-31 10:10 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-12-30 18:47 . 2007-12-30 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Metacafe
2007-12-28 22:41 . 2007-12-28 22:49 <DIR> d---s---- C:\Program Files\eJay
2007-12-28 18:46 . 2007-12-28 18:46 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Lavasoft
2007-12-28 16:21 . 2007-12-28 16:21 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Thunderbird
2007-12-28 16:20 . 2008-01-13 15:43 <DIR> d---s---- C:\Program Files\Mozilla Thunderbird
2007-12-27 15:23 . 2007-12-27 15:23 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Acoustica
2007-12-27 15:22 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Acoustica Shared Effects
2007-12-27 15:22 . 2007-12-28 21:21 <DIR> d---s---- C:\Program Files\Acoustica Mixcraft 3
2007-12-27 15:22 . 2007-12-27 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Acoustica
2007-12-27 15:22 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-12-25 15:19 . 2008-01-12 10:43 <DIR> d---s---- C:\Program Files\Stardock
2007-12-25 15:19 . 2007-12-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-12-24 16:14 . 2007-12-28 21:49 <DIR> d---s---- C:\Program Files\Styler
2007-12-24 16:14 . 2007-12-24 16:14 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Styler
2007-12-24 16:07 . 2008-01-12 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FogelSoft
2007-12-24 16:04 . 2008-01-12 10:47 <DIR> d---s---- C:\Program Files\VSE
2007-12-23 18:58 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Yod'm3D
2007-12-22 12:27 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\LegWinTym 1.25
2007-12-16 20:51 . 2007-12-16 20:51 43 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 17:37 . 2007-12-16 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-12-16 17:33 . 2007-12-28 21:23 <DIR> d---s---- C:\Program Files\Bonjour
2007-12-16 17:22 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-15 22:05 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Advanced Registry Doctor
2007-12-15 19:11 . 2007-12-28 21:26 <DIR> d---s---- C:\Program Files\Formosoft
2007-12-15 19:11 . 2003-11-04 19:08 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-12-15 19:11 . 2003-04-18 16:11 258,048 --a------ C:\WINDOWS\system32\AquaReal.ocx
2007-12-15 19:11 . 2002-11-15 17:56 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-12-15 19:10 . 2007-12-28 21:45 <DIR> d---s---- C:\Program Files\Screamer Radio
2007-12-15 18:33 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\CBS Software
2007-12-15 18:27 . 2007-12-16 09:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\DMCache
2007-12-15 18:21 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\Classic Menu for Office
2007-12-15 18:04 . 2007-12-28 21:54 <DIR> d---s---- C:\Program Files\Web Page Maker V2
2007-12-15 18:04 . 2007-12-15 18:04 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Web Page Maker V2
2007-12-15 17:46 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\MagicDVDRipper
2007-12-15 17:34 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Your Uninstaller 2008
2007-12-15 16:26 . 2007-12-15 16:26 32,768 --a------ C:\WINDOWS\system32\routing.exe
2007-12-15 16:26 . 2007-12-15 16:26 40 --a------ C:\WINDOWS\system32\drmgs.sys
2007-12-15 16:24 . 2007-12-28 21:37 <DIR> d---s---- C:\Program Files\MagicISO
2007-12-15 16:24 . 2006-11-27 18:53 2,666,654 --a------ C:\WINDOWS\Setup_MagicISO.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 16:22 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Hamachi
2008-01-13 16:13 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\uTorrent
2008-01-13 14:33 --------- d-s---w C:\Program Files\z2 Remote2PC
2008-01-13 14:33 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\VMware
2008-01-13 14:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\VMware
2008-01-12 18:02 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-12 10:58 --------- d-----r C:\Program Files\PowerArchiver
2008-01-12 09:48 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\FogelSoft
2008-01-11 22:49 --------- d-s---w C:\Program Files\TrueTransparency
2008-01-11 20:24 71,738 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-10 16:36 --------- d-----r C:\Program Files\BeClean
2008-01-10 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 17:53 --------- d-----r C:\Program Files\Hide IP Platinum
2007-12-31 14:34 --------- d-----r C:\Program Files\FlashFXP
2007-12-30 22:15 --------- d-----r C:\Program Files\TC UP
2007-12-28 20:57 128 --sha-w C:\Program Files\desktop.ini
2007-12-28 20:56 --------- d-s---w C:\Program Files\YouSendIt
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinPcap
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinHex
2007-12-28 20:54 --------- d-s---w C:\Program Files\VstPlugins
2007-12-28 20:53 --------- d-s---w C:\Program Files\Visual Tool Tip
2007-12-28 20:53 --------- d-s---w C:\Program Files\Vista Drive Icon
2007-12-28 20:53 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\VMware
2007-12-28 20:52 --------- d-s---w C:\Program Files\VirtualDJ
2007-12-28 20:51 --------- d-s---w C:\Program Files\URUSoft
2007-12-28 20:51 --------- d-s---w C:\Program Files\TRANSLAT
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec AntiVirus for Handhelds
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec
2007-12-28 20:50 --------- d-s---w C:\Program Files\SuperAdBlocker.com
2007-12-28 20:48 --------- d-s---w C:\Program Files\Spb Software House
2007-12-28 20:48 --------- d-s---w C:\Program Files\SOTI
2007-12-28 20:46 --------- d-s---w C:\Program Files\Sony
2007-12-28 20:46 --------- d-s---w C:\Program Files\Serials 2005
2007-12-28 20:45 --------- d-s---w C:\Program Files\SBSH
2007-12-28 20:45 --------- d-s---w C:\Program Files\Resco
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay Converter
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay AV 8
2007-12-28 20:43 --------- d-s---w C:\Program Files\Real Desktop
2007-12-28 20:43 --------- d-s---w C:\Program Files\PPC Tablet
2007-12-28 20:42 --------- d-s---w C:\Program Files\PDFCreator
2007-12-28 20:42 --------- d-s---w C:\Program Files\OpenSSL
2007-12-28 20:41 --------- d-s---w C:\Program Files\Omega One
2007-12-28 20:40 --------- d-s---w C:\Program Files\Netwasp
2007-12-28 20:40 --------- d-s---w C:\Program Files\NetLimiter 2 Pro
2007-12-28 20:40 --------- d-s---w C:\Program Files\NeoSmart Technologies
2007-12-28 20:39 --------- d-s---w C:\Program Files\Mobipocket.com
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft.NET
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft SQL Server
2007-12-28 20:37 --------- d-s---w C:\Program Files\Microsoft .NET Compact Framework 1.0 SP2
2007-12-28 20:36 --------- d-s---w C:\Program Files\Kwyshell
2007-12-28 20:35 --------- d-s---w C:\Program Files\Java
2007-12-28 20:34 --------- d-s---w C:\Program Files\IRemote
2007-12-28 20:34 --------- d-s---w C:\Program Files\Image-Line
2007-12-28 20:34 --------- d-s---w C:\Program Files\ICQ6
2007-12-28 20:33 --------- d-s---w C:\Program Files\HTV
2007-12-28 20:32 --------- d-s---w C:\Program Files\Hamachi
2007-12-28 20:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-28 20:26 --------- d-s---w C:\Program Files\Fraps
2007-12-28 20:25 --------- d-s---w C:\Program Files\CulinatiX
2007-12-28 20:25 --------- d-s---w C:\Program Files\Consumer Update Firmware
2007-12-28 20:24 --------- d-s---w C:\Program Files\Conduits Pocket Slides
2007-12-28 20:23 --------- d-s---w C:\Program Files\Ali Update Tool
2007-12-28 20:22 --------- d-s---w C:\Program Files\Aikido3D
2007-12-28 20:21 --------- d-s---w C:\Program Files\!xSpeedPro
2007-12-28 17:42 --------- d-----r C:\Program Files\Lavasoft
2007-12-27 14:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-24 15:20 --------- d-----r C:\Program Files\uTorrent
2007-12-24 12:26 --------- d-----r C:\Program Files\xB-Browser
2007-12-16 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 09:30 --------- d-----r C:\Program Files\Winamp
2007-12-16 09:18 --------- d-----r C:\Program Files\K-Meleon
2007-12-16 08:50 --------- d-----r C:\Program Files\Offline Explorer Enterprise
2007-12-16 08:35 --------- d-----r C:\Program Files\Microsoft ActiveSync
2007-12-12 19:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-07 18:40 --------- d-----r C:\Program Files\QIP
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-25 14:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2007-11-20 13:59 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-15 16:51 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Sony
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Publish Providers
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\NetMedia Providers
2007-11-15 16:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Sony
2007-11-14 21:25 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Offline Explorer
