Čus, mám nějak pomalý net a poskytovatel říká, že u nich je vše v pořádku. Mám problémy s najížděním www stránek (jak ve FF tak v IE) a taky s WoW kde se mi to často seká když je kolem víc lidí. PC sem už zkoušel pročistit, ale žádná změna. Tak tady přikládám log na kontrolu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:26, on 9.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\caci.WIN-M8BJMBUM0PM\temp\TeamViewer3\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/changelo ... 76&l=cz_cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 7553 bytes
HJT kontrola - Pomalý net
HJT kontrola - Pomalý net
I5-4460, R9 380 4g, SS 500W, 4GB HyperX
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola - Pomalý net
Použil jsi MbAM?
vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Napiš , zda to pomohlo.
vyčisti systém CCleanerem
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Napiš , zda to pomohlo.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT kontrola - Pomalý net
Jo, MbaM sem použil. A ATF nijak nepomohl, žádná viditelná změna. 
I5-4460, R9 380 4g, SS 500W, 4GB HyperX
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola - Pomalý net
Vypni rez. ochrabu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT kontrola - Pomalý net
ComboFix 09-04-04.01 - caci 2009-04-10 15:11:54.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2535 [GMT 2:00]
Spuštěný z: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1282 [VPS 090409-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-04-03 16:11 . 2009-04-03 16:37 <DIR> d-------- c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Red Alert 3
2009-03-31 22:59 . 2009-03-31 22:59 <DIR> d-------- c:\windows\system32\KB905474
2009-03-31 22:59 . 2009-03-10 22:26 1,435,008 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-03-31 22:59 . 2009-03-10 22:18 454,024 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-03-31 22:59 . 2009-02-09 18:51 13,502 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-24 21:08 . 2009-03-24 21:08 48 --a------ c:\windows\0
2009-03-10 16:10 . 2009-03-10 19:27 139,264 --a------ c:\windows\War3Unin.exe
2009-03-10 16:10 . 2009-03-10 19:27 45,261 --a------ c:\windows\War3Unin.dat
2009-03-10 16:10 . 2009-03-10 19:27 2,829 --a------ c:\windows\War3Unin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 12:56 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Skype
2009-04-10 07:39 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\skypePM
2009-04-07 13:44 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\TeamViewer
2009-04-05 13:01 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\OpenOffice.org2
2009-04-03 13:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\uTorrent
2009-03-25 18:00 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-25 18:00 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-03-25 18:00 12,067 ----atw c:\windows\system32\SIntf16.dll
2009-03-24 18:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 07:11 --------- d-----w c:\program files\ICQ6
2009-03-07 08:33 --------- d-----w c:\program files\TravianManager
2009-03-01 16:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Vidalia
2009-02-26 15:43 --------- d-----w c:\program files\Trend Micro
2009-02-22 16:12 --------- d-----w c:\program files\SysJewel
2009-02-22 16:08 --------- d-----w c:\program files\Ultra Sys Info
2009-02-19 13:47 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\tor
2009-02-19 10:28 --------- d-----w c:\program files\Vidalia Bundle
2009-02-16 19:15 --------- d-----w c:\program files\GameSpy Arcade
2009-02-16 19:09 --------- d-----w c:\program files\Styler
2009-02-16 19:07 --------- d-----w c:\program files\Total Video Converter
2009-02-16 19:06 --------- d-----w c:\program files\SQLyog
2009-02-16 19:05 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Samsung
2009-02-16 17:45 --------- d-----w c:\program files\AIMP2
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-17 10:42 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-05-26 17:58 27,480 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-09 18:57 22,328 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\PnkBstrK.sys
2008-03-16 15:06 32 ----a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 17:36 140976 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ScreenHunter 4.0 Free.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ScreenHunter 4.0 Free.lnk
backup=c:\windows\pss\ScreenHunter 4.0 Free.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^TV Remote Control.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\TV Remote Control.lnk
backup=c:\windows\pss\TV Remote Control.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^TA_Start.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^Think-Adz.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\Think-Adz.lnk
backup=c:\windows\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-12 18:54 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 08:52 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
