RAMASST

KSSA · Příspěvekod **KSSA** » 06 čer 2009 23:34

Zdravím,

mám problém s PC. Chová se občas podivně, ale není to zatím nic strašného.
Ale bojím se, co všechno raší...

Díky
Tady je log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:11, on 6.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\SmartCom\Services\SmartcomSCPService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CFB1C74-5BB6-466E-A3A7-A155D0EED1E9}: NameServer = 80.188.178.129,80.188.178.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CFB1C74-5BB6-466E-A3A7-A155D0EED1E9}: NameServer = 80.188.178.129,80.188.178.132
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CFB1C74-5BB6-466E-A3A7-A155D0EED1E9}: NameServer = 80.188.178.129,80.188.178.132
O17 - HKLM\System\CS3\Services\Tcpip\..\{1CFB1C74-5BB6-466E-A3A7-A155D0EED1E9}: NameServer = 80.188.178.129,80.188.178.132
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Common Files\SmartCom\Services\SmartcomSCPService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11187 bytes

Reklama

Damned · Příspěvekod **Damned** » 06 čer 2009 23:48

Spusť HJT a fixni (zatrhnout políčko před hodnotou zmáčknout "Fix checked"):

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Soubor RAMASST.exe býval kdysi součást u mechanik LG a Panasonic.

Můžeš ho zkontrolovat na Virustotalu . Najdeš ho v :
C:\WINDOWS\system32\RAMASST.exe
Zároveň tam nech zkontrolovat i toto (to by mělo snad patřit k SF):
C:\WINDOWS\System32\appdrvrem01.exe a vlož sem odkazy na výsledky.

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

KSSA · Příspěvekod **KSSA** » 07 čer 2009 00:05

Fixnuto, zkontrolováno - Vše ok:

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2238
Windows 5.1.2600 Service Pack 2

6.6.2009 23:54:59
mbam-log-2009-06-06 (23-54-59).txt

Typ skenu: Rychlý sken
Objektu skenováno: 86293
Uplynulý cas: 3 minute(s), 22 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

KSSA · Příspěvekod **KSSA** » 07 čer 2009 00:08

Ještě, jestli z toho vyčteš... Zobrazují se mi dvě virtuální mechaniky a přitom jsem všechny odpojil.
MagicDisk, Daemon a Alcohol120%

Taky se mi zdá, že v poslední době se mi nenačte absolutně žádná placka v mechanice.
Ale to je možná nedomáčknutým spojem v bedně...

Edit: A taky mám ve správci zařízení vykřičník u SCSI/RAID Host Controller (je tam tato položka 2x ale vykřičník jen jednou.)
Ty mechaniky mají v SZ označení TKNOWLT VSH2J8PAR8 SCSI Cdrom Device

Damned · Příspěvekod **Damned** » 07 čer 2009 00:17

To bohužel není můj obor, já ti můžu tak maximálně vyčistit PC od šmejdů a chyb(tomu se věnuji).

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Damned · Příspěvekod **Damned** » 07 čer 2009 00:19

Pokud však nějaké odkazy budou neplatné a uvidím je, tak ti je smažu.

Příspěvekod **Pic** » 07 čer 2009 00:59

To KSSA - odstraň ze svého podpisu odkaz na stránku - je to v rozporu s pravidly fóra. K představení vlastních stránek slouží rubrika "Web-tipy a vaše weby". Díky za pochopení. Pic

KSSA · Příspěvekod **KSSA** » 07 čer 2009 11:03

Tady je log s CF:

