disky se zobrazují normálně, ikony jsou všechny.
SDFix: Version 1.240
Run by otto on 2008-11-24 at 20:29
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp18.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp20.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp22.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp25.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp26.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp29.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp2F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp30.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp31.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp32.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp35.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp36.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp37.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp38.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp39.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp3F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp40.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp41.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp42.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp43.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp44.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp45.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp46.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp47.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp48.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp49.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp4F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp50.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp51.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp52.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp53.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp54.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp55.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp56.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp57.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp58.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp59.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp5F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp60.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp61.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp62.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp63.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp64.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp65.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp66.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp67.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp68.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp69.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp6F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp70.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp71.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp72.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp73.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp74.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp75.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp76.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp77.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp78.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp79.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp7F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp80.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp81.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp82.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp83.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp84.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp85.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp86.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp87.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp88.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp89.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8D.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp8F.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp90.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp91.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp92.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp93.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp94.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp95.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp96.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp97.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp98.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp99.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp9A.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp9B.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp9C.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmp9E.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpA4.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpAE.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpB2.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpB4.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpC1.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpCA.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpCC.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpD4.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpD6.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpD7.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpEB.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpF6.tmp - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\tmpFF.tmp - Deleted
C:\WINDOWS\2.exe - Deleted
C:\DOCUME~1\otto\LOCALS~1\Temp\removalfile.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:52:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:45,8b,c2,4b,35,69,f7,86,89,33,92,da,f0,df,04,c7,44,7e,6a,b6,fd,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:61,20,73,74,ec,d7,da,38,52,68,b5,e9,39,90,75,61,5f,8a,14,95,ba,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:61,20,73,74,ec,d7,da,38,52,68,b5,e9,39,90,75,61,5f,8a,14,95,ba,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c8d434e5
"s2"=dword:a134de30
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:f1,f4,a5,16,c5,b7,2b,ea,32,cc,bb,3d,5b,6d,fa,6a,c4,18,b1,c9,93,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:f1,f4,a5,16,c5,b7,2b,ea,32,cc,bb,3d,5b,6d,fa,6a,c4,18,b1,c9,93,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
"Base Index"=dword:00000737
"ExtCounterTestLevel"=dword:00000004
"Last Counter"=dword:00001828
"Last Help"=dword:00001829
"Version"=dword:00010001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"}\1Á?K?O?V?Á?-?M?I?L?K?O?V?"=""
"`\1R?O?T?"=""
"`\1V?E?C?-?P?O?N?I?K?E?V?"="hlavní"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Instalační programy\\StrongDC+\\sdc221\\StrongDC.exe"="D:\\Instalační programy\\StrongDC+\\sdc221\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 3 Oct 2007 24 ..SH. --- "C:\WINDOWS\S16574E36.tmp"
Sun 27 Jan 2008 0 ..SH. --- "C:\WINDOWS\SCD6D5EF5.tmp"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\asl07jw.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\b8dco0t.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\bdox5m7.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\bvjjtk0.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\cuhc0fm.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\dgrloup.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\e6pl4lx.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\ebbkr9t.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\erifyvb.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\f3ik318.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\f7j1pla.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\g6yar0h.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\gpv0zfi.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\gq9djdt.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\ige3691.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\iv9k81j.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\jugrvoo.dll"
Thu 10 Jul 2008 1,004 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\l5bmnxp.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\lop8fh6.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\mkhj9by.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\n2amac8.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\nvhkjdp.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\oonwm7k.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\op0gwir.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\pbmpvxg.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\prbkc5a.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\pylf9kg.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\pzy5zsg.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\q33w5v2.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\q8un8zu.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\qeg2alh.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\qu2wpr5.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\qurxwbw.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\qus6wjo.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\rt1crbw.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\stceogw.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\suozqi4.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\tdmofk4.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\u5h952f.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\v3sjza3.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\vd0aups.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\vij5k0t.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\vqx7a7o.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\w8kynr5.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\wjtwwjy.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\xconomo.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\xh6cub3.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\xibdb59.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\xzhg1mz.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\zk53qe9.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\zuuyft0.dll"
Mon 14 Apr 2008 16 ...H. --- "C:\WINDOWS\system32\zzo3w0z.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 2 Nov 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 14 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 11 Oct 2002 217,088 A..HR --- "C:\Program Files\Connectix\Virtual PC 5.1 Online Installer\Installer\_nstall.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Sat 20 Sep 2008 1,131,560 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\94e2de28cb8ee27606822ca199876d4a\BITA.tmp"
Mon 31 Dec 2007 21,504 A..H. --- "C:\Documents and Settings\otto\Data aplikací\Connectix\Virtual PC\VPCKeyboard.dll"
Thu 31 Jul 2008 165,232 A..H. --- "C:\Documents and Settings\otto\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18, on 2008-11-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.hadkau.wz.cz/tabulky/script/ikcntrls.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: qoMggebX - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - c:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12943 bytes
Prosím o kontrolu logu a radu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu a radu
Fix v HJT:
vypni ochrany u KIS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kód: Vybrat vše
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: qoMggebX - C:\WINDOWS\
vypni ochrany u KIS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu a radu
tady je ten log, jak dále?