--a------ 2008-02-23 12:24 958464 c:\program files\Labtec\Mouse\V3.0\moffice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2005-08-09 18:35 8597586 c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 08:52 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 09:19 13680640 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 18:35 1294336 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 09:09 200704 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2009-01-21 04:59 4033618 c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
--a------ 2006-07-31 13:33 36864 c:\program files\VisualTaskTips\VisualTaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 09:19 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 09:19 1657376 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"RasMan"=3 (0x3)
"Messenger"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"z:\\Hry\\Need For Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\caci.WIN-M8BJMBUM0PM\\temp\\TeamViewer3\\TeamViewer.exe"=
"z:\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\TravianManager\\TravianManager-Client.exe"=
"z:\\Hry\\Warcraft III\\Warcraft III.exe"=
"z:\\Hry\\Counter Strike - Source\\hl2.exe"=
"z:\\Hry\\AvP2-ph\\AVP2XServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-09 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [2001-10-25 14336]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2006-12-29 686080]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2008-06-05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2008-06-05 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2008-06-05 38784]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2007-08-08 219264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2009-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.windowsxlive.net
uInternet Connection Wizard,ShellNext = hxxp://www.bitcomet.com/client/changelo ... 76&l=cz_cz
uInternet Settings,ProxyServer = 208.62.125.146:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 15:13:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{917CCA86-1A63-24D0-D5E8-2C1A08256796}*]
"hahniagdodlmfche"=hex:6a,61,6d,6f,6f,69,6e,67,70,6d,62,6e,6f,6f,62,68,61,6b,
6b,64,00,a4
"iafnchnkdinbijclhi"=hex:69,61,64,6f,70,6b,67,70,6c,66,6e,67,65,68,67,6c,6b,66,
00,77
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D1E3314-5AA0-F885-1225-DCE2558BB65F}*]
"iamjneakfddbajokfe"=hex:6a,61,69,64,66,62,67,61,6d,65,6e,6f,61,69,61,64,64,70,
6b,69,00,00
"hacjhjljmohgfjml"=hex:6a,61,6a,64,6b,67,67,6e,62,68,6b,6e,61,65,64,6f,6c,62,
66,6c,00,00
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,d0,5f,bd,39,ae,31,30,61,8a,dc,98,45,26,7e,d1,00,97,f8,49,28,a4,56,
5f,02,07,06,eb,b3,44,b6,94,50,e5,65,60,aa,3c,32,fd,ac,c9,00,51,bb,ad,e4,95,\
"??"=hex:6c,f3,dc,94,45,11,c3,5a,bf,87,f7,3c,df,13,cf,83
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6b,14,29,57,56,85,9b,cc,e3,80,85,c9,a5,1b,08,76,39,a4,24,e9,a2,
2e,05,d6,69,b9,bf,79,51,eb,99,22,dc,61,0e,01,f0,ef,34,93,08,f7,1a,6a,d5,b2,\
"rkeysecu"=hex:d8,62,68,9b,a1,60,a1,90,1e,17,33,fa,c2,bc,ca,df
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3DF6B5C63EF10504C6C52907095838751EF55DEB88CAA4B5D713DBBAB18F6D73BFCC61FBC66663996FBDEB3C85D6026129CEA25E3B1FC16A8DA5888013A3ABE4192282EC47F94B4EF46A2C1D907B6C38981078CA76F0A1A538B52D95E544277509D69D3095488CDBCC0D4AAA4492AF6B35F8BC3CBBDC0CB41724C0ACAFFED56A638DE6C3DEF1679E7E2A594A91ED7A12DF0F7E215F85BB847C98F3DF49E61EA8112D4A071F1B0F192A8820C5BB60EE64881C834C0A10DEA9D1FC26286192DB3F0EE2E53FAAE9AE6EFEB51BCBD9C423C1B62D42F2B7261AD9107E6E66F91EE05B6B9B8C92280B62E8C2007AEA5AF521AA8492E830BBF583FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB3452A488335373BCB6055FDBE894D3D44186C30A932D13FC9D4D3CA020205913389D59CD69AB7A840D1EDC3E1D28C2610F1FD0CEA93EDE2D9DBCB50DBAEEC88A8DC6BB0849615034BBFE0CEEB80C2944B5A5A60506AA104C7057C95F897AFA410FB5EA743DDBDC2EB869C68024A77843FBE878B4B37242274D1723B2558454288435AC64EFB6ECABFA138B9A8C92077CAAAA9C7780CB76E1ECEE13B72EFB9E08397F6A3F52C0B33800A77B7562998FE090238F7E7D200DEF10BF8CB4670A847A7C4831FA187E4532C8C3DCE0DCBC3034FE7DED0C818D4F1CF763287F178717ED2234B028B9271CCF597A9A3EF1B0EA91CA587CF628646904EBA521841A834CA682DA3FE5F2269496BBCF4084625D27E24EC6A02C4D2BE91A36C558C58F41FA39F84A54E8C49BF0E37A4001BC2DE02E6A6650E6A9159B4222267951D6D8B65E1364840E7C7359D5E6A739B287178A2F3DF5EEFB03E3A14D390D67335E9E0E9970A9FB2D7C85E94CA3571C5094AADFBC43E19235DE646144C9432B4B9A4BA5AFE5AE1C95DBC885C2F1A23EF5ABB4974D39931D08F885AD479723D6085B8E1188D96040511E4C9D0B7CA5EA67A6C5213AB0F9671021781258B70AEC7E835B9671862F3B0DDC6555D84481DE09733499420E853C8BBA35CAE0935CE4E40E68B09A7A0DD01945AA04479C5B4E649517D7898A2C58DD3B73CAAB6AFEAC9984318D189A72B9EA1A79B552AD5A5E29224DE3943267718DB03236E84CDDA21B09F48F629ADA249BAEF1A9DCF1ABA7284377794DE6352DC5B7B4E62A20671B0D4F37CC5687C6AF676DF7522A3B81B9D7B8FA89045B17265585806A679F0E5F389F3E91B33F38722FD3B258E5AB0E95515201B9E91A92EC2F605F03FB57472987D6165B1FF338F578728F189C3C8C33D2797662167F31836A24DE25292B102B8B630DDC222ED136EC6F3FA0BFB7B77A3E268B8D01BC02E1423F52FA0FCEE507F7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Celkový čas: 2009-04-10 15:15:04