ComboFix 09-06-06.03 - Štěpán 07.06.2009 10:46.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1534.924 [GMT 2:00]
Spuštěný z: c:\documents and settings\Štěpán\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-07 do 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-06 21:50 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 21:50 . 2009-06-06 21:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 21:50 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 21:25 . 2009-06-06 21:25 -------- d-----w- c:\program files\Trend Micro
2009-06-06 21:11 . 2006-09-22 12:06 92160 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-06-06 21:10 . 2009-06-06 21:11 -------- d-----w- c:\program files\MagicDisc
2009-06-06 21:05 . 2009-06-06 21:06 -------- d-----w- c:\program files\DAEMON Tools
2009-06-06 15:46 . 2009-06-06 15:46 -------- d-----w- c:\program files\VideoLAN
2009-06-02 19:50 . 2009-06-02 19:50 -------- d-----w- c:\program files\Skype
2009-06-02 19:50 . 2009-06-02 19:50 -------- d-----w- c:\program files\Common Files\Skype
2009-06-01 21:37 . 2009-06-01 21:37 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-01 21:37 . 2009-06-01 21:37 -------- d-----w- c:\program files\ArcSoft
2009-06-01 21:35 . 2009-06-01 21:35 -------- d--h--w- c:\windows\$hf_mig$
2009-06-01 21:35 . 2008-05-02 13:32 464384 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-06-01 21:35 . 2008-05-02 13:32 464384 ------w- c:\windows\system32\imapi2fs.dll
2009-06-01 21:35 . 2008-05-02 13:32 317440 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-06-01 21:35 . 2008-05-02 13:32 317440 ------w- c:\windows\system32\imapi2.dll
2009-06-01 21:35 . 2008-05-02 09:05 62592 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-06-01 21:34 . 2009-06-01 22:47 -------- d-----w- c:\program files\Kodak
2009-06-01 00:35 . 2009-06-01 00:39 -------- d-----w- c:\program files\PSPad editor
2009-05-30 11:25 . 2009-05-30 11:25 -------- d-----w- c:\windows\system32\AGEIA
2009-05-30 11:25 . 2009-05-30 11:25 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-30 11:25 . 2009-05-30 11:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 11:25 . 2009-05-25 11:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-25 11:25 . 2009-05-26 03:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-24 14:02 . 2004-08-17 13:49 153088 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-05-24 14:02 . 2004-08-17 13:49 153088 ----a-w- c:\windows\system32\irftp.exe
2009-05-24 14:02 . 2004-08-17 13:49 26624 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-05-24 14:02 . 2004-08-17 13:49 26624 ----a-w- c:\windows\system32\irmon.dll
2009-05-24 14:02 . 2004-08-17 13:49 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-05-24 14:02 . 2004-08-17 13:49 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-05-19 01:58 . 2009-05-19 01:58 -------- d-----w- c:\program files\CENZURA
2009-05-18 21:06 . 2009-05-18 21:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-18 16:43 . 2009-05-18 16:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-18 16:43 . 2009-05-18 16:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 16:43 . 2009-05-18 16:43 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-18 16:43 . 2009-05-18 16:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-18 16:42 . 2009-06-07 08:37 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-18 15:42 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-05-18 15:42 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-05-18 15:28 . 2009-05-18 15:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-18 14:25 . 2004-10-01 23:33 32339 -c--a-w- c:\windows\system32\dllcache\uniansi.dll
2009-05-18 14:24 . 2004-10-01 23:32 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-05-18 14:23 . 2004-08-17 13:49 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2009-05-18 14:22 . 2004-08-17 13:49 726078 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2009-05-18 14:22 . 2004-08-17 13:49 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2009-05-18 14:22 . 2004-08-17 13:49 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2009-05-18 14:22 . 2004-08-17 13:49 5632 -c--a-w- c:\windows\system32\dllcache\wmm2res2.dll
2009-05-18 14:22 . 2004-08-17 13:49 4096 -c--a-w- c:\windows\system32\dllcache\wmm2eres.dll
2009-05-18 14:22 . 2004-08-17 13:49 7680 -c--a-w- c:\windows\system32\dllcache\wmm2ext.dll
2009-05-18 14:22 . 2004-08-17 13:49 502272 -c--a-w- c:\windows\system32\dllcache\wmm2fxa.dll
2009-05-18 14:22 . 2004-08-17 13:49 4263936 -c--a-w- c:\windows\system32\dllcache\wmm2res.dll
2009-05-18 14:22 . 2004-08-17 13:49 402432 -c--a-w- c:\windows\system32\dllcache\wmm2filt.dll
2009-05-18 14:22 . 2004-08-17 13:49 325632 -c--a-w- c:\windows\system32\dllcache\wmm2fxb.dll
2009-05-18 14:22 . 2004-08-17 13:49 167936 -c--a-w- c:\windows\system32\dllcache\wmm2ae.dll
2009-05-18 14:22 . 2004-08-17 13:49 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2009-05-18 13:37 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-05-17 23:21 . 2009-05-17 23:21 -------- d-----w- c:\program files\PowerQuest
2009-05-17 20:21 . 2009-05-17 20:21 -------- d-----w- c:\program files\Adobe Media Player
2009-05-17 14:46 . 2009-05-17 14:46 -------- d-----w- c:\program files\Hamachi
