Zdravím,
už delší dobu mi NOD32 hlásí nákazu systému. Když zapnu kontrolu, tak mi sice najde nějakou havěť, ale nedokáže ji odstranit. Do karantény se mu to taky nechce moc dávat...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:48, on 23.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\David\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\David\Opera\opera.exe
D:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WEBIE.DLL
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WEBIE.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\David\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O4 - Global Startup: QuickTV.lnk.disabled
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.teplice.cz/activex/AxisCamControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Google Update Service (gupdate1c9a272f21f568) (gupdate1c9a272f21f568) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 12118 bytes
Prosím o kontrolu mého PC Vyřešeno
Prosím o kontrolu mého PC
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu mého PC
Odinstaluj:
AskTBar
free-downloads.net Toolbar
pdfforge Toolbar
Winamp Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
AskTBar
free-downloads.net Toolbar
pdfforge Toolbar
Winamp Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu mého PC
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3923
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
25.4.2010 18:50:27
mbam-log-2010-04-25 (18-50-18).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 133928
Uplynulý čas: 6 minute(s), 58 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Verze databáze: 3923
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
25.4.2010 18:50:27
mbam-log-2010-04-25 (18-50-18).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 133928
Uplynulý čas: 6 minute(s), 58 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu mého PC
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu mého PC
ComboFix 10-04-10.01 - davidek 10.04.2010 19:56:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1355 [GMT 2:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SET108E.tmp
c:\program files\Internet Explorer\SET1092.tmp
c:\program files\Internet Explorer\SET1093.tmp
c:\windows\eSellerateEngine.dll
c:\windows\system32\_003533_.tmp.dll
c:\windows\system32\_003534_.tmp.dll
c:\windows\system32\_003535_.tmp.dll
c:\windows\system32\_003536_.tmp.dll
c:\windows\system32\_003543_.tmp.dll
c:\windows\system32\_003544_.tmp.dll
c:\windows\system32\_003545_.tmp.dll
c:\windows\system32\_003547_.tmp.dll
c:\windows\system32\_003548_.tmp.dll
c:\windows\system32\_003551_.tmp.dll
c:\windows\system32\_003552_.tmp.dll
c:\windows\system32\_003554_.tmp.dll
c:\windows\system32\_003555_.tmp.dll
c:\windows\system32\_003556_.tmp.dll
c:\windows\system32\_003558_.tmp.dll
c:\windows\system32\_003561_.tmp.dll
c:\windows\system32\_003562_.tmp.dll
c:\windows\system32\_003566_.tmp.dll
c:\windows\system32\_003567_.tmp.dll
c:\windows\system32\_003569_.tmp.dll
c:\windows\system32\_003572_.tmp.dll
c:\windows\system32\_003574_.tmp.dll
c:\windows\system32\_003575_.tmp.dll
c:\windows\system32\_003576_.tmp.dll
c:\windows\system32\_003577_.tmp.dll
c:\windows\system32\_003580_.tmp.dll
c:\windows\system32\_003581_.tmp.dll
c:\windows\system32\_003582_.tmp.dll
c:\windows\system32\_003583_.tmp.dll
c:\windows\system32\_003584_.tmp.dll
c:\windows\system32\_003589_.tmp.dll
c:\windows\system32\_003591_.tmp.dll
c:\windows\system32\winlogon.bak
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.