ComboFix-quarantined-files.txt 2009-04-10 13:15:01
Před spuštěním: Volných bajtů: 29 441 449 984
Po spuštění: Volných bajtů: 29,427,372,032
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
260 --- E O F --- 2009-03-31 20:59:36
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2535 [GMT 2:00]
Spuštěný z: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1282 [VPS 090409-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-04-03 16:11 . 2009-04-03 16:37 <DIR> d-------- c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Red Alert 3
2009-03-31 22:59 . 2009-03-31 22:59 <DIR> d-------- c:\windows\system32\KB905474
2009-03-31 22:59 . 2009-03-10 22:26 1,435,008 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-03-31 22:59 . 2009-03-10 22:18 454,024 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-03-31 22:59 . 2009-02-09 18:51 13,502 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-24 21:08 . 2009-03-24 21:08 48 --a------ c:\windows\0
2009-03-10 16:10 . 2009-03-10 19:27 139,264 --a------ c:\windows\War3Unin.exe
2009-03-10 16:10 . 2009-03-10 19:27 45,261 --a------ c:\windows\War3Unin.dat
2009-03-10 16:10 . 2009-03-10 19:27 2,829 --a------ c:\windows\War3Unin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 12:56 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Skype
2009-04-10 07:39 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\skypePM
2009-04-07 13:44 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\TeamViewer
2009-04-05 13:01 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\OpenOffice.org2
2009-04-03 13:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\uTorrent
2009-03-25 18:00 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-25 18:00 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-03-25 18:00 12,067 ----atw c:\windows\system32\SIntf16.dll
2009-03-24 18:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 07:11 --------- d-----w c:\program files\ICQ6
2009-03-07 08:33 --------- d-----w c:\program files\TravianManager
2009-03-01 16:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Vidalia
2009-02-26 15:43 --------- d-----w c:\program files\Trend Micro
2009-02-22 16:12 --------- d-----w c:\program files\SysJewel
2009-02-22 16:08 --------- d-----w c:\program files\Ultra Sys Info
2009-02-19 13:47 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\tor
2009-02-19 10:28 --------- d-----w c:\program files\Vidalia Bundle
2009-02-16 19:15 --------- d-----w c:\program files\GameSpy Arcade
2009-02-16 19:09 --------- d-----w c:\program files\Styler
2009-02-16 19:07 --------- d-----w c:\program files\Total Video Converter
2009-02-16 19:06 --------- d-----w c:\program files\SQLyog
2009-02-16 19:05 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Samsung
2009-02-16 17:45 --------- d-----w c:\program files\AIMP2
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-17 10:42 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-05-26 17:58 27,480 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-09 18:57 22,328 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\PnkBstrK.sys
2008-03-16 15:06 32 ----a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\ezsid.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 17:36 140976 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ScreenHunter 4.0 Free.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ScreenHunter 4.0 Free.lnk
backup=c:\windows\pss\ScreenHunter 4.0 Free.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^TV Remote Control.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\TV Remote Control.lnk
backup=c:\windows\pss\TV Remote Control.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^TA_Start.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^Think-Adz.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\Think-Adz.lnk
backup=c:\windows\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-12 18:54 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 08:52 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
--a------ 2008-02-23 12:24 958464 c:\program files\Labtec\Mouse\V3.0\moffice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2005-08-09 18:35 8597586 c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 08:52 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 09:19 13680640 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 18:35 1294336 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 09:09 200704 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2009-01-21 04:59 4033618 c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
--a------ 2006-07-31 13:33 36864 c:\program files\VisualTaskTips\VisualTaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 09:19 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 09:19 1657376 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"RasMan"=3 (0x3)