ComboFix 08-11-24.03 - otto 2008-11-25 18:17:06.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.821 [GMT 1:00]
Spuštěný z: c:\documents and settings\otto\Plocha\Perfc009\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\otto\Data aplikací\inst.exe
c:\documents and settings\otto\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\otto\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\windows\regedit.com
c:\windows\system32\kwfego2.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\Smab.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.
2008-11-24 20:28 . 2008-11-24 20:28 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-24 20:24 . 2008-11-24 20:24 <DIR> d-------- c:\windows\ERUNT
2008-11-24 17:29 . 2008-11-24 21:03 <DIR> d-------- C:\SDFix
2008-11-23 21:05 . 2008-11-23 21:05 <DIR> d-------- C:\VundoFix Backups
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 13:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 17:56 . 2001-10-25 15:00 25,761 --a------ c:\windows\system32\PERFH009.DA_
2008-11-22 17:56 . 2001-10-25 15:00 4,931 --a------ c:\windows\system32\PERFC009.DA_
2008-11-22 17:53 . 2008-11-22 17:53 <DIR> d-------- C:\0
2008-11-22 16:49 . 2008-11-22 16:49 <DIR> d-------- c:\program files\Autodesk
2008-11-15 12:44 . 2008-11-15 12:50 <DIR> d-------- c:\documents and settings\otto\Data aplikací\LangSoft
2008-11-15 12:44 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LangSoft
2008-11-14 07:34 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 07:33 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 19:26 . 2008-11-10 19:26 0 --a------ c:\windows\nsreg.dat
2008-11-09 11:42 . 2008-11-17 10:01 <DIR> d-------- c:\program files\Conduit
2008-11-09 11:42 . 2008-11-09 11:43 <DIR> d-------- c:\program files\BitLord
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\documents and settings\otto\Data aplikací\OpenOffice.org
2008-11-08 18:19 . 2008-11-08 18:51 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-07 20:11 . 2008-11-07 20:12 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Nero
2008-11-06 21:11 . 2008-11-06 21:11 4,757 --a------ c:\windows\Irremote.ini
2008-11-06 21:06 . 2008-11-06 21:06 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-06 20:43 . 2008-11-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-06 20:42 . 2008-11-06 21:30 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-02 21:50 . 2008-11-02 22:07 304,552,614 --a------ C:\KomnataCT1-311008.rm(1).wmv.AVI
2008-11-02 21:11 . 2008-11-02 21:49 668,494,132 --a------ C:\KomnataCT1-311008.rm.wmv.AVI
2008-11-02 21:03 . 2008-11-02 21:03 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-02 21:02 . 2008-11-02 21:02 <DIR> d-------- c:\program files\eRightSoft
2008-10-27 18:04 . 2008-10-27 18:29 <DIR> d-------- c:\program files\Undercover
2008-10-25 19:47 . 2008-10-25 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iTunes
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iPod
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 19:42 . 2008-10-25 19:43 <DIR> d-------- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 17:25 52,172,320 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-25 17:25 1,716,768 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-25 17:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2008-11-25 16:39 699,836 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-25 16:39 162,560 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-24 20:28 --------- d-----w c:\program files\PV10
2008-11-22 15:53 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-22 15:49 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2008-11-21 12:03 --------- d-----w c:\documents and settings\otto\Data aplikací\Vso
2008-11-21 12:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 06:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-11-20 16:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-20 16:37 --------- d-----w c:\program files\Electronic Arts
2008-11-15 11:41 516,096 ----a-w c:\windows\UN32.EXE
2008-11-15 10:41 --------- d-----w c:\documents and settings\otto\Data aplikací\Gearbox Software
2008-11-14 07:20 --------- d-----w c:\program files\Mv2Player
2008-11-14 07:18 --------- d-----w c:\program files\Java
2008-11-09 09:35 --------- d-----w c:\documents and settings\All Users\Data aplikací\CanonIJPLM
2008-11-08 18:41 --------- d-----w c:\program files\Nero
2008-11-08 16:27 --------- d-----w c:\program files\Common Files\Ahead
2008-11-04 20:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-03 16:43 --------- d-----w c:\documents and settings\otto\Data aplikací\OpenOffice.org2