2007-11-14 18:00 --------- d-----w C:\Program Files\Common Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 06:10 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-10-22 06:10 1,015,808 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-10-13 18:28 53,248 ----a-w C:\WINDOWS\system32\css.dll
2007-09-12 15:28 7,780 ----a-w C:\Documents and Settings\SergioAmuneli\FMCodec.dat
2007-08-28 07:42 118,784 ----a-w C:\Program Files\getpdascreen.exe
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-15 09:41 1460312]
"RamCleaner"="C:\Program Files\RamCleaner\RamCleaner.exe" [2005-03-10 20:09 437248]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2007-09-21 22:10 26624]
"WEBTRAN"="" []
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-21 14:29 219952]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:50 1289000]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PAStarter.EXE" [2007-08-10 16:19 140328]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SpeedConnectStartUp"="" []
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2005-05-25 12:12 517632]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"TrueTransparency"="C:\Program Files\TrueTransparency\TrueTransparency.exe" [2007-10-28 15:46 133120]
"Yodm3D"="C:\Program Files\Yod'm3D\Yodm3D.exe" [2007-06-26 19:26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 08:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 04:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 21:52 56112]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 12:12 2287152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 07:01 456704]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"VisualTooltip"="C:\Program Files\Visual Tool Tip\VisualToolTip.exe" [2007-04-25 09:45 956928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 08:35 7630848]
"Thunderbird"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe" [2007-11-01 00:15 8479856]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-10 17:37 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
C:\Documents and Settings\SergioAmuneli\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-12-28 21:31:25]
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2007-12-28 16:20:51]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:43]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2003-07-19 18:59:27]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-10 16:16:47]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Mˇstnˇ vyhled v nˇ.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 13:55:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 13:53 293888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-05-14 13:20 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-11-13 17:58]
R0 MEMLOCK;Secured Memory Driver;C:\WINDOWS\system32\drivers\memlock.sys [2003-12-15 08:36]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-06-14 20:44]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 13:00]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2007-12-15 16:26]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 12:55]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10]
R2 z2 R2PC Server;z2 Remote2PC Server;"C:\Program Files\z2 Remote2PC\R2PCServ.exe" [2007-11-02 21:07]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 09:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 vmkbd;VMware kbd;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 21:52]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\SETUP.EXE /AUTORUN
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 14:34:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 17:22:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-13 17:26:38
ComboFix-quarantined-files.txt 2008-01-13 16:26:36
.
2008-01-10 17:00:47 --- E O F ---
no.... nejen že mi ten prográmek zakázal na chvíli net, ale i vymazal autoruny z Hdd a nemám už ikonky u hdd
a tky mi nejde většina programů, jako TrueTransparency a vymazal mi i pár dobrých vĚciček (nebo že by to byly viry???) a ukončil většinu věcí z Tray...
RESTARTUJU comp a uvidím jak bude...
Zde je LOG:
ComboFix 08-01-13.1 - SergioAmuneli 2008-01-13 17:15:06.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.343 [GMT 1:00]
Running from: C:\Documents and Settings\SergioAmuneli\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\WINDOWS
C:\WINDOWS\WINDOWS\Vista Dock\Data\General.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Icons.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Position.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Style.png
C:\WINDOWS\WINDOWS\Vista Dock\Data\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultIcons\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultIcons\Unknown.png
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\background.ini
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\bg.png
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\sep.png
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\separator.ini
C:\WINDOWS\WINDOWS\Vista Dock\Defaults\DefaultSkin\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\Docklets\Defaults.ini
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Clock.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Control Panel.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Folder.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Internet Shortcut.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Computer.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Documents.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Music.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Network Places.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\My Pictures.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Options.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Recycle Bin (full).png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Recycle Bin.png
C:\WINDOWS\WINDOWS\Vista Dock\Icons\Thumbs.db
C:\WINDOWS\WINDOWS\Vista Dock\MouseHook.dll
C:\WINDOWS\WINDOWS\Vista Dock\Vista Dock.exe
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.
2008-01-13 17:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 16:17 . 2008-01-13 16:21 <DIR> d---s---- C:\Program Files\Trend Micro
2008-01-12 18:04 . 2008-01-12 18:04 6,011 --a------ C:\WINDOWS\W!n V!sta.Theme
2008-01-12 12:02 . 2008-01-12 12:03 <DIR> d---s---- C:\Program Files\toycon
2008-01-12 11:19 . 2008-01-12 11:25 <DIR> d--h----- C:\NST
2008-01-12 10:11 . 2008-01-12 10:11 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\ViStart
2008-01-12 00:19 . 2008-01-12 12:10 2,322,816 --a------ C:\WINDOWS\system32\kernel1.exe
2008-01-12 00:19 . 2008-01-12 11:09 2,322,816 --a------ C:\WINDOWS\system32\KERNEL.TMP
2008-01-12 00:16 . 2099-08-22 09:53 355 -rahs---- C:\BOOT.BKK
2008-01-12 00:01 . 2008-01-12 00:01 244 --ah----- C:\sqmnoopt01.sqm
2008-01-12 00:01 . 2008-01-12 00:01 232 --ah----- C:\sqmdata01.sqm
2008-01-11 23:55 . 2008-01-12 00:06 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Contacts
2008-01-11 23:53 . 2008-01-12 00:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-11 23:53 . 2008-01-12 00:05 <DIR> d---s---- C:\Program Files\MSN Messenger
2008-01-11 23:53 . 2008-01-11 23:53 268 --ah----- C:\sqmdata00.sqm
2008-01-11 23:53 . 2008-01-11 23:53 244 --ah----- C:\sqmnoopt00.sqm
2008-01-11 21:20 . 2008-01-11 21:24 5,110 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-11 21:06 . 2008-01-11 21:06 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-11 20:40 . 2008-01-11 20:40 0 --------- C:\WINDOWS\WB.ini
2008-01-11 20:37 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-11 20:30 . 2008-01-11 20:30 654,257 --a------ C:\WINDOWS\Clown Fish.jpg
2008-01-10 18:48 . 2008-01-10 18:48 86,226 --a------ C:\WINDOWS\Grass.jpg
2008-01-10 18:44 . 2008-01-10 18:34 175,426 --a------ C:\WINDOWS\Grass Ripples.jpg
2008-01-10 17:40 . 2008-01-10 17:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-10 17:40 . 2008-01-10 17:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-10 17:40 . 2008-01-10 17:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-10 16:53 . 2008-01-10 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\sentinel
2008-01-10 15:41 . 2008-01-10 15:43 <DIR> d---s---- C:\nod_upd
2008-01-09 18:03 . 2008-01-09 18:07 <DIR> d---s---- C:\Program Files\RocketDock
2008-01-01 12:44 . 2008-01-01 12:47 <DIR> d---s---- C:\Program Files\DivX
2007-12-31 13:58 . 2008-01-06 16:28 <DIR> d---s---- C:\Program Files\QIP Infium
2007-12-31 11:02 . 2007-12-31 11:02 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-31 10:27 . 2008-01-13 16:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\skypePM
2007-12-31 10:27 . 2007-12-31 10:27 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-12-31 10:15 . 2008-01-13 16:57 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Skype
2007-12-31 10:14 . 2007-12-31 17:05 <DIR> d---s---- C:\Program Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-31 10:07 . 2007-12-31 17:04 <DIR> d---s---- C:\Program Files\Macromedia