"Messenger"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"z:\\Hry\\Need For Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\caci.WIN-M8BJMBUM0PM\\temp\\TeamViewer3\\TeamViewer.exe"=
"z:\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\TravianManager\\TravianManager-Client.exe"=
"z:\\Hry\\Warcraft III\\Warcraft III.exe"=
"z:\\Hry\\Counter Strike - Source\\hl2.exe"=
"z:\\Hry\\AvP2-ph\\AVP2XServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-09 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [2001-10-25 14336]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2006-12-29 686080]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2008-06-05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2008-06-05 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2008-06-05 38784]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2007-08-08 219264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2009-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.windowsxlive.net
uInternet Connection Wizard,ShellNext = hxxp://www.bitcomet.com/client/changelo ... 76&l=cz_cz
uInternet Settings,ProxyServer = 208.62.125.146:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 15:13:43
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{917CCA86-1A63-24D0-D5E8-2C1A08256796}*]
"hahniagdodlmfche"=hex:6a,61,6d,6f,6f,69,6e,67,70,6d,62,6e,6f,6f,62,68,61,6b,
6b,64,00,a4
"iafnchnkdinbijclhi"=hex:69,61,64,6f,70,6b,67,70,6c,66,6e,67,65,68,67,6c,6b,66,
00,77
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D1E3314-5AA0-F885-1225-DCE2558BB65F}*]
"iamjneakfddbajokfe"=hex:6a,61,69,64,66,62,67,61,6d,65,6e,6f,61,69,61,64,64,70,
6b,69,00,00
"hacjhjljmohgfjml"=hex:6a,61,6a,64,6b,67,67,6e,62,68,6b,6e,61,65,64,6f,6c,62,
66,6c,00,00
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,d0,5f,bd,39,ae,31,30,61,8a,dc,98,45,26,7e,d1,00,97,f8,49,28,a4,56,
5f,02,07,06,eb,b3,44,b6,94,50,e5,65,60,aa,3c,32,fd,ac,c9,00,51,bb,ad,e4,95,\
"??"=hex:6c,f3,dc,94,45,11,c3,5a,bf,87,f7,3c,df,13,cf,83
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6b,14,29,57,56,85,9b,cc,e3,80,85,c9,a5,1b,08,76,39,a4,24,e9,a2,
2e,05,d6,69,b9,bf,79,51,eb,99,22,dc,61,0e,01,f0,ef,34,93,08,f7,1a,6a,d5,b2,\
"rkeysecu"=hex:d8,62,68,9b,a1,60,a1,90,1e,17,33,fa,c2,bc,ca,df
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3DF6B5C63EF10504C6C52907095838751EF55DEB88CAA4B5D713DBBAB18F6D73BFCC61FBC66663996FBDEB3C85D6026129CEA25E3B1FC16A8DA5888013A3ABE4192282EC47F94B4EF46A2C1D907B6C38981078CA76F0A1A538B52D95E544277509D69D3095488CDBCC0D4AAA4492AF6B35F8BC3CBBDC0CB41724C0ACAFFED56A638DE6C3DEF1679E7E2A594A91ED7A12DF0F7E215F85BB847C98F3DF49E61EA8112D4A071F1B0F192A8820C5BB60EE64881C834C0A10DEA9D1FC26286192DB3F0EE2E53FAAE9AE6EFEB51BCBD9C423C1B62D42F2B7261AD9107E6E66F91EE05B6B9B8C92280B62E8C2007AEA5AF521AA8492E830BBF583FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB3452A488335373BCB6055FDBE894D3D44186C30A932D13FC9D4D3CA020205913389D59CD69AB7A840D1EDC3E1D28C2610F1FD0CEA93EDE2D9DBCB50DBAEEC88A8DC6BB0849615034BBFE0CEEB80C2944B5A5A60506AA104C7057C95F897AFA410FB5EA743DDBDC2EB869C68024A77843FBE878B4B37242274D1723B2558454288435AC64EFB6ECABFA138B9A8C92077CAAAA9C7780CB76E1ECEE13B72EFB9E08397F6A3F52C0B33800A77B7562998FE090238F7E7D200DEF10BF8CB4670A847A7C4831FA187E4532C8C3DCE0DCBC3034FE7DED0C818D4F1CF763287F178717ED2234B028B9271CCF597A9A3EF1B0EA91CA587CF628646904EBA521841A834CA682DA3FE5F2269496BBCF4084625D27E24EC6A02C4D2BE91A36C558C58F41FA39F84A54E8C49BF0E37A4001BC2DE02E6A6650E6A9159B4222267951D6D8B65E1364840E7C7359D5E6A739B287178A2F3DF5EEFB03E3A14D390D67335E9E0E9970A9FB2D7C85E94CA3571C5094AADFBC43E19235DE646144C9432B4B9A4BA5AFE5AE1C95DBC885C2F1A23EF5ABB4974D39931D08F885AD479723D6085B8E1188D96040511E4C9D0B7CA5EA67A6C5213AB0F9671021781258B70AEC7E835B9671862F3B0DDC6555D84481DE09733499420E853C8BBA35CAE0935CE4E40E68B09A7A0DD01945AA04479C5B4E649517D7898A2C58DD3B73CAAB6AFEAC9984318D189A72B9EA1A79B552AD5A5E29224DE3943267718DB03236E84CDDA21B09F48F629ADA249BAEF1A9DCF1ABA7284377794DE6352DC5B7B4E62A20671B0D4F37CC5687C6AF676DF7522A3B81B9D7B8FA89045B17265585806A679F0E5F389F3E91B33F38722FD3B258E5AB0E95515201B9E91A92EC2F605F03FB57472987D6165B1FF338F578728F189C3C8C33D2797662167F31836A24DE25292B102B8B630DDC222ED136EC6F3FA0BFB7B77A3E268B8D01BC02E1423F52FA0FCEE507F7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Celkový čas: 2009-04-10 15:15:04
ComboFix-quarantined-files.txt 2009-04-10 13:15:01
Před spuštěním: Volných bajtů: 29 441 449 984
Po spuštění: Volných bajtů: 29,427,372,032
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
260 --- E O F --- 2009-03-31 20:59:36
I5-4460, R9 380 4g, SS 500W, 4GB HyperX
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola - Pomalý net
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
Vlož sem pak odkazy výsledků.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\TA_Start.lnk
C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^Think-Adz.lnk
c:\windows\pss\TA_Start.lnkStartup
c:\windows\pss\Think-Adz.lnkStartup