2008-11-02 15:19 --------- d-----w c:\documents and settings\otto\Data aplikací\Skype
2008-11-02 15:18 --------- d-----w c:\documents and settings\otto\Data aplikací\skypePM
2008-10-25 18:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 18:21 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:06 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-19 13:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 13:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-19 13:28 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-10-19 13:24 --------- d-----w c:\program files\Microsoft SDKs
2008-10-19 13:22 --------- d-----w c:\program files\MSBuild
2008-10-19 13:21 --------- d-----w c:\program files\Reference Assemblies
2008-10-19 13:00 --------- d-----w c:\documents and settings\otto\Data aplikací\U3
2008-10-16 16:14 --------- d-----w c:\program files\GameSpy Arcade
2008-10-16 16:05 --------- d-----w c:\program files\EA GAMES
2008-10-14 18:56 --------- d-----w c:\program files\ZakonyCR
2008-10-12 13:11 --------- d-----w c:\program files\Wings of War
2008-10-06 17:31 16 ----a-w c:\documents and settings\otto\pONVmoK.dll
2008-10-01 14:09 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:45 --------- d-----w c:\program files\EdgeCAM
2008-09-28 06:11 --------- d-----w c:\program files\AGEIA Technologies
2008-09-28 06:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-26 14:16 --------- d-----w c:\program files\Cenega
2008-09-25 18:46 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2008-09-21 20:06 451,072 ----a-w c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2008-09-20 15:14 737,280 ----a-w c:\windows\iun6002.exe
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-10 06:59 47,360 ----a-w c:\documents and settings\otto\Data aplikací\pcouffin.sys
2008-05-29 19:03 75,748 ----a-w c:\program files\UninKIS.exe
2008-03-10 18:15 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-07-10 18:17 1,004 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-06-16 16:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061620080617\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-11-15 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EdgeCLS9.00.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\EdgeCLS9.00.lnk
backup=c:\windows\pss\EdgeCLS9.00.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinNC - Launch WinNC - singlelicense (external programming station).lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^ZákonyČR.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\ZákonyČR.lnk
backup=c:\windows\pss\ZákonyČR.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 03:33 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
-ra------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-16 09:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Instalační programy\\StrongDC+\\sdc221\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-04-21 3026]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-05-12 97432]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT [2005-05-03 9150464]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT [2005-05-03 323584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [2008-04-19 104256]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2007-09-19 391099]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-WEBTRAN - (no file)
Notify-qoMggebX - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\otto\Data aplikací\Mozilla\Firefox\Profiles\wjx0u333.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 18:25:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\SYSTEM32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1148)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\imon.dll
.
Celkový čas: 2008-11-25 18:27:29
ComboFix-quarantined-files.txt 2008-11-25 17:27:07
Před spuštěním: Volných bajtů: 24,666,660,864
Po spuštění: Volných bajtů: 26,608,238,592
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot /SOS
279 --- E O F --- 2008-11-14 06:41:57
ComboFix 08-11-24.03 - otto 2008-11-25 18:17:06.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.821 [GMT 1:00]
Spuštěný z: c:\documents and settings\otto\Plocha\Perfc009\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\otto\Data aplikací\inst.exe
c:\documents and settings\otto\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\otto\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\windows\regedit.com
c:\windows\system32\kwfego2.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\Smab.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.