2007-12-31 10:07 . 2007-12-31 10:10 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-12-30 18:47 . 2007-12-30 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Metacafe
2007-12-28 22:41 . 2007-12-28 22:49 <DIR> d---s---- C:\Program Files\eJay
2007-12-28 18:46 . 2007-12-28 18:46 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Lavasoft
2007-12-28 16:21 . 2007-12-28 16:21 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Thunderbird
2007-12-28 16:20 . 2008-01-13 15:43 <DIR> d---s---- C:\Program Files\Mozilla Thunderbird
2007-12-27 15:23 . 2007-12-27 15:23 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Acoustica
2007-12-27 15:22 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Acoustica Shared Effects
2007-12-27 15:22 . 2007-12-28 21:21 <DIR> d---s---- C:\Program Files\Acoustica Mixcraft 3
2007-12-27 15:22 . 2007-12-27 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Acoustica
2007-12-27 15:22 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-12-25 15:19 . 2008-01-12 10:43 <DIR> d---s---- C:\Program Files\Stardock
2007-12-25 15:19 . 2007-12-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-12-24 16:14 . 2007-12-28 21:49 <DIR> d---s---- C:\Program Files\Styler
2007-12-24 16:14 . 2007-12-24 16:14 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Styler
2007-12-24 16:07 . 2008-01-12 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FogelSoft
2007-12-24 16:04 . 2008-01-12 10:47 <DIR> d---s---- C:\Program Files\VSE
2007-12-23 18:58 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Yod'm3D
2007-12-22 12:27 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\LegWinTym 1.25
2007-12-16 20:51 . 2007-12-16 20:51 43 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 17:37 . 2007-12-16 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-12-16 17:33 . 2007-12-28 21:23 <DIR> d---s---- C:\Program Files\Bonjour
2007-12-16 17:22 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-15 22:05 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Advanced Registry Doctor
2007-12-15 19:11 . 2007-12-28 21:26 <DIR> d---s---- C:\Program Files\Formosoft
2007-12-15 19:11 . 2003-11-04 19:08 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-12-15 19:11 . 2003-04-18 16:11 258,048 --a------ C:\WINDOWS\system32\AquaReal.ocx
2007-12-15 19:11 . 2002-11-15 17:56 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-12-15 19:10 . 2007-12-28 21:45 <DIR> d---s---- C:\Program Files\Screamer Radio
2007-12-15 18:33 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\CBS Software
2007-12-15 18:27 . 2007-12-16 09:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\DMCache
2007-12-15 18:21 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\Classic Menu for Office
2007-12-15 18:04 . 2007-12-28 21:54 <DIR> d---s---- C:\Program Files\Web Page Maker V2
2007-12-15 18:04 . 2007-12-15 18:04 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Web Page Maker V2
2007-12-15 17:46 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\MagicDVDRipper
2007-12-15 17:34 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Your Uninstaller 2008
2007-12-15 16:26 . 2007-12-15 16:26 32,768 --a------ C:\WINDOWS\system32\routing.exe
2007-12-15 16:26 . 2007-12-15 16:26 40 --a------ C:\WINDOWS\system32\drmgs.sys
2007-12-15 16:24 . 2007-12-28 21:37 <DIR> d---s---- C:\Program Files\MagicISO
2007-12-15 16:24 . 2006-11-27 18:53 2,666,654 --a------ C:\WINDOWS\Setup_MagicISO.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 16:22 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Hamachi
2008-01-13 16:13 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\uTorrent
2008-01-13 14:33 --------- d-s---w C:\Program Files\z2 Remote2PC
2008-01-13 14:33 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\VMware
2008-01-13 14:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\VMware
2008-01-12 18:02 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-12 10:58 --------- d-----r C:\Program Files\PowerArchiver
2008-01-12 09:48 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\FogelSoft
2008-01-11 22:49 --------- d-s---w C:\Program Files\TrueTransparency
2008-01-11 20:24 71,738 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-10 16:36 --------- d-----r C:\Program Files\BeClean
2008-01-10 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 17:53 --------- d-----r C:\Program Files\Hide IP Platinum
2007-12-31 14:34 --------- d-----r C:\Program Files\FlashFXP
2007-12-30 22:15 --------- d-----r C:\Program Files\TC UP
2007-12-28 20:57 128 --sha-w C:\Program Files\desktop.ini
2007-12-28 20:56 --------- d-s---w C:\Program Files\YouSendIt
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinPcap
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinHex
2007-12-28 20:54 --------- d-s---w C:\Program Files\VstPlugins
2007-12-28 20:53 --------- d-s---w C:\Program Files\Visual Tool Tip
2007-12-28 20:53 --------- d-s---w C:\Program Files\Vista Drive Icon
2007-12-28 20:53 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\VMware
2007-12-28 20:52 --------- d-s---w C:\Program Files\VirtualDJ
2007-12-28 20:51 --------- d-s---w C:\Program Files\URUSoft
2007-12-28 20:51 --------- d-s---w C:\Program Files\TRANSLAT
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec AntiVirus for Handhelds
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec
2007-12-28 20:50 --------- d-s---w C:\Program Files\SuperAdBlocker.com
2007-12-28 20:48 --------- d-s---w C:\Program Files\Spb Software House
2007-12-28 20:48 --------- d-s---w C:\Program Files\SOTI
2007-12-28 20:46 --------- d-s---w C:\Program Files\Sony
2007-12-28 20:46 --------- d-s---w C:\Program Files\Serials 2005
2007-12-28 20:45 --------- d-s---w C:\Program Files\SBSH
2007-12-28 20:45 --------- d-s---w C:\Program Files\Resco
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay Converter
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay AV 8
2007-12-28 20:43 --------- d-s---w C:\Program Files\Real Desktop
2007-12-28 20:43 --------- d-s---w C:\Program Files\PPC Tablet
2007-12-28 20:42 --------- d-s---w C:\Program Files\PDFCreator
2007-12-28 20:42 --------- d-s---w C:\Program Files\OpenSSL
2007-12-28 20:41 --------- d-s---w C:\Program Files\Omega One
2007-12-28 20:40 --------- d-s---w C:\Program Files\Netwasp
2007-12-28 20:40 --------- d-s---w C:\Program Files\NetLimiter 2 Pro
2007-12-28 20:40 --------- d-s---w C:\Program Files\NeoSmart Technologies
2007-12-28 20:39 --------- d-s---w C:\Program Files\Mobipocket.com
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft.NET
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft SQL Server
2007-12-28 20:37 --------- d-s---w C:\Program Files\Microsoft .NET Compact Framework 1.0 SP2
2007-12-28 20:36 --------- d-s---w C:\Program Files\Kwyshell
2007-12-28 20:35 --------- d-s---w C:\Program Files\Java
2007-12-28 20:34 --------- d-s---w C:\Program Files\IRemote
2007-12-28 20:34 --------- d-s---w C:\Program Files\Image-Line
2007-12-28 20:34 --------- d-s---w C:\Program Files\ICQ6
2007-12-28 20:33 --------- d-s---w C:\Program Files\HTV
2007-12-28 20:32 --------- d-s---w C:\Program Files\Hamachi
2007-12-28 20:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-28 20:26 --------- d-s---w C:\Program Files\Fraps
2007-12-28 20:25 --------- d-s---w C:\Program Files\CulinatiX
2007-12-28 20:25 --------- d-s---w C:\Program Files\Consumer Update Firmware
2007-12-28 20:24 --------- d-s---w C:\Program Files\Conduits Pocket Slides
2007-12-28 20:23 --------- d-s---w C:\Program Files\Ali Update Tool
2007-12-28 20:22 --------- d-s---w C:\Program Files\Aikido3D
2007-12-28 20:21 --------- d-s---w C:\Program Files\!xSpeedPro
2007-12-28 17:42 --------- d-----r C:\Program Files\Lavasoft
2007-12-27 14:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-24 15:20 --------- d-----r C:\Program Files\uTorrent
2007-12-24 12:26 --------- d-----r C:\Program Files\xB-Browser
2007-12-16 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 09:30 --------- d-----r C:\Program Files\Winamp
2007-12-16 09:18 --------- d-----r C:\Program Files\K-Meleon
2007-12-16 08:50 --------- d-----r C:\Program Files\Offline Explorer Enterprise
2007-12-16 08:35 --------- d-----r C:\Program Files\Microsoft ActiveSync
2007-12-12 19:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-07 18:40 --------- d-----r C:\Program Files\QIP
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-25 14:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2007-11-20 13:59 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-15 16:51 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Sony
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Publish Providers
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\NetMedia Providers
2007-11-15 16:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Sony
2007-11-14 21:25 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Offline Explorer
2007-11-14 18:00 --------- d-----w C:\Program Files\Common Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 06:10 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-10-22 06:10 1,015,808 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-10-13 18:28 53,248 ----a-w C:\WINDOWS\system32\css.dll