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^TA_Start.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^Think-Adz.lnk]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT kontrola - Pomalý net
ComboFix 09-04-04.01 - caci 2009-04-10 17:21:14.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2542 [GMT 2:00]
Spuštěný z: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1282 [VPS 090409-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\TA_Start.lnk
c:\windows\pss\TA_Start.lnkStartup
c:\windows\pss\Think-Adz.lnkStartup
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\pss\TA_Start.lnkStartup
c:\windows\pss\Think-Adz.lnkStartup
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-04-03 16:11 . 2009-04-03 16:37 <DIR> d-------- c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Red Alert 3
2009-03-31 22:59 . 2009-03-31 22:59 <DIR> d-------- c:\windows\system32\KB905474
2009-03-31 22:59 . 2009-03-10 22:26 1,435,008 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-03-31 22:59 . 2009-03-10 22:18 454,024 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-03-31 22:59 . 2009-02-09 18:51 13,502 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-24 21:08 . 2009-03-24 21:08 48 --a------ c:\windows\0
2009-03-10 16:10 . 2009-03-10 19:27 139,264 --a------ c:\windows\War3Unin.exe
2009-03-10 16:10 . 2009-03-10 19:27 45,261 --a------ c:\windows\War3Unin.dat
2009-03-10 16:10 . 2009-03-10 19:27 2,829 --a------ c:\windows\War3Unin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 15:16 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Skype
2009-04-10 15:15 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\skypePM
2009-04-07 13:44 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\TeamViewer
2009-04-05 13:01 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\OpenOffice.org2
2009-04-03 13:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\uTorrent
2009-03-25 18:00 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-25 18:00 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-03-25 18:00 12,067 ----atw c:\windows\system32\SIntf16.dll
2009-03-24 18:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 07:11 --------- d-----w c:\program files\ICQ6
2009-03-07 08:33 --------- d-----w c:\program files\TravianManager
2009-03-01 16:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Vidalia
2009-02-26 15:43 --------- d-----w c:\program files\Trend Micro
2009-02-22 16:12 --------- d-----w c:\program files\SysJewel
2009-02-22 16:08 --------- d-----w c:\program files\Ultra Sys Info
2009-02-19 13:47 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\tor
2009-02-19 10:28 --------- d-----w c:\program files\Vidalia Bundle
2009-02-16 19:15 --------- d-----w c:\program files\GameSpy Arcade
2009-02-16 19:09 --------- d-----w c:\program files\Styler
2009-02-16 19:07 --------- d-----w c:\program files\Total Video Converter
2009-02-16 19:06 --------- d-----w c:\program files\SQLyog
2009-02-16 19:05 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Samsung
2009-02-16 17:45 --------- d-----w c:\program files\AIMP2
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-17 10:42 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-05-26 17:58 27,480 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-09 18:57 22,328 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\PnkBstrK.sys
2008-03-16 15:06 32 ----a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\ezsid.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-10_15.14.11,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 13:21:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_698.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 17:36 140976 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ScreenHunter 4.0 Free.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ScreenHunter 4.0 Free.lnk
backup=c:\windows\pss\ScreenHunter 4.0 Free.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^TV Remote Control.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\TV Remote Control.lnk
backup=c:\windows\pss\TV Remote Control.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-12 18:54 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 08:52 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
--a------ 2008-02-23 12:24 958464 c:\program files\Labtec\Mouse\V3.0\moffice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2005-08-09 18:35 8597586 c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 08:52 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 09:19 13680640 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 18:35 1294336 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 09:09 200704 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2009-01-21 04:59 4033618 c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
--a------ 2006-07-31 13:33 36864 c:\program files\VisualTaskTips\VisualTaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 09:19 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 09:19 1657376 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"RasMan"=3 (0x3)