2008-11-24 20:28 . 2008-11-24 20:28 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-24 20:24 . 2008-11-24 20:24 <DIR> d-------- c:\windows\ERUNT
2008-11-24 17:29 . 2008-11-24 21:03 <DIR> d-------- C:\SDFix
2008-11-23 21:05 . 2008-11-23 21:05 <DIR> d-------- C:\VundoFix Backups
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 13:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 17:56 . 2001-10-25 15:00 25,761 --a------ c:\windows\system32\PERFH009.DA_
2008-11-22 17:56 . 2001-10-25 15:00 4,931 --a------ c:\windows\system32\PERFC009.DA_
2008-11-22 17:53 . 2008-11-22 17:53 <DIR> d-------- C:\0
2008-11-22 16:49 . 2008-11-22 16:49 <DIR> d-------- c:\program files\Autodesk
2008-11-15 12:44 . 2008-11-15 12:50 <DIR> d-------- c:\documents and settings\otto\Data aplikací\LangSoft
2008-11-15 12:44 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LangSoft
2008-11-14 07:34 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 07:33 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 19:26 . 2008-11-10 19:26 0 --a------ c:\windows\nsreg.dat
2008-11-09 11:42 . 2008-11-17 10:01 <DIR> d-------- c:\program files\Conduit
2008-11-09 11:42 . 2008-11-09 11:43 <DIR> d-------- c:\program files\BitLord
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\documents and settings\otto\Data aplikací\OpenOffice.org
2008-11-08 18:19 . 2008-11-08 18:51 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-07 20:11 . 2008-11-07 20:12 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Nero
2008-11-06 21:11 . 2008-11-06 21:11 4,757 --a------ c:\windows\Irremote.ini
2008-11-06 21:06 . 2008-11-06 21:06 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-06 20:43 . 2008-11-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-06 20:42 . 2008-11-06 21:30 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-02 21:50 . 2008-11-02 22:07 304,552,614 --a------ C:\KomnataCT1-311008.rm(1).wmv.AVI
2008-11-02 21:11 . 2008-11-02 21:49 668,494,132 --a------ C:\KomnataCT1-311008.rm.wmv.AVI
2008-11-02 21:03 . 2008-11-02 21:03 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-02 21:02 . 2008-11-02 21:02 <DIR> d-------- c:\program files\eRightSoft
2008-10-27 18:04 . 2008-10-27 18:29 <DIR> d-------- c:\program files\Undercover
2008-10-25 19:47 . 2008-10-25 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iTunes
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iPod
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 19:42 . 2008-10-25 19:43 <DIR> d-------- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 17:25 52,172,320 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-25 17:25 1,716,768 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-25 17:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2008-11-25 16:39 699,836 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-25 16:39 162,560 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-24 20:28 --------- d-----w c:\program files\PV10
2008-11-22 15:53 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-22 15:49 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2008-11-21 12:03 --------- d-----w c:\documents and settings\otto\Data aplikací\Vso
2008-11-21 12:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 06:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-11-20 16:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-20 16:37 --------- d-----w c:\program files\Electronic Arts
2008-11-15 11:41 516,096 ----a-w c:\windows\UN32.EXE
2008-11-15 10:41 --------- d-----w c:\documents and settings\otto\Data aplikací\Gearbox Software
2008-11-14 07:20 --------- d-----w c:\program files\Mv2Player
2008-11-14 07:18 --------- d-----w c:\program files\Java
2008-11-09 09:35 --------- d-----w c:\documents and settings\All Users\Data aplikací\CanonIJPLM
2008-11-08 18:41 --------- d-----w c:\program files\Nero
2008-11-08 16:27 --------- d-----w c:\program files\Common Files\Ahead
2008-11-04 20:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-03 16:43 --------- d-----w c:\documents and settings\otto\Data aplikací\OpenOffice.org2
2008-11-02 15:19 --------- d-----w c:\documents and settings\otto\Data aplikací\Skype
2008-11-02 15:18 --------- d-----w c:\documents and settings\otto\Data aplikací\skypePM
2008-10-25 18:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 18:21 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:06 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-19 13:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 13:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-19 13:28 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-10-19 13:24 --------- d-----w c:\program files\Microsoft SDKs
2008-10-19 13:22 --------- d-----w c:\program files\MSBuild
2008-10-19 13:21 --------- d-----w c:\program files\Reference Assemblies
2008-10-19 13:00 --------- d-----w c:\documents and settings\otto\Data aplikací\U3
2008-10-16 16:14 --------- d-----w c:\program files\GameSpy Arcade
2008-10-16 16:05 --------- d-----w c:\program files\EA GAMES
2008-10-14 18:56 --------- d-----w c:\program files\ZakonyCR
2008-10-12 13:11 --------- d-----w c:\program files\Wings of War
2008-10-06 17:31 16 ----a-w c:\documents and settings\otto\pONVmoK.dll
2008-10-01 14:09 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:45 --------- d-----w c:\program files\EdgeCAM
2008-09-28 06:11 --------- d-----w c:\program files\AGEIA Technologies
2008-09-28 06:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-26 14:16 --------- d-----w c:\program files\Cenega
2008-09-25 18:46 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2008-09-21 20:06 451,072 ----a-w c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2008-09-20 15:14 737,280 ----a-w c:\windows\iun6002.exe
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-10 06:59 47,360 ----a-w c:\documents and settings\otto\Data aplikací\pcouffin.sys
2008-05-29 19:03 75,748 ----a-w c:\program files\UninKIS.exe
2008-03-10 18:15 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-07-10 18:17 1,004 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-06-16 16:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061620080617\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-11-15 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EdgeCLS9.00.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\EdgeCLS9.00.lnk
backup=c:\windows\pss\EdgeCLS9.00.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinNC - Launch WinNC - singlelicense (external programming station).lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^ZákonyČR.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\ZákonyČR.lnk
backup=c:\windows\pss\ZákonyČR.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 03:33 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
-ra------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-16 09:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Instalační programy\\StrongDC+\\sdc221\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-04-21 3026]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-05-12 97432]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT [2005-05-03 9150464]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT [2005-05-03 323584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [2008-04-19 104256]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2007-09-19 391099]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-WEBTRAN - (no file)
Notify-qoMggebX - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\otto\Data aplikací\Mozilla\Firefox\Profiles\wjx0u333.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 18:25:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\SYSTEM32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1148)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\imon.dll
.