2007-09-12 15:28 7,780 ----a-w C:\Documents and Settings\SergioAmuneli\FMCodec.dat
2007-08-28 07:42 118,784 ----a-w C:\Program Files\getpdascreen.exe
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-15 09:41 1460312]
"RamCleaner"="C:\Program Files\RamCleaner\RamCleaner.exe" [2005-03-10 20:09 437248]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2007-09-21 22:10 26624]
"WEBTRAN"="" []
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-21 14:29 219952]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:50 1289000]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PAStarter.EXE" [2007-08-10 16:19 140328]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SpeedConnectStartUp"="" []
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2005-05-25 12:12 517632]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"TrueTransparency"="C:\Program Files\TrueTransparency\TrueTransparency.exe" [2007-10-28 15:46 133120]
"Yodm3D"="C:\Program Files\Yod'm3D\Yodm3D.exe" [2007-06-26 19:26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 08:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 04:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 21:52 56112]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 12:12 2287152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 07:01 456704]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"VisualTooltip"="C:\Program Files\Visual Tool Tip\VisualToolTip.exe" [2007-04-25 09:45 956928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 08:35 7630848]
"Thunderbird"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe" [2007-11-01 00:15 8479856]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-10 17:37 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
C:\Documents and Settings\SergioAmuneli\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-12-28 21:31:25]
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2007-12-28 16:20:51]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:43]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2003-07-19 18:59:27]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-10 16:16:47]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Mˇstnˇ vyhled v nˇ.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 13:55:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 13:53 293888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-05-14 13:20 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-11-13 17:58]
R0 MEMLOCK;Secured Memory Driver;C:\WINDOWS\system32\drivers\memlock.sys [2003-12-15 08:36]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-06-14 20:44]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 13:00]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe [2007-12-15 16:26]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 12:55]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10]
R2 z2 R2PC Server;z2 Remote2PC Server;"C:\Program Files\z2 Remote2PC\R2PCServ.exe" [2007-11-02 21:07]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 09:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 vmkbd;VMware kbd;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 21:52]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\SETUP.EXE /AUTORUN
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 14:34:54 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 17:22:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-13 17:26:38
ComboFix-quarantined-files.txt 2008-01-13 16:26:36
.
2008-01-10 17:00:47 --- E O F ---
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\routing.exeZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
-
Figi
- nováček
- Příspěvky: 17
- Registrován: leden 08
- Bydliště: okolí ovy
- Pohlaví:
- Stav:
Offline
- Kontakt:
PS: Super...
Zase mi nešel net... musel sem dát opravit....
TEn combo fix je fakt záludný VIR!!!!! Pěkně mi smázne mé soubory...
..Zničí programy...
..Zabere hafo času a CPU..
..Po retartu se mi vždy neobjeví okraje oken..
..Sekne se mi PC..
..Nejde myš..
..atd...
reklama na ComboFix by mněla znít asi takto:
Chcete si dojebat svůj PC snadno a rychle?
Chcete vyplýtvat svůj drahocený čas?
Tak to je VIR ComboFix tak akorát pro vás!!!
Stačí stáhnout, spustit zmáčknout 1 a potvrdit entrem a už se dějí věci...
Už mně nepřinutíte spustit ten skurvený program...
Programy se ptají, jesli mají být jako defaultní pro užívaní...
NapŘ Firefox, Thunderbird...
Brána firewall je jako pŘi nainstalováni SP.....
Je to prostě napiču..
Takto moje vyjádření...
Mněl sem se učit, a místo toho strávím čas za
a) Opravováním systému a zvunkčování XP
nebo za
b) Formátováním HDD a následovná instalace XP a visty+ programy (těch je dost)+ nastavení....
VŠE a i b vyjde nastejno.....
Asi fakt propadnu...
Takže tady je LOG:
ComboFix 08-01-13.1 - SergioAmuneli 2008-01-13 18:10:52.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.295 [GMT 1:00]
Running from: C:\Documents and Settings\SergioAmuneli\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\SergioAmuneli\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\routing.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\routing.exe
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.
2008-01-13 17:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 16:17 . 2008-01-13 16:21 <DIR> d---s---- C:\Program Files\Trend Micro
2008-01-12 18:04 . 2008-01-12 18:04 6,011 --a------ C:\WINDOWS\W!n V!sta.Theme
2008-01-12 12:02 . 2008-01-12 12:03 <DIR> d---s---- C:\Program Files\toycon
2008-01-12 11:19 . 2008-01-12 11:25 <DIR> d--h----- C:\NST
2008-01-12 10:11 . 2008-01-12 10:11 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\ViStart
2008-01-12 00:19 . 2008-01-12 12:10 2,322,816 --a------ C:\WINDOWS\system32\kernel1.exe
2008-01-12 00:19 . 2008-01-12 11:09 2,322,816 --a------ C:\WINDOWS\system32\KERNEL.TMP
2008-01-12 00:16 . 2099-08-22 09:53 355 -rahs---- C:\BOOT.BKK
2008-01-12 00:01 . 2008-01-12 00:01 244 --ah----- C:\sqmnoopt01.sqm
2008-01-12 00:01 . 2008-01-12 00:01 232 --ah----- C:\sqmdata01.sqm
2008-01-11 23:55 . 2008-01-12 00:06 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Contacts
2008-01-11 23:53 . 2008-01-12 00:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-11 23:53 . 2008-01-12 00:05 <DIR> d---s---- C:\Program Files\MSN Messenger
2008-01-11 23:53 . 2008-01-11 23:53 268 --ah----- C:\sqmdata00.sqm
2008-01-11 23:53 . 2008-01-11 23:53 244 --ah----- C:\sqmnoopt00.sqm
2008-01-11 21:20 . 2008-01-11 21:24 5,110 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-11 21:06 . 2008-01-11 21:06 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-11 20:40 . 2008-01-11 20:40 0 --------- C:\WINDOWS\WB.ini
2008-01-11 20:37 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-11 20:30 . 2008-01-11 20:30 654,257 --a------ C:\WINDOWS\Clown Fish.jpg
2008-01-10 18:48 . 2008-01-10 18:48 86,226 --a------ C:\WINDOWS\Grass.jpg
2008-01-10 18:44 . 2008-01-10 18:34 175,426 --a------ C:\WINDOWS\Grass Ripples.jpg
2008-01-10 17:40 . 2008-01-10 17:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-10 17:40 . 2008-01-10 17:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-10 17:40 . 2008-01-10 17:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-10 16:53 . 2008-01-10 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\sentinel
2008-01-10 15:41 . 2008-01-10 15:43 <DIR> d---s---- C:\nod_upd
2008-01-09 18:03 . 2008-01-09 18:07 <DIR> d---s---- C:\Program Files\RocketDock
2008-01-01 12:44 . 2008-01-01 12:47 <DIR> d---s---- C:\Program Files\DivX
2007-12-31 13:58 . 2008-01-06 16:28 <DIR> d---s---- C:\Program Files\QIP Infium
2007-12-31 11:02 . 2007-12-31 11:02 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-31 10:27 . 2008-01-13 16:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\skypePM
2007-12-31 10:27 . 2007-12-31 10:27 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-12-31 10:15 . 2008-01-13 17:32 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Skype
2007-12-31 10:14 . 2007-12-31 17:05 <DIR> d---s---- C:\Program Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-31 10:07 . 2007-12-31 17:04 <DIR> d---s---- C:\Program Files\Macromedia
2007-12-31 10:07 . 2007-12-31 10:10 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-12-30 18:47 . 2007-12-30 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Metacafe
2007-12-28 22:41 . 2007-12-28 22:49 <DIR> d---s---- C:\Program Files\eJay
2007-12-28 18:46 . 2007-12-28 18:46 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Lavasoft
2007-12-28 16:21 . 2007-12-28 16:21 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Thunderbird
2007-12-28 16:20 . 2008-01-13 18:10 <DIR> d---s---- C:\Program Files\Mozilla Thunderbird
2007-12-27 15:23 . 2007-12-27 15:23 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Acoustica
2007-12-27 15:22 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Acoustica Shared Effects