2009-05-17 00:38 . 2009-05-17 00:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-12 14:25 . 2009-05-12 14:25 -------- d-----w- c:\program files\Alcohol Soft
2009-05-11 21:07 . 2009-05-17 20:03 -------- d-----w- c:\program files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 21:14 . 2009-01-08 21:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-03 05:50 . 2009-04-19 20:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 21:44 . 2009-03-06 13:21 -------- d-----w- c:\program files\uTorrent
2009-05-25 11:21 . 2009-01-13 23:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-18 23:20 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-05-18 15:49 . 2009-01-10 17:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-18 14:29 . 2004-10-01 23:33 68916 ----a-w- c:\windows\system32\perfc005.dat
2009-05-18 14:29 . 2004-10-01 23:33 389938 ----a-w- c:\windows\system32\perfh005.dat
2009-05-18 14:21 . 2009-01-08 18:43 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-17 20:02 . 2009-02-02 21:07 -------- d-----w- c:\program files\Opera
2009-05-17 14:46 . 2009-03-12 20:28 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-29 19:43 . 2009-04-29 19:43 -------- d-----w- c:\program files\DVD-RAM
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w- c:\program files\Common Files\Real
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w- c:\program files\Real
2009-04-28 19:53 . 2005-03-23 09:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-22 17:41 . 2009-04-22 14:26 -------- d-----w- c:\program files\FlashGet
2009-04-22 00:15 . 2009-03-31 16:13 -------- d-----w- c:\program files\StrongDC++
2009-04-20 15:13 . 2009-04-20 15:01 -------- d-----w- c:\program files\Common Files\Logitech
2009-04-20 15:13 . 2009-04-20 15:01 -------- d-----w- c:\program files\Logitech
2009-04-19 20:24 . 2009-04-19 20:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-04-19 20:24 . 2009-04-19 20:24 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-04-19 20:04 . 2009-04-19 20:04 -------- d-----w- c:\program files\Atari
2009-04-19 12:21 . 2009-04-19 12:21 -------- d-----w- c:\program files\Phone Remote Control
2009-04-14 21:38 . 2009-04-14 21:37 -------- d-----w- c:\program files\XP Codec Pack
2009-04-14 21:35 . 2009-02-21 21:45 -------- d-----w- c:\program files\DivX
2009-04-14 21:34 . 2009-01-11 02:41 -------- d-----w- c:\program files\AC3Filter
2009-04-14 21:24 . 2009-01-08 19:26 -------- d-----w- c:\program files\Gigabyte
2009-04-14 21:16 . 2009-01-29 22:13 -------- d-----w- c:\program files\CCleaner
2009-03-16 12:18 . 2009-04-14 21:47 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-14 21:47 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-14 21:47 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-14 21:47 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-14 21:47 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-14 21:47 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 13:27 . 2009-04-14 21:47 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-08-06 23165736]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\ćtŘp n\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-6-6 534016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-18 16:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WellPhone XT Sagem"="c:\program files\SmartCom\WellPhone XT Sagem\wellphone2.exe" /background
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"d:\\Hry\\FarCry2\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Hry\\Activision\\CoDWaWmp.exe"=
"d:\\Hry\\Activision\\CoDWaW.exe"=
"d:\\Hry\\FarCry\\Bin32\\FarCry.exe"=
"d:\\Hry\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Hry\\FarCry2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Hry\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\totalcmd\TOTALCMD.EXE"= c:\program files\totalcmd\TOTALCMD.EXE:10.0.12.202/255.255.255.255:Enabled:Total Commander
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"d:\\Hry\\Tom Clancys HAWX\\HAWX.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12:TCP"= 12:TCP:TEST
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [16.1.2009 2:57 2915944]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18.5.2009 18:43 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18.5.2009 18:43 108552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12.2.2009 20:42 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 12:23 16896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18.5.2009 18:42 298776]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SmartcomSCPService;SmartcomSCPService;c:\program files\Common Files\SmartCom\Services\SmartcomSCPService.exe [23.2.2009 23:08 64664]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12.2.2009 20:42 65576]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 288112]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\drivers\UsbSagCom.sys [23.2.2009 22:46 51712]
.
Obsah adresáře 'Naplánované úlohy'
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {1CFB1C74-5BB6-466E-A3A7-A155D0EED1E9} = 80.188.178.129,80.188.178.132
FF - ProfilePath - c:\documents and settings\Štěpán\Data aplikací\Mozilla\Firefox\Profiles\v320s6gh.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 10:51
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-07 10:54
ComboFix-quarantined-files.txt 2009-06-07 08:54