"Messenger"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"z:\\Hry\\Need For Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\caci.WIN-M8BJMBUM0PM\\temp\\TeamViewer3\\TeamViewer.exe"=
"z:\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\TravianManager\\TravianManager-Client.exe"=
"z:\\Hry\\Warcraft III\\Warcraft III.exe"=
"z:\\Hry\\Counter Strike - Source\\hl2.exe"=
"z:\\Hry\\AvP2-ph\\AVP2XServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-09 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [2001-10-25 14336]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2006-12-29 686080]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2008-06-05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2008-06-05 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2008-06-05 38784]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2007-08-08 219264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2009-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.windowsxlive.net
uInternet Connection Wizard,ShellNext = hxxp://www.bitcomet.com/client/changelo ... 76&l=cz_cz
uInternet Settings,ProxyServer = 208.62.125.146:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 17:23:02
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{917CCA86-1A63-24D0-D5E8-2C1A08256796}*]
"hahniagdodlmfche"=hex:6a,61,6d,6f,6f,69,6e,67,70,6d,62,6e,6f,6f,62,68,61,6b,
6b,64,00,a4
"iafnchnkdinbijclhi"=hex:69,61,64,6f,70,6b,67,70,6c,66,6e,67,65,68,67,6c,6b,66,
00,77
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D1E3314-5AA0-F885-1225-DCE2558BB65F}*]
"iamjneakfddbajokfe"=hex:6a,61,69,64,66,62,67,61,6d,65,6e,6f,61,69,61,64,64,70,
6b,69,00,00
"hacjhjljmohgfjml"=hex:6a,61,6a,64,6b,67,67,6e,62,68,6b,6e,61,65,64,6f,6c,62,
66,6c,00,00
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,d0,5f,bd,39,ae,31,30,61,8a,dc,98,45,26,7e,d1,00,97,f8,49,28,a4,56,
5f,02,07,06,eb,b3,44,b6,94,50,e5,65,60,aa,3c,32,fd,ac,c9,00,51,bb,ad,e4,95,\
"??"=hex:6c,f3,dc,94,45,11,c3,5a,bf,87,f7,3c,df,13,cf,83
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6b,14,29,57,56,85,9b,cc,e3,80,85,c9,a5,1b,08,76,39,a4,24,e9,a2,
2e,05,d6,69,b9,bf,79,51,eb,99,22,dc,61,0e,01,f0,ef,34,93,08,f7,1a,6a,d5,b2,\
"rkeysecu"=hex:d8,62,68,9b,a1,60,a1,90,1e,17,33,fa,c2,bc,ca,df
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3DF6B5C63EF10504C6C52907095838751EF55DEB88CAA4B5D713DBBAB18F6D73BFCC61FBC66663996FBDEB3C85D6026129CEA25E3B1FC16A8DA5888013A3ABE4192282EC47F94B4EF46A2C1D907B6C38981078CA76F0A1A538B52D95E544277509D69D3095488CDBCC0D4AAA4492AF6B35F8BC3CBBDC0CB41724C0ACAFFED56A638DE6C3DEF1679E7E2A594A91ED7A12DF0F7E215F85BB847C98F3DF49E61EA8112D4A071F1B0F192A8820C5BB60EE64881C834C0A10DEA9D1FC26286192DB3F0EE2E53FAAE9AE6EFEB51BCBD9C423C1B62D42F2B7261AD9107E6E66F91EE05B6B9B8C92280B62E8C2007AEA5AF521AA8492E830BBF583FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB3452A488335373BCB6055FDBE894D3D44186C30A932D13FC9D4D3CA020205913389D59CD69AB7A840D1EDC3E1D28C2610F1FD0CEA93EDE2D9DBCB50DBAEEC88A8DC6BB0849615034BBFE0CEEB80C2944B5A5A60506AA104C7057C95F897AFA410FB5EA743DDBDC2EB869C68024A77843FBE878B4B37242274D1723B2558454288435AC64EFB6ECABFA138B9A8C92077CAAAA9C7780CB76E1ECEE13B72EFB9E08397F6A3F52C0B33800A77B7562998FE090238F7E7D200DEF10BF8CB4670A847A7C4831FA187E4532C8C3DCE0DCBC3034FE7DED0C818D4F1CF763287F178717ED2234B028B9271CCF597A9A3EF1B0EA91CA587CF628646904EBA521841A834CA682DA3FE5F2269496BBCF4084625D27E24EC6A02C4D2BE91A36C558C58F41FA39F84A54E8C49BF0E37A4001BC2DE02E6A6650E6A9159B4222267951D6D8B65E1364840E7C7359D5E6A739B287178A2F3DF5EEFB03E3A14D390D67335E9E0E9970A9FB2D7C85E94CA3571C5094AADFBC43E19235DE646144C9432B4B9A4BA5AFE5AE1C95DBC885C2F1A23EF5ABB4974D39931D08F885AD479723D6085B8E1188D96040511E4C9D0B7CA5EA67A6C5213AB0F9671021781258B70AEC7E835B9671862F3B0DDC6555D84481DE09733499420E853C8BBA35CAE0935CE4E40E68B09A7A0DD01945AA04479C5B4E649517D7898A2C58DD3B73CAAB6AFEAC9984318D189A72B9EA1A79B552AD5A5E29224DE3943267718DB03236E84CDDA21B09F48F629ADA249BAEF1A9DCF1ABA7284377794DE6352DC5B7B4E62A20671B0D4F37CC5687C6AF676DF7522A3B81B9D7B8FA89045B17265585806A679F0E5F389F3E91B33F38722FD3B258E5AB0E95515201B9E91A92EC2F605F03FB57472987D6165B1FF338F578728F189C3C8C33D2797662167F31836A24DE25292B102B8B630DDC222ED136EC6F3FA0BFB7B77A3E268B8D01BC02E1423F52FA0FCEE507F7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Celkový čas: 2009-04-10 17:24:27
ComboFix-quarantined-files.txt 2009-04-10 15:24:25
ComboFix2.txt 2009-04-10 13:15:05
Před spuštěním: Volných bajtů: 29 391 450 112
Po spuštění: Volných bajtů: 29,376,364,544
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
269 --- E O F --- 2009-03-31 20:59:36
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3070.2542 [GMT 2:00]
Spuštěný z: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1282 [VPS 090409-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\TA_Start.lnk
c:\windows\pss\TA_Start.lnkStartup
c:\windows\pss\Think-Adz.lnkStartup
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\pss\TA_Start.lnkStartup
c:\windows\pss\Think-Adz.lnkStartup
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.