2010-04-25 16:41 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 16:41 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 16:40 . 2010-04-25 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 14:46 . 2010-04-23 14:46 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-04-16 06:04 . 2010-04-16 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-07 14:57 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 12:48 . 2010-04-04 16:56 -------- d-----w- C:\25. hodina 2002.xvid.cz
2010-03-31 16:07 . 2009-02-21 07:03 53528 ----a-w- c:\windows\system32\pxc40pm.dll
2010-03-31 16:07 . 2010-03-31 16:07 -------- d-----w- c:\program files\Tracker Software
2010-03-29 13:17 . 2010-03-29 13:17 -------- d-----w- c:\program files\Application Updater
2010-03-29 13:17 . 2010-04-22 16:04 -------- d-----w- c:\program files\pdfforge Toolbar
2010-03-29 13:17 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-29 13:17 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-29 13:17 . 2010-03-29 13:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:30 . 2009-07-02 20:12 -------- d-----w- c:\program files\free-downloads.net
2010-04-16 20:26 . 2007-06-15 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Common Files\Real
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Real
2010-04-16 06:02 . 2007-06-15 16:21 -------- d-----w- c:\program files\Google
2010-04-12 16:46 . 2007-06-15 16:20 -------- d-----w- c:\program files\Java
2010-04-10 17:50 . 2003-04-16 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 17:50 . 2003-04-16 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 18:08 . 2008-12-06 18:45 -------- d-----w- c:\program files\Xvid
2010-03-11 12:36 . 2003-04-16 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-11-29 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-08-18 09:24 . 2010-01-11 08:24 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-07-06 19:14 . 2009-07-06 19:14 1401291 -c--a-w- c:\program files\MP4Cam2AVI_v2.71.zip
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 22:37 . 2008-12-06 22:37 7758115 -c--a-w- c:\program files\AVI_ReComp-1.3.0.zip
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-12-04 16:39 . 2008-12-04 16:39 402496 -c--a-w- c:\program files\subWizard.zip
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-29 19:36 . 2008-04-29 19:36 831434 -c--a-w- c:\program files\Converter.rar
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-16 17:44 . 2007-12-16 17:44 44074 -c--a-w- c:\program files\codec_xvid_ppc.zip
2007-12-16 16:11 . 2007-12-16 16:11 1474651 -c--a-w- c:\program files\smartmovie_ppc_lcg_3_31.zip
2007-12-16 16:04 . 2007-12-16 16:07 43797 -c--a-w- c:\program files\coremp4_ppc.zip
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:40 . 2007-10-13 20:40 5086965 -c--a-w- c:\program files\eMule0.48a-Sources.zip
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 120328 -c--a-w- c:\program files\VirtualDub.vdi
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2006-11-04 19:34 . 2008-05-06 19:37 210423 -c--a-w- c:\program files\VirtualDub.chm
2005-12-19 20:52 . 2008-05-06 19:37 18321 -c--a-w- c:\program files\copying
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-15 917504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\David\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\David\\Opera\\opera.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 21:44 721904]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 18:51 2368]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 23:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 23:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 23:40 13308]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 19:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 20:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 20:20 3768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
LSP: imon.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
Notify-dimsntfy - (no file)
AddRemove-SMail - c:\program files\Seznam\Postak\SMInstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 20:06
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqm.sys >>UNKNOWN [0x8A4C9938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba621b40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba511ba0
PacketIndicateHandler -> NDIS.sys @ 0xba51eb21
SendHandler -> NDIS.sys @ 0xba4fc87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):86,70,e5,1f,7e,e2,b3,da,74,e5,cb,b7,d4,1f,bb,9b,f8,2c,4c,d8,10,
b6,e1,26,86,6f,20,a2,53,90,5b,19,9d,3a,e5,7d,d8,1c,14,52,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{dd713ed4-0402-4b5c-ab6c-8de19dc9853f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(316)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 20:13:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 18:13