2007-12-27 15:22 . 2007-12-28 21:21 <DIR> d---s---- C:\Program Files\Acoustica Mixcraft 3
2007-12-27 15:22 . 2007-12-27 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Acoustica
2007-12-27 15:22 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-12-25 15:19 . 2008-01-12 10:43 <DIR> d---s---- C:\Program Files\Stardock
2007-12-25 15:19 . 2007-12-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-12-24 16:14 . 2007-12-28 21:49 <DIR> d---s---- C:\Program Files\Styler
2007-12-24 16:14 . 2007-12-24 16:14 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Styler
2007-12-24 16:07 . 2008-01-12 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FogelSoft
2007-12-24 16:04 . 2008-01-12 10:47 <DIR> d---s---- C:\Program Files\VSE
2007-12-23 18:58 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Yod'm3D
2007-12-22 12:27 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\LegWinTym 1.25
2007-12-16 20:51 . 2007-12-16 20:51 43 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 17:37 . 2007-12-16 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-12-16 17:33 . 2007-12-28 21:23 <DIR> d---s---- C:\Program Files\Bonjour
2007-12-16 17:22 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-15 22:05 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Advanced Registry Doctor
2007-12-15 19:11 . 2007-12-28 21:26 <DIR> d---s---- C:\Program Files\Formosoft
2007-12-15 19:11 . 2003-11-04 19:08 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-12-15 19:11 . 2003-04-18 16:11 258,048 --a------ C:\WINDOWS\system32\AquaReal.ocx
2007-12-15 19:11 . 2002-11-15 17:56 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-12-15 19:10 . 2007-12-28 21:45 <DIR> d---s---- C:\Program Files\Screamer Radio
2007-12-15 18:33 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\CBS Software
2007-12-15 18:27 . 2007-12-16 09:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\DMCache
2007-12-15 18:21 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\Classic Menu for Office
2007-12-15 18:04 . 2007-12-28 21:54 <DIR> d---s---- C:\Program Files\Web Page Maker V2
2007-12-15 18:04 . 2007-12-15 18:04 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Web Page Maker V2
2007-12-15 17:46 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\MagicDVDRipper
2007-12-15 17:34 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Your Uninstaller 2008
2007-12-15 16:26 . 2007-12-15 16:26 40 --a------ C:\WINDOWS\system32\drmgs.sys
2007-12-15 16:24 . 2007-12-28 21:37 <DIR> d---s---- C:\Program Files\MagicISO
2007-12-15 16:24 . 2006-11-27 18:53 2,666,654 --a------ C:\WINDOWS\Setup_MagicISO.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 17:17 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Hamachi
2008-01-13 17:10 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\uTorrent
2008-01-13 17:01 --------- d-s---w C:\Program Files\z2 Remote2PC
2008-01-13 17:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\VMware
2008-01-13 17:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\VMware
2008-01-13 16:43 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-12 10:58 --------- d-----r C:\Program Files\PowerArchiver
2008-01-12 09:48 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\FogelSoft
2008-01-11 22:49 --------- d-s---w C:\Program Files\TrueTransparency
2008-01-11 20:24 71,738 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-10 16:36 --------- d-----r C:\Program Files\BeClean
2008-01-10 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 17:53 --------- d-----r C:\Program Files\Hide IP Platinum
2007-12-31 14:34 --------- d-----r C:\Program Files\FlashFXP
2007-12-30 22:15 --------- d-----r C:\Program Files\TC UP
2007-12-28 20:57 128 --sha-w C:\Program Files\desktop.ini
2007-12-28 20:56 --------- d-s---w C:\Program Files\YouSendIt
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinPcap
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinHex
2007-12-28 20:54 --------- d-s---w C:\Program Files\VstPlugins
2007-12-28 20:53 --------- d-s---w C:\Program Files\Visual Tool Tip
2007-12-28 20:53 --------- d-s---w C:\Program Files\Vista Drive Icon
2007-12-28 20:53 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\VMware
2007-12-28 20:52 --------- d-s---w C:\Program Files\VirtualDJ
2007-12-28 20:51 --------- d-s---w C:\Program Files\URUSoft
2007-12-28 20:51 --------- d-s---w C:\Program Files\TRANSLAT
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec AntiVirus for Handhelds
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec
2007-12-28 20:50 --------- d-s---w C:\Program Files\SuperAdBlocker.com
2007-12-28 20:48 --------- d-s---w C:\Program Files\Spb Software House
2007-12-28 20:48 --------- d-s---w C:\Program Files\SOTI
2007-12-28 20:46 --------- d-s---w C:\Program Files\Sony
2007-12-28 20:46 --------- d-s---w C:\Program Files\Serials 2005
2007-12-28 20:45 --------- d-s---w C:\Program Files\SBSH
2007-12-28 20:45 --------- d-s---w C:\Program Files\Resco
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay Converter
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay AV 8
2007-12-28 20:43 --------- d-s---w C:\Program Files\Real Desktop
2007-12-28 20:43 --------- d-s---w C:\Program Files\PPC Tablet
2007-12-28 20:42 --------- d-s---w C:\Program Files\PDFCreator
2007-12-28 20:42 --------- d-s---w C:\Program Files\OpenSSL
2007-12-28 20:41 --------- d-s---w C:\Program Files\Omega One
2007-12-28 20:40 --------- d-s---w C:\Program Files\Netwasp
2007-12-28 20:40 --------- d-s---w C:\Program Files\NetLimiter 2 Pro
2007-12-28 20:40 --------- d-s---w C:\Program Files\NeoSmart Technologies
2007-12-28 20:39 --------- d-s---w C:\Program Files\Mobipocket.com
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft.NET
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft SQL Server
2007-12-28 20:37 --------- d-s---w C:\Program Files\Microsoft .NET Compact Framework 1.0 SP2
2007-12-28 20:36 --------- d-s---w C:\Program Files\Kwyshell
2007-12-28 20:35 --------- d-s---w C:\Program Files\Java
2007-12-28 20:34 --------- d-s---w C:\Program Files\IRemote
2007-12-28 20:34 --------- d-s---w C:\Program Files\Image-Line
2007-12-28 20:34 --------- d-s---w C:\Program Files\ICQ6
2007-12-28 20:33 --------- d-s---w C:\Program Files\HTV
2007-12-28 20:32 --------- d-s---w C:\Program Files\Hamachi
2007-12-28 20:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-28 20:26 --------- d-s---w C:\Program Files\Fraps
2007-12-28 20:25 --------- d-s---w C:\Program Files\CulinatiX
2007-12-28 20:25 --------- d-s---w C:\Program Files\Consumer Update Firmware
2007-12-28 20:24 --------- d-s---w C:\Program Files\Conduits Pocket Slides
2007-12-28 20:23 --------- d-s---w C:\Program Files\Ali Update Tool
2007-12-28 20:22 --------- d-s---w C:\Program Files\Aikido3D
2007-12-28 20:21 --------- d-s---w C:\Program Files\!xSpeedPro
2007-12-28 17:42 --------- d-----r C:\Program Files\Lavasoft
2007-12-27 14:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-24 15:20 --------- d-----r C:\Program Files\uTorrent
2007-12-24 12:26 --------- d-----r C:\Program Files\xB-Browser
2007-12-16 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 09:30 --------- d-----r C:\Program Files\Winamp
2007-12-16 09:18 --------- d-----r C:\Program Files\K-Meleon
2007-12-16 08:50 --------- d-----r C:\Program Files\Offline Explorer Enterprise
2007-12-16 08:35 --------- d-----r C:\Program Files\Microsoft ActiveSync
2007-12-12 19:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-07 18:40 --------- d-----r C:\Program Files\QIP
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-25 14:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2007-11-20 13:59 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-15 16:51 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Sony
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Publish Providers
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\NetMedia Providers
2007-11-15 16:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Sony
2007-11-14 21:25 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Offline Explorer
2007-11-14 18:00 --------- d-----w C:\Program Files\Common Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 06:10 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-10-22 06:10 1,015,808 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-10-13 18:28 53,248 ----a-w C:\WINDOWS\system32\css.dll
2007-09-12 15:28 7,780 ----a-w C:\Documents and Settings\SergioAmuneli\FMCodec.dat
2007-08-28 07:42 118,784 ----a-w C:\Program Files\getpdascreen.exe