Celkový čas: 2008-11-25 18:27:29
ComboFix-quarantined-files.txt 2008-11-25 17:27:07
Před spuštěním: Volných bajtů: 24,666,660,864
Po spuštění: Volných bajtů: 26,608,238,592
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot /SOS
279 --- E O F --- 2008-11-14 06:41:57
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu a radu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Toto otestuj na Virustotal
C:\0
c:\documents and settings\otto\pONVmoK.dll
c:\program files\UninKIS.exe
Vlož sem pak výsledky.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Folder::
C:\SDFix
C:\VundoFix Backups
File::
c:\windows\UN32.EXE
c:\windows\iun6002.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Toto otestuj na Virustotal
C:\0
c:\documents and settings\otto\pONVmoK.dll
c:\program files\UninKIS.exe
Vlož sem pak výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu a radu
Soubor PERFC009.DA_ přijatý 2008.11.25 20:25:42 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
Soubor pONVmoK.dll přijatý 2008.11.25 20:29:54 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
Soubor UninKIS.exe přijatý 2008.11.25 20:32:59 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
ComboFix 08-11-24.03 - otto 2008-11-25 20:08:48.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.721 [GMT 1:00]
Spuštěný z: c:\documents and settings\otto\Plocha\Perfc009\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\otto\Plocha\CFScript.txt
* Resident AV is active
FILE ::
c:\windows\iun6002.exe
c:\windows\UN32.EXE
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\backups.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
C:\VundoFix Backups
c:\windows\iun6002.exe
c:\windows\UN32.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.
2008-11-24 20:28 . 2008-11-24 20:28 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-24 20:24 . 2008-11-24 20:24 <DIR> d-------- c:\windows\ERUNT
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 13:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 17:56 . 2001-10-25 15:00 25,761 --a------ c:\windows\system32\PERFH009.DA_
2008-11-22 17:56 . 2001-10-25 15:00 4,931 --a------ c:\windows\system32\PERFC009.DA_
2008-11-22 17:53 . 2008-11-22 17:53 <DIR> d-------- C:\0
2008-11-22 16:49 . 2008-11-22 16:49 <DIR> d-------- c:\program files\Autodesk
2008-11-15 12:44 . 2008-11-15 12:50 <DIR> d-------- c:\documents and settings\otto\Data aplikací\LangSoft
2008-11-15 12:44 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LangSoft
2008-11-14 07:34 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 07:33 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 19:26 . 2008-11-10 19:26 0 --a------ c:\windows\nsreg.dat
2008-11-09 11:42 . 2008-11-17 10:01 <DIR> d-------- c:\program files\Conduit
2008-11-09 11:42 . 2008-11-09 11:43 <DIR> d-------- c:\program files\BitLord
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\documents and settings\otto\Data aplikací\OpenOffice.org
2008-11-08 18:19 . 2008-11-08 18:51 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-07 20:11 . 2008-11-07 20:12 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Nero
2008-11-06 21:11 . 2008-11-06 21:11 4,757 --a------ c:\windows\Irremote.ini
2008-11-06 21:06 . 2008-11-06 21:06 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-06 20:43 . 2008-11-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-06 20:42 . 2008-11-06 21:30 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-02 21:50 . 2008-11-02 22:07 304,552,614 --a------ C:\KomnataCT1-311008.rm(1).wmv.AVI
2008-11-02 21:11 . 2008-11-02 21:49 668,494,132 --a------ C:\KomnataCT1-311008.rm.wmv.AVI
2008-11-02 21:03 . 2008-11-02 21:03 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-02 21:02 . 2008-11-02 21:02 <DIR> d-------- c:\program files\eRightSoft
2008-10-27 18:04 . 2008-10-27 18:29 <DIR> d-------- c:\program files\Undercover
2008-10-25 19:47 . 2008-10-25 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iTunes
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iPod
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 19:42 . 2008-10-25 19:43 <DIR> d-------- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 19:16 52,342,560 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-25 19:15 1,724,704 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-25 18:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2008-11-25 18:13 702,284 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-25 18:13 163,280 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-24 20:28 --------- d-----w c:\program files\PV10
2008-11-22 15:53 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-22 15:49 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2008-11-21 12:03 --------- d-----w c:\documents and settings\otto\Data aplikací\Vso
2008-11-21 12:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 06:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-11-20 16:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-20 16:37 --------- d-----w c:\program files\Electronic Arts
2008-11-15 10:41 --------- d-----w c:\documents and settings\otto\Data aplikací\Gearbox Software