ComboFix2.txt 2009-01-01 18:18
Před spuštěním: 1 790 537 728
Po spuštění: 1 695 297 536
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - BC24162594F546B2AEBBE6A8344822C3
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1355 [GMT 2:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SET108E.tmp
c:\program files\Internet Explorer\SET1092.tmp
c:\program files\Internet Explorer\SET1093.tmp
c:\windows\eSellerateEngine.dll
c:\windows\system32\_003533_.tmp.dll
c:\windows\system32\_003534_.tmp.dll
c:\windows\system32\_003535_.tmp.dll
c:\windows\system32\_003536_.tmp.dll
c:\windows\system32\_003543_.tmp.dll
c:\windows\system32\_003544_.tmp.dll
c:\windows\system32\_003545_.tmp.dll
c:\windows\system32\_003547_.tmp.dll
c:\windows\system32\_003548_.tmp.dll
c:\windows\system32\_003551_.tmp.dll
c:\windows\system32\_003552_.tmp.dll
c:\windows\system32\_003554_.tmp.dll
c:\windows\system32\_003555_.tmp.dll
c:\windows\system32\_003556_.tmp.dll
c:\windows\system32\_003558_.tmp.dll
c:\windows\system32\_003561_.tmp.dll
c:\windows\system32\_003562_.tmp.dll
c:\windows\system32\_003566_.tmp.dll
c:\windows\system32\_003567_.tmp.dll
c:\windows\system32\_003569_.tmp.dll
c:\windows\system32\_003572_.tmp.dll
c:\windows\system32\_003574_.tmp.dll
c:\windows\system32\_003575_.tmp.dll
c:\windows\system32\_003576_.tmp.dll
c:\windows\system32\_003577_.tmp.dll
c:\windows\system32\_003580_.tmp.dll
c:\windows\system32\_003581_.tmp.dll
c:\windows\system32\_003582_.tmp.dll
c:\windows\system32\_003583_.tmp.dll
c:\windows\system32\_003584_.tmp.dll
c:\windows\system32\_003589_.tmp.dll
c:\windows\system32\_003591_.tmp.dll
c:\windows\system32\winlogon.bak
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.
2010-04-25 16:41 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 16:41 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 16:40 . 2010-04-25 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 14:46 . 2010-04-23 14:46 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-04-16 06:04 . 2010-04-16 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-07 14:57 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 12:48 . 2010-04-04 16:56 -------- d-----w- C:\25. hodina 2002.xvid.cz
2010-03-31 16:07 . 2009-02-21 07:03 53528 ----a-w- c:\windows\system32\pxc40pm.dll
2010-03-31 16:07 . 2010-03-31 16:07 -------- d-----w- c:\program files\Tracker Software
2010-03-29 13:17 . 2010-03-29 13:17 -------- d-----w- c:\program files\Application Updater
2010-03-29 13:17 . 2010-04-22 16:04 -------- d-----w- c:\program files\pdfforge Toolbar
2010-03-29 13:17 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-29 13:17 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-29 13:17 . 2010-03-29 13:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:30 . 2009-07-02 20:12 -------- d-----w- c:\program files\free-downloads.net
2010-04-16 20:26 . 2007-06-15 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Common Files\Real
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Real
2010-04-16 06:02 . 2007-06-15 16:21 -------- d-----w- c:\program files\Google
2010-04-12 16:46 . 2007-06-15 16:20 -------- d-----w- c:\program files\Java
2010-04-10 17:50 . 2003-04-16 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 17:50 . 2003-04-16 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 18:08 . 2008-12-06 18:45 -------- d-----w- c:\program files\Xvid
2010-03-11 12:36 . 2003-04-16 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-11-29 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-08-18 09:24 . 2010-01-11 08:24 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-07-06 19:14 . 2009-07-06 19:14 1401291 -c--a-w- c:\program files\MP4Cam2AVI_v2.71.zip
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 22:37 . 2008-12-06 22:37 7758115 -c--a-w- c:\program files\AVI_ReComp-1.3.0.zip
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-12-04 16:39 . 2008-12-04 16:39 402496 -c--a-w- c:\program files\subWizard.zip
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-29 19:36 . 2008-04-29 19:36 831434 -c--a-w- c:\program files\Converter.rar
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-16 17:44 . 2007-12-16 17:44 44074 -c--a-w- c:\program files\codec_xvid_ppc.zip
2007-12-16 16:11 . 2007-12-16 16:11 1474651 -c--a-w- c:\program files\smartmovie_ppc_lcg_3_31.zip
2007-12-16 16:04 . 2007-12-16 16:07 43797 -c--a-w- c:\program files\coremp4_ppc.zip
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:40 . 2007-10-13 20:40 5086965 -c--a-w- c:\program files\eMule0.48a-Sources.zip
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 120328 -c--a-w- c:\program files\VirtualDub.vdi