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-13_17.26.24,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 16:14:48 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 17:10:46 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 16:14:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 17:10:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 16:14:48 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 17:10:47 13,033,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 16:14:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 17:10:47 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 16:14:49 13,017,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 17:10:47 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 16:14:49 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 17:10:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 14:33:31 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-01-13 17:01:07 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-01-13 14:33:31 65,536 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-01-13 17:01:07 65,536 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat
- 2008-01-13 15:56:21 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008011320080114\index.dat
+ 2008-01-13 17:00:05 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008011320080114\index.dat
+ 2008-01-13 17:01:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a24.dat
- 2008-01-13 14:33:31 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-13 17:01:07 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-15 09:41 1460312]
"RamCleaner"="C:\Program Files\RamCleaner\RamCleaner.exe" [2005-03-10 20:09 437248]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2007-09-21 22:10 26624]
"WEBTRAN"="" []
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-21 14:29 219952]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:50 1289000]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PAStarter.EXE" [2007-08-10 16:19 140328]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SpeedConnectStartUp"="" []
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2005-05-25 12:12 517632]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Yodm3D"="C:\Program Files\Yod'm3D\Yodm3D.exe" [2007-06-26 19:26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 08:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 04:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 21:52 56112]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 12:12 2287152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 07:01 456704]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"VisualTooltip"="C:\Program Files\Visual Tool Tip\VisualToolTip.exe" [2007-04-25 09:45 956928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 08:35 7630848]
"Thunderbird"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe" [2007-11-01 00:15 8479856]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-10 17:37 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
C:\Documents and Settings\SergioAmuneli\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-12-28 21:31:25]
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2007-12-28 16:20:51]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:43]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2003-07-19 18:59:27]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-10 16:16:47]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Mˇstnˇ vyhled v nˇ.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 13:55:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 13:53 293888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-05-14 13:20 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-11-13 17:58]
R0 MEMLOCK;Secured Memory Driver;C:\WINDOWS\system32\drivers\memlock.sys [2003-12-15 08:36]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-06-14 20:44]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 13:00]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 12:55]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10]
R2 z2 R2PC Server;z2 Remote2PC Server;"C:\Program Files\z2 Remote2PC\R2PCServ.exe" [2007-11-02 21:07]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 09:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 vmkbd;VMware kbd;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 21:52]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\SETUP.EXE /AUTORUN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 17:02:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 18:18:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-13 18:21:50
ComboFix-quarantined-files.txt 2008-01-13 17:21:49
ComboFix2.txt 2008-01-13 16:26:39
.
2008-01-10 17:00:47 --- E O F ---
PS: udělal sem to dobře? (viz příloha)
PPS: musel sem resetovat pc: cca 5x - nešla myŠ, nezobrazovaly se okraje woken...
Zase mi nešel net... musel sem dát opravit....
TEn combo fix je fakt záludný VIR!!!!! Pěkně mi smázne mé soubory...
..Zničí programy...
..Zabere hafo času a CPU..
..Po retartu se mi vždy neobjeví okraje oken..
..Sekne se mi PC..
..Nejde myš..
..atd...
reklama na ComboFix by mněla znít asi takto:
Chcete si dojebat svůj PC snadno a rychle?
Chcete vyplýtvat svůj drahocený čas?
Tak to je VIR ComboFix tak akorát pro vás!!!
Stačí stáhnout, spustit zmáčknout 1 a potvrdit entrem a už se dějí věci...
Už mně nepřinutíte spustit ten skurvený program...
Programy se ptají, jesli mají být jako defaultní pro užívaní...
NapŘ Firefox, Thunderbird...
Brána firewall je jako pŘi nainstalováni SP.....
Je to prostě napiču..
Takto moje vyjádření...
Mněl sem se učit, a místo toho strávím čas za
a) Opravováním systému a zvunkčování XP
nebo za
b) Formátováním HDD a následovná instalace XP a visty+ programy (těch je dost)+ nastavení....
VŠE a i b vyjde nastejno.....
Asi fakt propadnu...
Takže tady je LOG:
ComboFix 08-01-13.1 - SergioAmuneli 2008-01-13 18:10:52.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.295 [GMT 1:00]
Running from: C:\Documents and Settings\SergioAmuneli\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\SergioAmuneli\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\routing.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\routing.exe
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.
2008-01-13 17:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 16:17 . 2008-01-13 16:21 <DIR> d---s---- C:\Program Files\Trend Micro
2008-01-12 18:04 . 2008-01-12 18:04 6,011 --a------ C:\WINDOWS\W!n V!sta.Theme
2008-01-12 12:02 . 2008-01-12 12:03 <DIR> d---s---- C:\Program Files\toycon
2008-01-12 11:19 . 2008-01-12 11:25 <DIR> d--h----- C:\NST
2008-01-12 10:11 . 2008-01-12 10:11 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\ViStart
2008-01-12 00:19 . 2008-01-12 12:10 2,322,816 --a------ C:\WINDOWS\system32\kernel1.exe
2008-01-12 00:19 . 2008-01-12 11:09 2,322,816 --a------ C:\WINDOWS\system32\KERNEL.TMP
2008-01-12 00:16 . 2099-08-22 09:53 355 -rahs---- C:\BOOT.BKK
2008-01-12 00:01 . 2008-01-12 00:01 244 --ah----- C:\sqmnoopt01.sqm
2008-01-12 00:01 . 2008-01-12 00:01 232 --ah----- C:\sqmdata01.sqm
2008-01-11 23:55 . 2008-01-12 00:06 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Contacts
2008-01-11 23:53 . 2008-01-12 00:02 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-11 23:53 . 2008-01-12 00:05 <DIR> d---s---- C:\Program Files\MSN Messenger
2008-01-11 23:53 . 2008-01-11 23:53 268 --ah----- C:\sqmdata00.sqm
2008-01-11 23:53 . 2008-01-11 23:53 244 --ah----- C:\sqmnoopt00.sqm
2008-01-11 21:20 . 2008-01-11 21:24 5,110 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-11 21:06 . 2008-01-11 21:06 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-11 20:40 . 2008-01-11 20:40 0 --------- C:\WINDOWS\WB.ini
2008-01-11 20:37 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-11 20:30 . 2008-01-11 20:30 654,257 --a------ C:\WINDOWS\Clown Fish.jpg
2008-01-10 18:48 . 2008-01-10 18:48 86,226 --a------ C:\WINDOWS\Grass.jpg
2008-01-10 18:44 . 2008-01-10 18:34 175,426 --a------ C:\WINDOWS\Grass Ripples.jpg
2008-01-10 17:40 . 2008-01-10 17:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-10 17:40 . 2008-01-10 17:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-10 17:40 . 2008-01-10 17:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-10 16:53 . 2008-01-10 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\sentinel
2008-01-10 15:41 . 2008-01-10 15:43 <DIR> d---s---- C:\nod_upd
2008-01-09 18:03 . 2008-01-09 18:07 <DIR> d---s---- C:\Program Files\RocketDock
2008-01-01 12:44 . 2008-01-01 12:47 <DIR> d---s---- C:\Program Files\DivX
2007-12-31 13:58 . 2008-01-06 16:28 <DIR> d---s---- C:\Program Files\QIP Infium
2007-12-31 11:02 . 2007-12-31 11:02 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-12-31 10:27 . 2008-01-13 16:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\skypePM
2007-12-31 10:27 . 2007-12-31 10:27 32 --a------ C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-12-31 10:15 . 2008-01-13 17:32 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Skype
2007-12-31 10:14 . 2007-12-31 17:05 <DIR> d---s---- C:\Program Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-31 10:14 . 2007-12-31 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-31 10:07 . 2007-12-31 17:04 <DIR> d---s---- C:\Program Files\Macromedia
2007-12-31 10:07 . 2007-12-31 10:10 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-12-30 18:47 . 2007-12-30 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Metacafe