2008-11-14 07:20 --------- d-----w c:\program files\Mv2Player
2008-11-14 07:18 --------- d-----w c:\program files\Java
2008-11-09 09:35 --------- d-----w c:\documents and settings\All Users\Data aplikací\CanonIJPLM
2008-11-08 18:41 --------- d-----w c:\program files\Nero
2008-11-08 16:27 --------- d-----w c:\program files\Common Files\Ahead
2008-11-04 20:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-03 16:43 --------- d-----w c:\documents and settings\otto\Data aplikací\OpenOffice.org2
2008-11-02 15:19 --------- d-----w c:\documents and settings\otto\Data aplikací\Skype
2008-11-02 15:18 --------- d-----w c:\documents and settings\otto\Data aplikací\skypePM
2008-10-25 18:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 18:21 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:06 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-19 13:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 13:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-19 13:28 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-10-19 13:24 --------- d-----w c:\program files\Microsoft SDKs
2008-10-19 13:22 --------- d-----w c:\program files\MSBuild
2008-10-19 13:21 --------- d-----w c:\program files\Reference Assemblies
2008-10-19 13:00 --------- d-----w c:\documents and settings\otto\Data aplikací\U3
2008-10-16 16:14 --------- d-----w c:\program files\GameSpy Arcade
2008-10-16 16:05 --------- d-----w c:\program files\EA GAMES
2008-10-14 18:56 --------- d-----w c:\program files\ZakonyCR
2008-10-12 13:11 --------- d-----w c:\program files\Wings of War
2008-10-06 17:31 16 ----a-w c:\documents and settings\otto\pONVmoK.dll
2008-10-01 14:09 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:45 --------- d-----w c:\program files\EdgeCAM
2008-09-28 06:11 --------- d-----w c:\program files\AGEIA Technologies
2008-09-28 06:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-26 14:16 --------- d-----w c:\program files\Cenega
2008-09-25 18:46 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2008-09-21 20:06 451,072 ----a-w c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-10 06:59 47,360 ----a-w c:\documents and settings\otto\Data aplikací\pcouffin.sys
2008-05-29 19:03 75,748 ----a-w c:\program files\UninKIS.exe
2008-03-10 18:15 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-07-10 18:17 1,004 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-06-16 16:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061620080617\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-11-25_18.26.26.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-25 18:15:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_688.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-11-15 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMggebX]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EdgeCLS9.00.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\EdgeCLS9.00.lnk
backup=c:\windows\pss\EdgeCLS9.00.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinNC - Launch WinNC - singlelicense (external programming station).lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^ZákonyČR.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\ZákonyČR.lnk
backup=c:\windows\pss\ZákonyČR.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 03:33 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
-ra------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-16 09:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Instalační programy\\StrongDC+\\sdc221\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-04-21 3026]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-05-12 97432]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT [2005-05-03 9150464]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT [2005-05-03 323584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [2008-04-19 104256]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2007-09-19 391099]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:15:26
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1148)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\imon.dll
.
Celkový čas: 2008-11-25 20:17:48
ComboFix-quarantined-files.txt 2008-11-25 19:17:31
ComboFix2.txt 2008-11-25 17:27:31
Před spuštěním: Volných bajtů: 26 565 431 296
Po spuštění: Volných bajtů: 26,558,427,136
355 --- E O F --- 2008-11-14 06:41:57
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
Soubor pONVmoK.dll přijatý 2008.11.25 20:29:54 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
Soubor UninKIS.exe přijatý 2008.11.25 20:32:59 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/37 (0%)
ComboFix 08-11-24.03 - otto 2008-11-25 20:08:48.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.721 [GMT 1:00]
Spuštěný z: c:\documents and settings\otto\Plocha\Perfc009\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\otto\Plocha\CFScript.txt
* Resident AV is active
FILE ::
c:\windows\iun6002.exe
c:\windows\UN32.EXE
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\backups.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
C:\VundoFix Backups
c:\windows\iun6002.exe
c:\windows\UN32.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.