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2006-11-04 19:34 . 2008-05-06 19:37 210423 -c--a-w- c:\program files\VirtualDub.chm
2005-12-19 20:52 . 2008-05-06 19:37 18321 -c--a-w- c:\program files\copying
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-15 917504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\David\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\David\\Opera\\opera.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 21:44 721904]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 18:51 2368]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 23:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 23:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 23:40 13308]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 19:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 20:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 20:20 3768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
LSP: imon.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
Notify-dimsntfy - (no file)
AddRemove-SMail - c:\program files\Seznam\Postak\SMInstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 20:06
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqm.sys >>UNKNOWN [0x8A4C9938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba621b40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba511ba0
PacketIndicateHandler -> NDIS.sys @ 0xba51eb21
SendHandler -> NDIS.sys @ 0xba4fc87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):86,70,e5,1f,7e,e2,b3,da,74,e5,cb,b7,d4,1f,bb,9b,f8,2c,4c,d8,10,
b6,e1,26,86,6f,20,a2,53,90,5b,19,9d,3a,e5,7d,d8,1c,14,52,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{dd713ed4-0402-4b5c-ab6c-8de19dc9853f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(316)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 20:13:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 18:13
ComboFix2.txt 2009-01-01 18:18
Před spuštěním: 1 790 537 728
Po spuštění: 1 695 297 536
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - BC24162594F546B2AEBBE6A8344822C3
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Re: Prosím o kontrolu mého PC
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3923
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
1.4.2010 14:42:49
mbam-log-2010-04-01 (14-42-49).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 134726
Uplynulý čas: 9 minute(s), 8 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Verze databáze: 3923
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
1.4.2010 14:42:49
mbam-log-2010-04-01 (14-42-49).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 134726
Uplynulý čas: 9 minute(s), 8 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu mého PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\drivers\atapi.sys
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Folder::
c:\program files\pdfforge Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:0000000
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):86,70,e5,1f,7e,e2,b3,da,74,e5,cb,b7,d4,1f,bb,9b,f8,2c,4c,d8,10,
b6,e1,26,86,6f,20,a2,53,90,5b,19,9d,3a,e5,7d,d8,1c,14,52,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{dd713ed4-0402-4b5c-ab6c-8de19dc9853f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
KILLALL::
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\drivers\atapi.sys
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu mého PC
odkaz na test souboru atapi.sys ZDE
ComboFix 10-04-10.01 - davidek 10.04.2010 21:29:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1347 [GMT 2:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\davidek\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\components\config.ini
c:\program files\pdfforge Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\pdfforge Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\separator.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\1.1.2\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\SSFF\components\IFBHOSearch.xpt
c:\program files\pdfforge Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt
c:\program files\pdfforge Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
c:\program files\pdfforge Toolbar\SSFF\components\sscfg.ini
c:\program files\pdfforge Toolbar\SSFF\chrome.manifest
c:\program files\pdfforge Toolbar\SSFF\chrome\content\plugin.js
c:\program files\pdfforge Toolbar\SSFF\chrome\content\plugin.xul
c:\program files\pdfforge Toolbar\SSFF\chrome\content\protection.js
c:\program files\pdfforge Toolbar\SSFF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\pdfforge Toolbar\SSFF\chrome\skin\yahoo.xml
c:\program files\pdfforge Toolbar\SSFF\install.rdf
c:\program files\pdfforge Toolbar\WidgiHelper.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.