2009-04-03 16:11 . 2009-04-03 16:37 <DIR> d-------- c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Red Alert 3
2009-03-31 22:59 . 2009-03-31 22:59 <DIR> d-------- c:\windows\system32\KB905474
2009-03-31 22:59 . 2009-03-10 22:26 1,435,008 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-03-31 22:59 . 2009-03-10 22:18 454,024 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-03-31 22:59 . 2009-02-09 18:51 13,502 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-24 21:08 . 2009-03-24 21:08 48 --a------ c:\windows\0
2009-03-10 16:10 . 2009-03-10 19:27 139,264 --a------ c:\windows\War3Unin.exe
2009-03-10 16:10 . 2009-03-10 19:27 45,261 --a------ c:\windows\War3Unin.dat
2009-03-10 16:10 . 2009-03-10 19:27 2,829 --a------ c:\windows\War3Unin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 15:16 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Skype
2009-04-10 15:15 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\skypePM
2009-04-07 13:44 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\TeamViewer
2009-04-05 13:01 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\OpenOffice.org2
2009-04-03 13:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\uTorrent
2009-03-25 18:00 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-25 18:00 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-03-25 18:00 12,067 ----atw c:\windows\system32\SIntf16.dll
2009-03-24 18:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 07:11 --------- d-----w c:\program files\ICQ6
2009-03-07 08:33 --------- d-----w c:\program files\TravianManager
2009-03-01 16:06 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Vidalia
2009-02-26 15:43 --------- d-----w c:\program files\Trend Micro
2009-02-22 16:12 --------- d-----w c:\program files\SysJewel
2009-02-22 16:08 --------- d-----w c:\program files\Ultra Sys Info
2009-02-19 13:47 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\tor
2009-02-19 10:28 --------- d-----w c:\program files\Vidalia Bundle
2009-02-16 19:15 --------- d-----w c:\program files\GameSpy Arcade
2009-02-16 19:09 --------- d-----w c:\program files\Styler
2009-02-16 19:07 --------- d-----w c:\program files\Total Video Converter
2009-02-16 19:06 --------- d-----w c:\program files\SQLyog
2009-02-16 19:05 --------- d-----w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Samsung
2009-02-16 17:45 --------- d-----w c:\program files\AIMP2
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-17 10:42 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-05-26 17:58 27,480 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-09 18:57 22,328 ----a-w c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\PnkBstrK.sys
2008-03-16 15:06 32 ----a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\ezsid.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-10_15.14.11,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 13:21:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_698.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 17:36 140976 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^ScreenHunter 4.0 Free.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\ScreenHunter 4.0 Free.lnk
backup=c:\windows\pss\ScreenHunter 4.0 Free.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^TV Remote Control.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\TV Remote Control.lnk
backup=c:\windows\pss\TV Remote Control.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^caci.WIN-M8BJMBUM0PM^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\caci.WIN-M8BJMBUM0PM\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-12 18:54 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 08:52 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
--a------ 2008-02-23 12:24 958464 c:\program files\Labtec\Mouse\V3.0\moffice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2005-08-09 18:35 8597586 c:\program files\Intel Audio Studio\IntelAudioStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 08:52 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 09:19 13680640 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 18:35 1294336 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 09:09 200704 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2009-01-21 04:59 4033618 c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
--a------ 2006-07-31 13:33 36864 c:\program files\VisualTaskTips\VisualTaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 09:19 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 09:19 1657376 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"RasMan"=3 (0x3)
"Messenger"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"z:\\Hry\\Need For Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\caci.WIN-M8BJMBUM0PM\\temp\\TeamViewer3\\TeamViewer.exe"=
"z:\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\TravianManager\\TravianManager-Client.exe"=
"z:\\Hry\\Warcraft III\\Warcraft III.exe"=
"z:\\Hry\\Counter Strike - Source\\hl2.exe"=
"z:\\Hry\\AvP2-ph\\AVP2XServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-09 20560]
R2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe -k netsvcs [2001-10-25 14336]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2006-12-29 686080]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2008-06-05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2008-06-05 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2008-06-05 38784]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2007-08-08 219264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2009-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.windowsxlive.net