2008-11-24 20:28 . 2008-11-24 20:28 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-24 20:24 . 2008-11-24 20:24 <DIR> d-------- c:\windows\ERUNT
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-11-23 13:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-23 13:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 13:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-22 17:56 . 2001-10-25 15:00 25,761 --a------ c:\windows\system32\PERFH009.DA_
2008-11-22 17:56 . 2001-10-25 15:00 4,931 --a------ c:\windows\system32\PERFC009.DA_
2008-11-22 17:53 . 2008-11-22 17:53 <DIR> d-------- C:\0
2008-11-22 16:49 . 2008-11-22 16:49 <DIR> d-------- c:\program files\Autodesk
2008-11-15 12:44 . 2008-11-15 12:50 <DIR> d-------- c:\documents and settings\otto\Data aplikací\LangSoft
2008-11-15 12:44 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LangSoft
2008-11-14 07:34 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 07:33 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 19:26 . 2008-11-10 19:26 0 --a------ c:\windows\nsreg.dat
2008-11-09 11:42 . 2008-11-17 10:01 <DIR> d-------- c:\program files\Conduit
2008-11-09 11:42 . 2008-11-09 11:43 <DIR> d-------- c:\program files\BitLord
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\documents and settings\otto\Data aplikací\OpenOffice.org
2008-11-08 18:19 . 2008-11-08 18:51 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-07 20:11 . 2008-11-07 20:12 <DIR> d-------- c:\documents and settings\otto\Data aplikací\Nero
2008-11-06 21:11 . 2008-11-06 21:11 4,757 --a------ c:\windows\Irremote.ini
2008-11-06 21:06 . 2008-11-06 21:06 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-06 20:43 . 2008-11-06 20:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Nero
2008-11-06 20:42 . 2008-11-06 21:30 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-02 21:50 . 2008-11-02 22:07 304,552,614 --a------ C:\KomnataCT1-311008.rm(1).wmv.AVI
2008-11-02 21:11 . 2008-11-02 21:49 668,494,132 --a------ C:\KomnataCT1-311008.rm.wmv.AVI
2008-11-02 21:03 . 2008-11-02 21:03 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-02 21:02 . 2008-11-02 21:02 <DIR> d-------- c:\program files\eRightSoft
2008-10-27 18:04 . 2008-10-27 18:29 <DIR> d-------- c:\program files\Undercover
2008-10-25 19:47 . 2008-10-25 19:47 <DIR> d-------- c:\program files\Apple Software Update
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iTunes
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\program files\iPod
2008-10-25 19:46 . 2008-10-25 19:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 19:42 . 2008-10-25 19:43 <DIR> d-------- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 19:16 52,342,560 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-25 19:15 1,724,704 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-25 18:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2008-11-25 18:13 702,284 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-25 18:13 163,280 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-24 20:28 --------- d-----w c:\program files\PV10
2008-11-22 15:53 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-22 15:49 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2008-11-21 12:03 --------- d-----w c:\documents and settings\otto\Data aplikací\Vso
2008-11-21 12:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 06:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2008-11-20 16:51 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-20 16:37 --------- d-----w c:\program files\Electronic Arts
2008-11-15 10:41 --------- d-----w c:\documents and settings\otto\Data aplikací\Gearbox Software
2008-11-14 07:20 --------- d-----w c:\program files\Mv2Player
2008-11-14 07:18 --------- d-----w c:\program files\Java
2008-11-09 09:35 --------- d-----w c:\documents and settings\All Users\Data aplikací\CanonIJPLM
2008-11-08 18:41 --------- d-----w c:\program files\Nero
2008-11-08 16:27 --------- d-----w c:\program files\Common Files\Ahead
2008-11-04 20:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2008-11-03 16:43 --------- d-----w c:\documents and settings\otto\Data aplikací\OpenOffice.org2
2008-11-02 15:19 --------- d-----w c:\documents and settings\otto\Data aplikací\Skype
2008-11-02 15:18 --------- d-----w c:\documents and settings\otto\Data aplikací\skypePM
2008-10-25 18:42 --------- d-----w c:\program files\Common Files\Apple
2008-10-25 18:21 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 17:06 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-19 13:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 13:34 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-10-19 13:32 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-19 13:28 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-10-19 13:24 --------- d-----w c:\program files\Microsoft SDKs
2008-10-19 13:22 --------- d-----w c:\program files\MSBuild
2008-10-19 13:21 --------- d-----w c:\program files\Reference Assemblies
2008-10-19 13:00 --------- d-----w c:\documents and settings\otto\Data aplikací\U3
2008-10-16 16:14 --------- d-----w c:\program files\GameSpy Arcade
2008-10-16 16:05 --------- d-----w c:\program files\EA GAMES
2008-10-14 18:56 --------- d-----w c:\program files\ZakonyCR
2008-10-12 13:11 --------- d-----w c:\program files\Wings of War