2007-12-28 22:41 . 2007-12-28 22:49 <DIR> d---s---- C:\Program Files\eJay
2007-12-28 18:46 . 2007-12-28 18:46 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Lavasoft
2007-12-28 16:21 . 2007-12-28 16:21 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Thunderbird
2007-12-28 16:20 . 2008-01-13 18:10 <DIR> d---s---- C:\Program Files\Mozilla Thunderbird
2007-12-27 15:23 . 2007-12-27 15:23 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Acoustica
2007-12-27 15:22 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Acoustica Shared Effects
2007-12-27 15:22 . 2007-12-28 21:21 <DIR> d---s---- C:\Program Files\Acoustica Mixcraft 3
2007-12-27 15:22 . 2007-12-27 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Acoustica
2007-12-27 15:22 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-12-25 15:19 . 2008-01-12 10:43 <DIR> d---s---- C:\Program Files\Stardock
2007-12-25 15:19 . 2007-12-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-12-24 16:14 . 2007-12-28 21:49 <DIR> d---s---- C:\Program Files\Styler
2007-12-24 16:14 . 2007-12-24 16:14 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Styler
2007-12-24 16:07 . 2008-01-12 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FogelSoft
2007-12-24 16:04 . 2008-01-12 10:47 <DIR> d---s---- C:\Program Files\VSE
2007-12-23 18:58 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Yod'm3D
2007-12-22 12:27 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\LegWinTym 1.25
2007-12-16 20:51 . 2007-12-16 20:51 43 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 17:37 . 2007-12-16 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-12-16 17:33 . 2007-12-28 21:23 <DIR> d---s---- C:\Program Files\Bonjour
2007-12-16 17:22 . 2007-12-16 17:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-15 22:05 . 2007-12-28 21:22 <DIR> d---s---- C:\Program Files\Advanced Registry Doctor
2007-12-15 19:11 . 2007-12-28 21:26 <DIR> d---s---- C:\Program Files\Formosoft
2007-12-15 19:11 . 2003-11-04 19:08 1,032,192 --a------ C:\WINDOWS\AquaReal.scr
2007-12-15 19:11 . 2003-04-18 16:11 258,048 --a------ C:\WINDOWS\system32\AquaReal.ocx
2007-12-15 19:11 . 2002-11-15 17:56 131,072 --a------ C:\WINDOWS\SNVerifyDLL.dll
2007-12-15 19:10 . 2007-12-28 21:45 <DIR> d---s---- C:\Program Files\Screamer Radio
2007-12-15 18:33 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\CBS Software
2007-12-15 18:27 . 2007-12-16 09:33 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\DMCache
2007-12-15 18:21 . 2007-12-28 21:24 <DIR> d---s---- C:\Program Files\Classic Menu for Office
2007-12-15 18:04 . 2007-12-28 21:54 <DIR> d---s---- C:\Program Files\Web Page Maker V2
2007-12-15 18:04 . 2007-12-15 18:04 <DIR> d-------- C:\Documents and Settings\SergioAmuneli\Data aplikací\Web Page Maker V2
2007-12-15 17:46 . 2007-12-28 21:36 <DIR> d---s---- C:\Program Files\MagicDVDRipper
2007-12-15 17:34 . 2007-12-28 21:56 <DIR> d---s---- C:\Program Files\Your Uninstaller 2008
2007-12-15 16:26 . 2007-12-15 16:26 40 --a------ C:\WINDOWS\system32\drmgs.sys
2007-12-15 16:24 . 2007-12-28 21:37 <DIR> d---s---- C:\Program Files\MagicISO
2007-12-15 16:24 . 2006-11-27 18:53 2,666,654 --a------ C:\WINDOWS\Setup_MagicISO.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 17:17 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Hamachi
2008-01-13 17:10 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\uTorrent
2008-01-13 17:01 --------- d-s---w C:\Program Files\z2 Remote2PC
2008-01-13 17:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\VMware
2008-01-13 17:00 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\VMware
2008-01-13 16:43 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-12 10:58 --------- d-----r C:\Program Files\PowerArchiver
2008-01-12 09:48 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\FogelSoft
2008-01-11 22:49 --------- d-s---w C:\Program Files\TrueTransparency
2008-01-11 20:24 71,738 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-10 16:36 --------- d-----r C:\Program Files\BeClean
2008-01-10 15:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 17:53 --------- d-----r C:\Program Files\Hide IP Platinum
2007-12-31 14:34 --------- d-----r C:\Program Files\FlashFXP
2007-12-30 22:15 --------- d-----r C:\Program Files\TC UP
2007-12-28 20:57 128 --sha-w C:\Program Files\desktop.ini
2007-12-28 20:56 --------- d-s---w C:\Program Files\YouSendIt
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinPcap
2007-12-28 20:55 --------- d-s---w C:\Program Files\WinHex
2007-12-28 20:54 --------- d-s---w C:\Program Files\VstPlugins
2007-12-28 20:53 --------- d-s---w C:\Program Files\Visual Tool Tip
2007-12-28 20:53 --------- d-s---w C:\Program Files\Vista Drive Icon
2007-12-28 20:53 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\VMware
2007-12-28 20:52 --------- d-s---w C:\Program Files\VirtualDJ
2007-12-28 20:51 --------- d-s---w C:\Program Files\URUSoft
2007-12-28 20:51 --------- d-s---w C:\Program Files\TRANSLAT
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec AntiVirus for Handhelds
2007-12-28 20:50 --------- d-s---w C:\Program Files\Symantec
2007-12-28 20:50 --------- d-s---w C:\Program Files\SuperAdBlocker.com
2007-12-28 20:48 --------- d-s---w C:\Program Files\Spb Software House
2007-12-28 20:48 --------- d-s---w C:\Program Files\SOTI
2007-12-28 20:46 --------- d-s---w C:\Program Files\Sony
2007-12-28 20:46 --------- d-s---w C:\Program Files\Serials 2005
2007-12-28 20:45 --------- d-s---w C:\Program Files\SBSH
2007-12-28 20:45 --------- d-s---w C:\Program Files\Resco
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay Converter
2007-12-28 20:44 --------- d-s---w C:\Program Files\Replay AV 8
2007-12-28 20:43 --------- d-s---w C:\Program Files\Real Desktop
2007-12-28 20:43 --------- d-s---w C:\Program Files\PPC Tablet
2007-12-28 20:42 --------- d-s---w C:\Program Files\PDFCreator
2007-12-28 20:42 --------- d-s---w C:\Program Files\OpenSSL
2007-12-28 20:41 --------- d-s---w C:\Program Files\Omega One
2007-12-28 20:40 --------- d-s---w C:\Program Files\Netwasp
2007-12-28 20:40 --------- d-s---w C:\Program Files\NetLimiter 2 Pro
2007-12-28 20:40 --------- d-s---w C:\Program Files\NeoSmart Technologies
2007-12-28 20:39 --------- d-s---w C:\Program Files\Mobipocket.com
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft.NET
2007-12-28 20:38 --------- d-s---w C:\Program Files\Microsoft SQL Server
2007-12-28 20:37 --------- d-s---w C:\Program Files\Microsoft .NET Compact Framework 1.0 SP2
2007-12-28 20:36 --------- d-s---w C:\Program Files\Kwyshell
2007-12-28 20:35 --------- d-s---w C:\Program Files\Java
2007-12-28 20:34 --------- d-s---w C:\Program Files\IRemote
2007-12-28 20:34 --------- d-s---w C:\Program Files\Image-Line
2007-12-28 20:34 --------- d-s---w C:\Program Files\ICQ6
2007-12-28 20:33 --------- d-s---w C:\Program Files\HTV
2007-12-28 20:32 --------- d-s---w C:\Program Files\Hamachi
2007-12-28 20:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-28 20:26 --------- d-s---w C:\Program Files\Fraps
2007-12-28 20:25 --------- d-s---w C:\Program Files\CulinatiX
2007-12-28 20:25 --------- d-s---w C:\Program Files\Consumer Update Firmware
2007-12-28 20:24 --------- d-s---w C:\Program Files\Conduits Pocket Slides
2007-12-28 20:23 --------- d-s---w C:\Program Files\Ali Update Tool
2007-12-28 20:22 --------- d-s---w C:\Program Files\Aikido3D
2007-12-28 20:21 --------- d-s---w C:\Program Files\!xSpeedPro
2007-12-28 17:42 --------- d-----r C:\Program Files\Lavasoft
2007-12-27 14:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-24 15:20 --------- d-----r C:\Program Files\uTorrent
2007-12-24 12:26 --------- d-----r C:\Program Files\xB-Browser
2007-12-16 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-16 09:30 --------- d-----r C:\Program Files\Winamp
2007-12-16 09:18 --------- d-----r C:\Program Files\K-Meleon
2007-12-16 08:50 --------- d-----r C:\Program Files\Offline Explorer Enterprise
2007-12-16 08:35 --------- d-----r C:\Program Files\Microsoft ActiveSync
2007-12-12 19:37 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-07 18:40 --------- d-----r C:\Program Files\QIP
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-25 14:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2007-11-20 13:59 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-11-15 16:51 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Sony
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Publish Providers
2007-11-15 16:50 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\NetMedia Providers
2007-11-15 16:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Sony
2007-11-14 21:25 --------- d-----w C:\Documents and Settings\SergioAmuneli\Data aplikací\Offline Explorer
2007-11-14 18:00 --------- d-----w C:\Program Files\Common Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 12:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-07 09:29 720,896 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 06:10 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-10-22 06:10 1,015,808 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-10-13 18:28 53,248 ----a-w C:\WINDOWS\system32\css.dll