2010-04-25 16:41 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 16:41 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 16:40 . 2010-04-25 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 14:46 . 2010-04-23 14:46 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-04-16 06:04 . 2010-04-16 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-07 14:57 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 12:48 . 2010-04-04 16:56 -------- d-----w- C:\25. hodina 2002.xvid.cz
2010-03-31 16:07 . 2009-02-21 07:03 53528 ----a-w- c:\windows\system32\pxc40pm.dll
2010-03-31 16:07 . 2010-03-31 16:07 -------- d-----w- c:\program files\Tracker Software
2010-03-29 13:17 . 2010-03-29 13:17 -------- d-----w- c:\program files\Application Updater
2010-03-29 13:17 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-29 13:17 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-29 13:17 . 2010-03-29 13:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:30 . 2009-07-02 20:12 -------- d-----w- c:\program files\free-downloads.net
2010-04-16 20:26 . 2007-06-15 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Common Files\Real
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Real
2010-04-16 06:02 . 2007-06-15 16:21 -------- d-----w- c:\program files\Google
2010-04-12 16:46 . 2007-06-15 16:20 -------- d-----w- c:\program files\Java
2010-04-10 20:18 . 2003-04-16 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 20:18 . 2003-04-16 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 18:08 . 2008-12-06 18:45 -------- d-----w- c:\program files\Xvid
2010-03-11 12:36 . 2003-04-16 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-11-29 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-08-18 09:24 . 2010-01-11 08:24 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-07-06 19:14 . 2009-07-06 19:14 1401291 -c--a-w- c:\program files\MP4Cam2AVI_v2.71.zip
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 22:37 . 2008-12-06 22:37 7758115 -c--a-w- c:\program files\AVI_ReComp-1.3.0.zip
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-12-04 16:39 . 2008-12-04 16:39 402496 -c--a-w- c:\program files\subWizard.zip
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-29 19:36 . 2008-04-29 19:36 831434 -c--a-w- c:\program files\Converter.rar
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-16 17:44 . 2007-12-16 17:44 44074 -c--a-w- c:\program files\codec_xvid_ppc.zip
2007-12-16 16:11 . 2007-12-16 16:11 1474651 -c--a-w- c:\program files\smartmovie_ppc_lcg_3_31.zip
2007-12-16 16:04 . 2007-12-16 16:07 43797 -c--a-w- c:\program files\coremp4_ppc.zip
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:40 . 2007-10-13 20:40 5086965 -c--a-w- c:\program files\eMule0.48a-Sources.zip
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 120328 -c--a-w- c:\program files\VirtualDub.vdi
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2006-11-04 19:34 . 2008-05-06 19:37 210423 -c--a-w- c:\program files\VirtualDub.chm
2005-12-19 20:52 . 2008-05-06 19:37 18321 -c--a-w- c:\program files\copying
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-15 917504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\David\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\David\\Opera\\opera.exe"=
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 18:51 2368]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 23:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 23:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 23:40 13308]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 19:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 20:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 20:20 3768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 21:44 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
LSP: imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 22:14
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1180)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(1248)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2672)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 22:22:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 20:22
ComboFix2.txt 2010-04-10 18:13
ComboFix3.txt 2009-01-01 18:18
Před spuštěním: 1 745 436 672
Po spuštění: 1 704 058 880
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 321103F211E55ADA6B64C283CCFAFCAE
ComboFix 10-04-10.01 - davidek 10.04.2010 21:29:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1347 [GMT 2:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\davidek\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\components\config.ini
c:\program files\pdfforge Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\pdfforge Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\separator.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\1.1.2\config.ini
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\SSFF\components\IFBHOSearch.xpt
c:\program files\pdfforge Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt
c:\program files\pdfforge Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
c:\program files\pdfforge Toolbar\SSFF\components\sscfg.ini
c:\program files\pdfforge Toolbar\SSFF\chrome.manifest
c:\program files\pdfforge Toolbar\SSFF\chrome\content\plugin.js
c:\program files\pdfforge Toolbar\SSFF\chrome\content\plugin.xul
c:\program files\pdfforge Toolbar\SSFF\chrome\content\protection.js
c:\program files\pdfforge Toolbar\SSFF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\pdfforge Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\pdfforge Toolbar\SSFF\chrome\skin\yahoo.xml
c:\program files\pdfforge Toolbar\SSFF\install.rdf
c:\program files\pdfforge Toolbar\WidgiHelper.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.