2008-10-06 17:31 16 ----a-w c:\documents and settings\otto\pONVmoK.dll
2008-10-01 14:09 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:45 --------- d-----w c:\program files\EdgeCAM
2008-09-28 06:11 --------- d-----w c:\program files\AGEIA Technologies
2008-09-28 06:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-26 14:16 --------- d-----w c:\program files\Cenega
2008-09-25 18:46 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2008-09-21 20:06 451,072 ----a-w c:\windows\Radeon Omega Drivers v2.6.87 Uninstall.exe
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-10 06:59 47,360 ----a-w c:\documents and settings\otto\Data aplikací\pcouffin.sys
2008-05-29 19:03 75,748 ----a-w c:\program files\UninKIS.exe
2008-03-10 18:15 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2008-07-10 18:17 1,004 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-06-16 16:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061620080617\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-11-25_18.26.26.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-25 18:15:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_688.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-11-15 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMggebX]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EdgeCLS9.00.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\EdgeCLS9.00.lnk
backup=c:\windows\pss\EdgeCLS9.00.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinNC - Launch WinNC - singlelicense (external programming station).lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^otto^Nabídka Start^Programy^Po spuštění^ZákonyČR.lnk]
path=c:\documents and settings\otto\Nabídka Start\Programy\Po spuštění\ZákonyČR.lnk
backup=c:\windows\pss\ZákonyČR.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-06-28 03:33 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
-ra------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-16 09:54 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Instalační programy\\StrongDC+\\sdc221\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
R1 hwinterface;hwinterface;c:\windows\system32\Drivers\hwinterface.sys [2008-04-21 3026]
R2 IJPLMSVC;PIXMA Extended Survey Program;c:\program files\Canon\IJPLM\IJPLMSVC.EXE [2008-05-12 97432]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT [2005-05-03 9150464]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT [2005-05-03 323584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys [2008-04-19 104256]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2007-09-19 391099]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'
2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:15:26
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1148)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\imon.dll
.
Celkový čas: 2008-11-25 20:17:48
ComboFix-quarantined-files.txt 2008-11-25 19:17:31
ComboFix2.txt 2008-11-25 17:27:31
Před spuštěním: Volných bajtů: 26 565 431 296
Po spuštění: Volných bajtů: 26,558,427,136
355 --- E O F --- 2008-11-14 06:41:57
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu a radu
Ten soubor : C:\0
jsi testoval?
pošli ještě nový log z HJT.
jsi testoval?
pošli ještě nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu a radu
soubor : C:\0 je složka v které je nahrán PERFC009.DA_ .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:25, on 25.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.hadkau.wz.cz/tabulky/script/ikcntrls.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMggebX - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - c:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12339 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:25, on 25.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.hadkau.wz.cz/tabulky/script/ikcntrls.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMggebX - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - c:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12339 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu a radu
Fix v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Napiš info o compu.
Kód: Vybrat vše
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O20 - Winlogon Notify: qoMggebX - C:\WINDOWS\
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Napiš info o compu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu a radu
Vše jsem udělal dle tvé rady.
Info o compu: MS WINDOWS XP SP3, INTEL PENTIUM 4 CPU 2.00GHz, 1.2CB RAM, RADEON 9000 SERIES.
Info o compu: MS WINDOWS XP SP3, INTEL PENTIUM 4 CPU 2.00GHz, 1.2CB RAM, RADEON 9000 SERIES.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu a radu
Myslel jsem obnovení systému a oprava těch knihoven a celkové chování compu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu a radu
obnovení systému už jde tak jak má, Díky
knihovny Prefc009.dat a Perfh009.dat zatím ne, nemáš náhodou nějaký návod na jejich obnovení nebo radu? Díky
knihovny Prefc009.dat a Perfh009.dat zatím ne, nemáš náhodou nějaký návod na jejich obnovení nebo radu? Díky
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu a radu
Nemám, a ani jsem nikde ty soubory nenašel,oprava nejspíš opětovnou instalací aplikace.Nemám s tím žádné zkušenosti.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 113 hostů