Před spuštěním: 5 673 607 168
Po spuštění: 7 654 985 728

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
redirect=usebiossettings
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

256

Damned · Příspěvekod **Damned** » 07 čer 2009 16:19

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Driver::
appdrvrem01;Application Driver Auto Removal Service (01);
appdrvrem01

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

KSSA · Příspěvekod **KSSA** » 07 čer 2009 17:36

Tady je:

ComboFix 09-06-06.04 - Štěpán 07.06.2009 17:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1534.1068 [GMT 2:00]
Spuštěný z: c:\documents and settings\Štěpán\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Štěpán\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPDRVREM01
-------\Service_appdrvrem01

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-07 do 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-06 21:50 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 21:50 . 2009-06-06 21:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 21:50 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 21:25 . 2009-06-06 21:25 -------- d-----w- c:\program files\Trend Micro
2009-06-06 21:11 . 2006-09-22 12:06 92160 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-06-06 21:10 . 2009-06-06 21:11 -------- d-----w- c:\program files\MagicDisc
2009-06-06 21:05 . 2009-06-06 21:06 -------- d-----w- c:\program files\DAEMON Tools
2009-06-06 15:46 . 2009-06-06 15:46 -------- d-----w- c:\program files\VideoLAN
2009-06-02 19:50 . 2009-06-02 19:50 -------- d-----w- c:\program files\Skype
2009-06-02 19:50 . 2009-06-02 19:50 -------- d-----w- c:\program files\Common Files\Skype
2009-06-01 21:37 . 2009-06-01 21:37 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-01 21:37 . 2009-06-01 21:37 -------- d-----w- c:\program files\ArcSoft
2009-06-01 21:35 . 2009-06-01 21:35 -------- d--h--w- c:\windows\$hf_mig$
2009-06-01 21:35 . 2008-05-02 13:32 464384 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-06-01 21:35 . 2008-05-02 13:32 464384 ------w- c:\windows\system32\imapi2fs.dll
2009-06-01 21:35 . 2008-05-02 13:32 317440 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-06-01 21:35 . 2008-05-02 13:32 317440 ------w- c:\windows\system32\imapi2.dll
2009-06-01 21:35 . 2008-05-02 09:05 62592 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-06-01 21:34 . 2009-06-01 22:47 -------- d-----w- c:\program files\Kodak
2009-06-01 00:35 . 2009-06-01 00:39 -------- d-----w- c:\program files\PSPad editor
2009-05-30 11:25 . 2009-05-30 11:25 -------- d-----w- c:\windows\system32\AGEIA
2009-05-30 11:25 . 2009-05-30 11:25 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-30 11:25 . 2009-05-30 11:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 11:25 . 2009-05-25 11:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-25 11:25 . 2009-05-26 03:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-24 14:02 . 2004-08-17 13:49 153088 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-05-24 14:02 . 2004-08-17 13:49 153088 ----a-w- c:\windows\system32\irftp.exe
2009-05-24 14:02 . 2004-08-17 13:49 26624 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-05-24 14:02 . 2004-08-17 13:49 26624 ----a-w- c:\windows\system32\irmon.dll
2009-05-24 14:02 . 2004-08-17 13:49 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-05-24 14:02 . 2004-08-17 13:49 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-05-19 01:58 . 2009-05-19 01:58 -------- d-----w- c:\program files\CENZURA
2009-05-18 21:06 . 2009-05-18 21:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-18 16:43 . 2009-05-18 16:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-18 16:43 . 2009-05-18 16:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 16:43 . 2009-05-18 16:43 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-18 16:43 . 2009-05-18 16:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-18 16:42 . 2009-06-07 08:37 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-18 15:42 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-05-18 15:42 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-05-18 15:28 . 2009-05-18 15:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-18 14:25 . 2004-10-01 23:33 32339 -c--a-w- c:\windows\system32\dllcache\uniansi.dll