2010-04-25 16:41 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 16:41 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 16:40 . 2010-04-25 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 14:46 . 2010-04-23 14:46 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-04-16 06:04 . 2010-04-16 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-07 14:57 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 12:48 . 2010-04-04 16:56 -------- d-----w- C:\25. hodina 2002.xvid.cz
2010-03-31 16:07 . 2009-02-21 07:03 53528 ----a-w- c:\windows\system32\pxc40pm.dll
2010-03-31 16:07 . 2010-03-31 16:07 -------- d-----w- c:\program files\Tracker Software
2010-03-29 13:17 . 2010-03-29 13:17 -------- d-----w- c:\program files\Application Updater
2010-03-29 13:17 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-29 13:17 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-29 13:17 . 2010-03-29 13:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:30 . 2009-07-02 20:12 -------- d-----w- c:\program files\free-downloads.net
2010-04-16 20:26 . 2007-06-15 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Common Files\Real
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Real
2010-04-16 06:02 . 2007-06-15 16:21 -------- d-----w- c:\program files\Google
2010-04-12 16:46 . 2007-06-15 16:20 -------- d-----w- c:\program files\Java
2010-04-10 20:18 . 2003-04-16 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 20:18 . 2003-04-16 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 18:08 . 2008-12-06 18:45 -------- d-----w- c:\program files\Xvid
2010-03-11 12:36 . 2003-04-16 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-11-29 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-08-18 09:24 . 2010-01-11 08:24 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-07-06 19:14 . 2009-07-06 19:14 1401291 -c--a-w- c:\program files\MP4Cam2AVI_v2.71.zip
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 22:37 . 2008-12-06 22:37 7758115 -c--a-w- c:\program files\AVI_ReComp-1.3.0.zip
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-12-04 16:39 . 2008-12-04 16:39 402496 -c--a-w- c:\program files\subWizard.zip
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-29 19:36 . 2008-04-29 19:36 831434 -c--a-w- c:\program files\Converter.rar
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-16 17:44 . 2007-12-16 17:44 44074 -c--a-w- c:\program files\codec_xvid_ppc.zip
2007-12-16 16:11 . 2007-12-16 16:11 1474651 -c--a-w- c:\program files\smartmovie_ppc_lcg_3_31.zip
2007-12-16 16:04 . 2007-12-16 16:07 43797 -c--a-w- c:\program files\coremp4_ppc.zip
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:40 . 2007-10-13 20:40 5086965 -c--a-w- c:\program files\eMule0.48a-Sources.zip
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 120328 -c--a-w- c:\program files\VirtualDub.vdi
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2006-11-04 19:34 . 2008-05-06 19:37 210423 -c--a-w- c:\program files\VirtualDub.chm
2005-12-19 20:52 . 2008-05-06 19:37 18321 -c--a-w- c:\program files\copying
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-15 917504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\David\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\David\\Opera\\opera.exe"=
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 18:51 2368]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 23:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 23:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 23:40 13308]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 19:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 20:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 20:20 3768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 21:44 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
LSP: imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 22:14
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1180)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(1248)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2672)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 22:22:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 20:22
ComboFix2.txt 2010-04-10 18:13
ComboFix3.txt 2009-01-01 18:18
Před spuštěním: 1 745 436 672
Po spuštění: 1 704 058 880
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 321103F211E55ADA6B64C283CCFAFCAE
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Re: Prosím o kontrolu mého PC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:24, on 10.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\David\Opera\opera.exe
D:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WEBIE.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\David\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O4 - Global Startup: QuickTV.lnk.disabled
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.teplice.cz/activex/AxisCamControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Google Update Service (gupdate1c9a272f21f568) (gupdate1c9a272f21f568) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9406 bytes
Scan saved at 22:32:24, on 10.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\David\Opera\opera.exe
D:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WEBIE.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\David\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O4 - Global Startup: QuickTV.lnk.disabled
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.teplice.cz/activex/AxisCamControl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Google Update Service (gupdate1c9a272f21f568) (gupdate1c9a272f21f568) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9406 bytes
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu mého PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu mého PC
ComboFix 10-04-10.01 - davidek 11.04.2010 15:41:15.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1344 [GMT 2:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\davidek\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.