2007-09-12 15:28 7,780 ----a-w C:\Documents and Settings\SergioAmuneli\FMCodec.dat
2007-08-28 07:42 118,784 ----a-w C:\Program Files\getpdascreen.exe
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-13_17.26.24,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 16:14:48 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 17:10:46 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 16:14:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 17:10:46 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 16:14:48 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 17:10:47 13,033,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 16:14:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 17:10:47 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 16:14:49 13,017,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 17:10:47 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 16:14:49 307,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 17:10:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 14:33:31 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-01-13 17:01:07 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-01-13 14:33:31 65,536 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-01-13 17:01:07 65,536 ----a-w C:\WINDOWS\Temp\History\History.IE5\index.dat
- 2008-01-13 15:56:21 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008011320080114\index.dat
+ 2008-01-13 17:00:05 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008011320080114\index.dat
+ 2008-01-13 17:01:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a24.dat
- 2008-01-13 14:33:31 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-13 17:01:07 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-15 09:41 1460312]
"RamCleaner"="C:\Program Files\RamCleaner\RamCleaner.exe" [2005-03-10 20:09 437248]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2007-09-21 22:10 26624]
"WEBTRAN"="" []
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-21 14:29 219952]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:50 1289000]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PAStarter.EXE" [2007-08-10 16:19 140328]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SpeedConnectStartUp"="" []
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2005-05-25 12:12 517632]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Yodm3D"="C:\Program Files\Yod'm3D\Yodm3D.exe" [2007-06-26 19:26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 08:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 04:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 21:52 56112]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-09-09 10:16 196608]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 12:12 2287152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 07:01 456704]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]
"VisualTooltip"="C:\Program Files\Visual Tool Tip\VisualToolTip.exe" [2007-04-25 09:45 956928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 08:35 7630848]
"Thunderbird"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe" [2007-11-01 00:15 8479856]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-10 17:37 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
C:\Documents and Settings\SergioAmuneli\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-12-28 21:31:25]
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2007-12-28 16:20:51]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:43]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2003-07-19 18:59:27]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-10 16:16:47]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Mˇstnˇ vyhled v nˇ.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-10-19 13:55:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 13:53 293888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-05-14 13:20 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-11-13 17:58]
R0 MEMLOCK;Secured Memory Driver;C:\WINDOWS\system32\drivers\memlock.sys [2003-12-15 08:36]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-06-14 20:44]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 13:00]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 Routing;Routing Service;C:\WINDOWS\system32\routing.exe []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2007-04-09 12:55]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10]
R2 z2 R2PC Server;z2 Remote2PC Server;"C:\Program Files\z2 Remote2PC\R2PCServ.exe" [2007-11-02 21:07]
R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2005-12-20 09:57]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
R3 vmkbd;VMware kbd;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-05-01 21:52]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 13:18]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 18:31]
S3 ufad-ws60;VMware Agent Service;"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\SETUP.EXE /AUTORUN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 17:02:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 18:18:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-13 18:21:50
ComboFix-quarantined-files.txt 2008-01-13 17:21:49
ComboFix2.txt 2008-01-13 16:26:39
.
2008-01-10 17:00:47 --- E O F ---
PS: udělal sem to dobře? (viz příloha)
PPS: musel sem resetovat pc: cca 5x - nešla myŠ, nezobrazovaly se okraje woken...
- Přílohy
-
- :'(
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
Figi
- nováček
- Příspěvky: 17
- Registrován: leden 08
- Bydliště: okolí ovy
- Pohlaví:
- Stav:
Offline
- Kontakt:
HEEELP!!!!
Mám další problémy!!! :'( ale prosím nenuťte mně používat ten ComboFix !!!!
Zničí mi to celý comp, navrhněte něco šetrnějšího jako HijackThis....
PS: všiml sem si, že mi přes net svchost.exe hodně žere i uploaduje .... A zabírá hodně CPU a RAMky :'(
RAĎTE!!!
Screen a LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:58, on 14.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Visual Tool Tip\VisualToolTip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamCleaner\RamCleaner.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\PowerArchiver\PAStarter.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\z2 Remote2PC\R2PCServ.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 82.98.86.178 dlfzr.cn
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual Tool Tip\VisualToolTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\RamCleaner.exe -s
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PAStarter.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\Yod'm3D\Yodm3D.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8B29C2-C2F2-4812-8F7D-BD41BBC14B09}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: z2 Remote2PC Server (z2 R2PC Server) - z2 Software - C:\Program Files\z2 Remote2PC\R2PCServ.exe
--
End of file - 15706 bytes
Zničí mi to celý comp, navrhněte něco šetrnějšího jako HijackThis....
PS: všiml sem si, že mi přes net svchost.exe hodně žere i uploaduje .... A zabírá hodně CPU a RAMky :'(
RAĎTE!!!
Screen a LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:58, on 14.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Visual Tool Tip\VisualToolTip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamCleaner\RamCleaner.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\PowerArchiver\PAStarter.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\z2 Remote2PC\R2PCServ.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 82.98.86.178 dlfzr.cn
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual Tool Tip\VisualToolTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\RamCleaner.exe -s
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PAStarter.EXE
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\Yod'm3D\Yodm3D.exe
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8B29C2-C2F2-4812-8F7D-BD41BBC14B09}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: z2 Remote2PC Server (z2 R2PC Server) - z2 Software - C:\Program Files\z2 Remote2PC\R2PCServ.exe
--
End of file - 15706 bytes
- Přílohy
-
- nod 32 vříská strachy
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
tohle neni tragédie
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
restartuj komp a obnovu si opět zapni
spust znova hijackthis a klikni na Open the Misc tools...,na Delete and NT service
a do okna zkopíruj Routing Service (Routing) a klikni na ok.
restartuj a pošli novej log z HJT
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
restartuj komp a obnovu si opět zapni
spust znova hijackthis a klikni na Open the Misc tools...,na Delete and NT service
a do okna zkopíruj Routing Service (Routing) a klikni na ok.
restartuj a pošli novej log z HJT
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 124 hostů