2009-05-18 14:24 . 2004-10-01 23:32 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-05-18 14:23 . 2004-08-17 13:49 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2009-05-18 14:22 . 2004-08-17 13:49 726078 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2009-05-18 14:22 . 2004-08-17 13:49 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2009-05-18 14:22 . 2004-08-17 13:49 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2009-05-18 14:22 . 2004-08-17 13:49 5632 -c--a-w- c:\windows\system32\dllcache\wmm2res2.dll
2009-05-18 14:22 . 2004-08-17 13:49 4096 -c--a-w- c:\windows\system32\dllcache\wmm2eres.dll
2009-05-18 14:22 . 2004-08-17 13:49 7680 -c--a-w- c:\windows\system32\dllcache\wmm2ext.dll
2009-05-18 14:22 . 2004-08-17 13:49 502272 -c--a-w- c:\windows\system32\dllcache\wmm2fxa.dll
2009-05-18 14:22 . 2004-08-17 13:49 4263936 -c--a-w- c:\windows\system32\dllcache\wmm2res.dll
2009-05-18 14:22 . 2004-08-17 13:49 402432 -c--a-w- c:\windows\system32\dllcache\wmm2filt.dll
2009-05-18 14:22 . 2004-08-17 13:49 325632 -c--a-w- c:\windows\system32\dllcache\wmm2fxb.dll
2009-05-18 14:22 . 2004-08-17 13:49 167936 -c--a-w- c:\windows\system32\dllcache\wmm2ae.dll
2009-05-18 14:22 . 2004-08-17 13:49 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2009-05-18 13:37 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-05-17 23:21 . 2009-05-17 23:21 -------- d-----w- c:\program files\PowerQuest
2009-05-17 20:21 . 2009-05-17 20:21 -------- d-----w- c:\program files\Adobe Media Player
2009-05-17 14:46 . 2009-05-17 14:46 -------- d-----w- c:\program files\Hamachi
2009-05-17 00:38 . 2009-05-17 00:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-12 14:25 . 2009-05-12 14:25 -------- d-----w- c:\program files\Alcohol Soft
2009-05-11 21:07 . 2009-05-17 20:03 -------- d-----w- c:\program files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 10:34 . 2009-01-08 21:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-03 05:50 . 2009-04-19 20:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 21:44 . 2009-03-06 13:21 -------- d-----w- c:\program files\uTorrent
2009-05-25 11:21 . 2009-01-13 23:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-18 23:20 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-05-18 15:49 . 2009-01-10 17:17 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-18 14:29 . 2004-10-01 23:33 68916 ----a-w- c:\windows\system32\perfc005.dat
2009-05-18 14:29 . 2004-10-01 23:33 389938 ----a-w- c:\windows\system32\perfh005.dat
2009-05-18 14:21 . 2009-01-08 18:43 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-17 20:02 . 2009-02-02 21:07 -------- d-----w- c:\program files\Opera
2009-05-17 14:46 . 2009-03-12 20:28 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-29 19:43 . 2009-04-29 19:43 -------- d-----w- c:\program files\DVD-RAM
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w- c:\program files\Common Files\Real
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w- c:\program files\Real
2009-04-28 19:53 . 2005-03-23 09:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-22 17:41 . 2009-04-22 14:26 -------- d-----w- c:\program files\FlashGet
2009-04-22 00:15 . 2009-03-31 16:13 -------- d-----w- c:\program files\StrongDC++
2009-04-20 15:13 . 2009-04-20 15:01 -------- d-----w- c:\program files\Common Files\Logitech
2009-04-20 15:13 . 2009-04-20 15:01 -------- d-----w- c:\program files\Logitech
2009-04-19 20:24 . 2009-04-19 20:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-04-19 20:24 . 2009-04-19 20:24 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-04-19 20:04 . 2009-04-19 20:04 -------- d-----w- c:\program files\Atari
2009-04-19 12:21 . 2009-04-19 12:21 -------- d-----w- c:\program files\Phone Remote Control
2009-04-14 21:38 . 2009-04-14 21:37 -------- d-----w- c:\program files\XP Codec Pack
2009-04-14 21:35 . 2009-02-21 21:45 -------- d-----w- c:\program files\DivX
2009-04-14 21:34 . 2009-01-11 02:41 -------- d-----w- c:\program files\AC3Filter
2009-04-14 21:24 . 2009-01-08 19:26 -------- d-----w- c:\program files\Gigabyte
2009-04-14 21:16 . 2009-01-29 22:13 -------- d-----w- c:\program files\CCleaner
2009-03-16 12:18 . 2009-04-14 21:47 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-14 21:47 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-14 21:47 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-14 21:47 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-07_08.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-07 15:22 . 2009-06-07 15:22 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat
+ 2009-06-07 15:23 . 2009-06-07 15:23 16384 c:\windows\Temp\Perflib_Perfdata_1320.dat
+ 2009-06-07 10:38 . 2009-06-07 10:38 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-06-07 10:43 . 2009-06-07 10:43 295606 c:\windows\Installer\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}\Burnout.exe
+ 2009-06-07 10:38 . 2009-06-07 10:38 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-06 11:17 . 2009-06-06 11:17 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-07 10:38 . 2009-06-07 10:38 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-08-06 23165736]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-28 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-18 1947928]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\ćtŘp n\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-6-6 534016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-18 16:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WellPhone XT Sagem"="c:\program files\SmartCom\WellPhone XT Sagem\wellphone2.exe" /background
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"d:\\Hry\\FarCry2\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Hry\\Activision\\CoDWaWmp.exe"=
"d:\\Hry\\Activision\\CoDWaW.exe"=
"d:\\Hry\\FarCry\\Bin32\\FarCry.exe"=
"d:\\Hry\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Hry\\FarCry2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Hry\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\totalcmd\TOTALCMD.EXE"= c:\program files\totalcmd\TOTALCMD.EXE:10.0.12.202/255.255.255.255:Enabled:Total Commander
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"d:\\Hry\\Tom Clancys HAWX\\HAWX.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"f:\\Hry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"f:\\Hry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"f:\\Hry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12:TCP"= 12:TCP:TEST
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [16.1.2009 2:57 2915944]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18.5.2009 18:43 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18.5.2009 18:43 108552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12.2.2009 20:42 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 12:23 16896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18.5.2009 18:42 298776]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SmartcomSCPService;SmartcomSCPService;c:\program files\Common Files\SmartCom\Services\SmartcomSCPService.exe [23.2.2009 23:08 64664]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12.2.2009 20:42 65576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 288112]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\drivers\UsbSagCom.sys [23.2.2009 22:46 51712]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {1CFB1C74-5BB6-466E-A3A7-A155D0EED1E9} = 80.188.178.129,80.188.178.132
FF - ProfilePath - c:\documents and settings\Štěpán\Data aplikací\Mozilla\Firefox\Profiles\v320s6gh.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessc:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 17:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\docume~1\TPN~1\LOCALS~1\Temp\etilqs_9cMW8G5V9sqM3nb
c:\docume~1\TPN~1\LOCALS~1\Temp\etilqs_NGg3Va3xswgDI3c

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6016)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\xampp\mysql\bin\mysqld-nt.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-07 17:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-07 15:28
ComboFix2.txt 2009-06-07 08:54

Před spuštěním: 6 477 934 592
Po spuštění: 6 365 351 936

313

KSSA · Příspěvekod **KSSA** » 07 čer 2009 17:48

Co je EAX4 Unified Redist?
Našel jsem ho v přidat a odebrat programy..?
A nepíše mi to u něj možnost Změnit nebo odinstalovat...

Damned · Příspěvekod **Damned** » 07 čer 2009 17:53

Po spuštění počítače se ti spouští i MagicDisk. Zakaž mu to v Nastavení.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\docume~1\TPN~1\LOCALS~1\Temp\etilqs_9cMW8G5V9sqM3nb
c:\docume~1\TPN~1\LOCALS~1\Temp\etilqs_NGg3Va3xswgDI3c

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

RAMASST

RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Re: RAMASST

Kdo je online