2010-04-25 16:41 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 16:41 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 16:40 . 2010-04-25 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 14:46 . 2010-04-23 14:46 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-04-16 06:04 . 2010-04-16 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-07 14:57 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 12:48 . 2010-04-04 16:56 -------- d-----w- C:\25. hodina 2002.xvid.cz
2010-03-31 16:07 . 2009-02-21 07:03 53528 ----a-w- c:\windows\system32\pxc40pm.dll
2010-03-31 16:07 . 2010-03-31 16:07 -------- d-----w- c:\program files\Tracker Software
2010-03-29 13:17 . 2010-03-29 13:17 -------- d-----w- c:\program files\Application Updater
2010-03-29 13:17 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-29 13:17 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-29 13:17 . 2010-03-29 13:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:30 . 2009-07-02 20:12 -------- d-----w- c:\program files\free-downloads.net
2010-04-16 20:26 . 2007-06-15 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Common Files\Real
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Real
2010-04-16 06:02 . 2007-06-15 16:21 -------- d-----w- c:\program files\Google
2010-04-12 16:46 . 2007-06-15 16:20 -------- d-----w- c:\program files\Java
2010-04-11 11:26 . 2003-04-16 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 11:26 . 2003-04-16 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 18:08 . 2008-12-06 18:45 -------- d-----w- c:\program files\Xvid
2010-03-11 12:36 . 2003-04-16 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-11-29 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-08-18 09:24 . 2010-01-11 08:24 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-07-06 19:14 . 2009-07-06 19:14 1401291 -c--a-w- c:\program files\MP4Cam2AVI_v2.71.zip
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 22:37 . 2008-12-06 22:37 7758115 -c--a-w- c:\program files\AVI_ReComp-1.3.0.zip
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-12-04 16:39 . 2008-12-04 16:39 402496 -c--a-w- c:\program files\subWizard.zip
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-29 19:36 . 2008-04-29 19:36 831434 -c--a-w- c:\program files\Converter.rar
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-16 17:44 . 2007-12-16 17:44 44074 -c--a-w- c:\program files\codec_xvid_ppc.zip
2007-12-16 16:11 . 2007-12-16 16:11 1474651 -c--a-w- c:\program files\smartmovie_ppc_lcg_3_31.zip
2007-12-16 16:04 . 2007-12-16 16:07 43797 -c--a-w- c:\program files\coremp4_ppc.zip
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:40 . 2007-10-13 20:40 5086965 -c--a-w- c:\program files\eMule0.48a-Sources.zip
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 120328 -c--a-w- c:\program files\VirtualDub.vdi
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2006-11-04 19:34 . 2008-05-06 19:37 210423 -c--a-w- c:\program files\VirtualDub.chm
2005-12-19 20:52 . 2008-05-06 19:37 18321 -c--a-w- c:\program files\copying
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-15 917504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\David\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\David\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 18:51 2368]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 23:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 23:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 23:40 13308]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 19:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 20:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 20:20 3768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 21:44 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
LSP: imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 15:47
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1216)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(648)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-11 15:50:11
ComboFix-quarantined-files.txt 2010-04-11 13:50
ComboFix2.txt 2010-04-10 20:22
ComboFix3.txt 2010-04-10 18:13
ComboFix4.txt 2009-01-01 18:18
Před spuštěním: 1 711 235 072
Po spuštění: 1 670 397 952
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 4D69BF1956D8290D5B634DAFE0B7B674
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1344 [GMT 2:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\davidek\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.
2010-04-25 16:41 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 16:41 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 16:40 . 2010-04-25 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 14:46 . 2010-04-23 14:46 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-04-16 06:04 . 2010-04-16 06:04 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-07 14:57 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 12:48 . 2010-04-04 16:56 -------- d-----w- C:\25. hodina 2002.xvid.cz
2010-03-31 16:07 . 2009-02-21 07:03 53528 ----a-w- c:\windows\system32\pxc40pm.dll
2010-03-31 16:07 . 2010-03-31 16:07 -------- d-----w- c:\program files\Tracker Software
2010-03-29 13:17 . 2010-03-29 13:17 -------- d-----w- c:\program files\Application Updater
2010-03-29 13:17 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-29 13:17 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-29 13:17 . 2010-03-29 13:19 -------- d-----w- c:\program files\PDFCreator
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 14:30 . 2009-07-02 20:12 -------- d-----w- c:\program files\free-downloads.net
2010-04-16 20:26 . 2007-06-15 21:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Common Files\Real
2010-04-16 06:05 . 2008-06-02 21:53 -------- d-----w- c:\program files\Real
2010-04-16 06:02 . 2007-06-15 16:21 -------- d-----w- c:\program files\Google
2010-04-12 16:46 . 2007-06-15 16:20 -------- d-----w- c:\program files\Java
2010-04-11 11:26 . 2003-04-16 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 11:26 . 2003-04-16 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-01 18:08 . 2008-12-06 18:45 -------- d-----w- c:\program files\Xvid
2010-03-11 12:36 . 2003-04-16 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2009-11-29 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2003-04-16 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-08-18 09:24 . 2010-01-11 08:24 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-07-06 19:14 . 2009-07-06 19:14 1401291 -c--a-w- c:\program files\MP4Cam2AVI_v2.71.zip
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 22:37 . 2008-12-06 22:37 7758115 -c--a-w- c:\program files\AVI_ReComp-1.3.0.zip
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-12-04 16:39 . 2008-12-04 16:39 402496 -c--a-w- c:\program files\subWizard.zip
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-29 19:36 . 2008-04-29 19:36 831434 -c--a-w- c:\program files\Converter.rar
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-16 17:44 . 2007-12-16 17:44 44074 -c--a-w- c:\program files\codec_xvid_ppc.zip
2007-12-16 16:11 . 2007-12-16 16:11 1474651 -c--a-w- c:\program files\smartmovie_ppc_lcg_3_31.zip
2007-12-16 16:04 . 2007-12-16 16:07 43797 -c--a-w- c:\program files\coremp4_ppc.zip
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:40 . 2007-10-13 20:40 5086965 -c--a-w- c:\program files\eMule0.48a-Sources.zip
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 120328 -c--a-w- c:\program files\VirtualDub.vdi
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2006-11-04 19:34 . 2008-05-06 19:37 210423 -c--a-w- c:\program files\VirtualDub.chm
2005-12-19 20:52 . 2008-05-06 19:37 18321 -c--a-w- c:\program files\copying
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-06-15 917504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2005-06-20 446464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"DAEMON Tools Lite"="d:\david\DAEMON Tools Lite\daemon.exe" -autorun
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\David\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\David\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 18:51 2368]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 23:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 23:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 23:40 13308]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 19:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 20:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 20:20 3768]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 21:44 721904]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]
2010-04-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
LSP: imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 15:47
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1216)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(648)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-04-11 15:50:11
ComboFix-quarantined-files.txt 2010-04-11 13:50
ComboFix2.txt 2010-04-10 20:22
ComboFix3.txt 2010-04-10 18:13
ComboFix4.txt 2009-01-01 18:18
Před spuštěním: 1 711 235 072
Po spuštění: 1 670 397 952
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 4D69BF1956D8290D5B634DAFE0B7B674
ASUS M2NPV-VM (GeForce 6150) - AMD Sempron 3000+, Kingston 2x1GB DDR2
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
Samsung SyncMaster B2240W
Lenovo ThinkPad Edge 14
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu mého PC
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.teplice.cz/activex/AxisCamControl.cab
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 103 hostů