uInternet Connection Wizard,ShellNext = hxxp://www.bitcomet.com/client/changelo ... 76&l=cz_cz
uInternet Settings,ProxyServer = 208.62.125.146:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\caci.WIN-M8BJMBUM0PM\Data aplikací\Mozilla\Firefox\Profiles\f4orjtl8.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 17:23:02
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{917CCA86-1A63-24D0-D5E8-2C1A08256796}*]
"hahniagdodlmfche"=hex:6a,61,6d,6f,6f,69,6e,67,70,6d,62,6e,6f,6f,62,68,61,6b,
6b,64,00,a4
"iafnchnkdinbijclhi"=hex:69,61,64,6f,70,6b,67,70,6c,66,6e,67,65,68,67,6c,6b,66,
00,77
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D1E3314-5AA0-F885-1225-DCE2558BB65F}*]
"iamjneakfddbajokfe"=hex:6a,61,69,64,66,62,67,61,6d,65,6e,6f,61,69,61,64,64,70,
6b,69,00,00
"hacjhjljmohgfjml"=hex:6a,61,6a,64,6b,67,67,6e,62,68,6b,6e,61,65,64,6f,6c,62,
66,6c,00,00
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (S-1-5-21-515967899-1770027372-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,d0,5f,bd,39,ae,31,30,61,8a,dc,98,45,26,7e,d1,00,97,f8,49,28,a4,56,
5f,02,07,06,eb,b3,44,b6,94,50,e5,65,60,aa,3c,32,fd,ac,c9,00,51,bb,ad,e4,95,\
"??"=hex:6c,f3,dc,94,45,11,c3,5a,bf,87,f7,3c,df,13,cf,83
[HKEY_USERS\S-1-5-21-515967899-1770027372-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:6b,14,29,57,56,85,9b,cc,e3,80,85,c9,a5,1b,08,76,39,a4,24,e9,a2,
2e,05,d6,69,b9,bf,79,51,eb,99,22,dc,61,0e,01,f0,ef,34,93,08,f7,1a,6a,d5,b2,\
"rkeysecu"=hex:d8,62,68,9b,a1,60,a1,90,1e,17,33,fa,c2,bc,ca,df
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3DF6B5C63EF10504C6C52907095838751EF55DEB88CAA4B5D713DBBAB18F6D73BFCC61FBC66663996FBDEB3C85D6026129CEA25E3B1FC16A8DA5888013A3ABE4192282EC47F94B4EF46A2C1D907B6C38981078CA76F0A1A538B52D95E544277509D69D3095488CDBCC0D4AAA4492AF6B35F8BC3CBBDC0CB41724C0ACAFFED56A638DE6C3DEF1679E7E2A594A91ED7A12DF0F7E215F85BB847C98F3DF49E61EA8112D4A071F1B0F192A8820C5BB60EE64881C834C0A10DEA9D1FC26286192DB3F0EE2E53FAAE9AE6EFEB51BCBD9C423C1B62D42F2B7261AD9107E6E66F91EE05B6B9B8C92280B62E8C2007AEA5AF521AA8492E830BBF583FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB3452A488335373BCB6055FDBE894D3D44186C30A932D13FC9D4D3CA020205913389D59CD69AB7A840D1EDC3E1D28C2610F1FD0CEA93EDE2D9DBCB50DBAEEC88A8DC6BB0849615034BBFE0CEEB80C2944B5A5A60506AA104C7057C95F897AFA410FB5EA743DDBDC2EB869C68024A77843FBE878B4B37242274D1723B2558454288435AC64EFB6ECABFA138B9A8C92077CAAAA9C7780CB76E1ECEE13B72EFB9E08397F6A3F52C0B33800A77B7562998FE090238F7E7D200DEF10BF8CB4670A847A7C4831FA187E4532C8C3DCE0DCBC3034FE7DED0C818D4F1CF763287F178717ED2234B028B9271CCF597A9A3EF1B0EA91CA587CF628646904EBA521841A834CA682DA3FE5F2269496BBCF4084625D27E24EC6A02C4D2BE91A36C558C58F41FA39F84A54E8C49BF0E37A4001BC2DE02E6A6650E6A9159B4222267951D6D8B65E1364840E7C7359D5E6A739B287178A2F3DF5EEFB03E3A14D390D67335E9E0E9970A9FB2D7C85E94CA3571C5094AADFBC43E19235DE646144C9432B4B9A4BA5AFE5AE1C95DBC885C2F1A23EF5ABB4974D39931D08F885AD479723D6085B8E1188D96040511E4C9D0B7CA5EA67A6C5213AB0F9671021781258B70AEC7E835B9671862F3B0DDC6555D84481DE09733499420E853C8BBA35CAE0935CE4E40E68B09A7A0DD01945AA04479C5B4E649517D7898A2C58DD3B73CAAB6AFEAC9984318D189A72B9EA1A79B552AD5A5E29224DE3943267718DB03236E84CDDA21B09F48F629ADA249BAEF1A9DCF1ABA7284377794DE6352DC5B7B4E62A20671B0D4F37CC5687C6AF676DF7522A3B81B9D7B8FA89045B17265585806A679F0E5F389F3E91B33F38722FD3B258E5AB0E95515201B9E91A92EC2F605F03FB57472987D6165B1FF338F578728F189C3C8C33D2797662167F31836A24DE25292B102B8B630DDC222ED136EC6F3FA0BFB7B77A3E268B8D01BC02E1423F52FA0FCEE507F7"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Celkový čas: 2009-04-10 17:24:27
ComboFix-quarantined-files.txt 2009-04-10 15:24:25
ComboFix2.txt 2009-04-10 13:15:05
Před spuštěním: Volných bajtů: 29 391 450 112
Po spuštění: Volných bajtů: 29,376,364,544
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
269 --- E O F --- 2009-03-31 20:59:36
I5-4460, R9 380 4g, SS 500W, 4GB HyperX
Re: HJT kontrola - Pomalý net
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:16, on 10.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/changelo ... 76&l=cz_cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 7359 bytes
Scan saved at 17:27:16, on 10.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/changelo ... 76&l=cz_cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.62.125.146:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 7359 bytes
I5-4460, R9 380 4g, SS 500W, 4GB HyperX
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola - Pomalý net
Co ty soubory na VirusTotal?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: HJT kontrola - Pomalý net
ten prvni: http://www.virustotal.com/cs/analisis/f ... 7747e9ba86
a zbyle 2 mi nejak nejdou nahrat
Pise mi to:
Exception
Please report failure as: ErrorTime= "Apr 10 17:48:21"
a zbyle 2 mi nejak nejdou nahrat
Pise mi to:
Exception
Please report failure as: ErrorTime= "Apr 10 17:48:21"
I5-4460, R9 380 4g, SS 500W, 4GB HyperX
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: HJT kontrola - Pomalý net
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Znovu můžeš pročistit CCleanerem.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.Případné problémy budou již nejspíše v HW.
Start-Spustit a zadej ComboFix[mezera]/u
Znovu můžeš pročistit CCleanerem.
Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.Případné problémy budou již nejspíše v HW.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů