Promin, budu tu večer, mrknu na to.
Zatím
Stáhni http://rootrepeal.googlepages.com/RootRepeal.zip
-rozbal a spusť
- postupně udělej všechny záložky
-proběhne sken, po něm klikni na Save Report , tím se uloží log, který zkopíruješ sem
Hijack - prosím o kontrolu
-
simonides2000
- Level 1
- Příspěvky: 72
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Hijack - prosím o kontrolu
Nakonec jsem ještě Gmer nechal běžet přes noc, jako poslední zoufalou možnost, a do rána to proběhlo. Snad to proběhlo celé. Log jsem stačil uložit, takže posílám nejdříve log z rychlého skenu a pak z hloubkového.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-03 22:53:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\pxtdipow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 10:02:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7459E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF743ACDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF743AECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745A610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745A8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7458B14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745AD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745A0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF743A982]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6035380, 0x550AF5, 0xE8000020]
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB017D000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB01C1000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB01DD000, 0x8E, 0x42000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[696] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorA + 467 77E0523B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorA + 767 77E0553B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword + 110 77E0571B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword + 170 77E0577B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + CC 77E058BB 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + EC 77E058DB 1 Byte [31]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + 10C 77E058FB 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + 12C 77E0591B 1 Byte [FD]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + 14C 77E0593B 1 Byte [3C]
.text ...
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\BTHUSB \Device\000000a5 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a7 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158311ff51
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x55 0xCC 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xDC 0xAC 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x7B 0x9F 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8D 0x95 0xB5 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5A 0x67 0x06 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158311ff51 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x55 0xCC 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xDC 0xAC 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x7B 0x9F 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8D 0x95 0xB5 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5A 0x67 0x06 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x55 0xCC 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xDC 0xAC 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x7B 0x9F 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8D 0x95 0xB5 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5A 0x67 0x06 0xDB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94C
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-03 22:53:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\pxtdipow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 10:02:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Milan\LOCALS~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7459E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF743ACDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF743AECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF745A610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF745A8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7458B14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF745AD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF745A0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF743A982]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6035380, 0x550AF5, 0xE8000020]
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB017D000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB01C1000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB01DD000, 0x8E, 0x42000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[696] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorA + 467 77E0523B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorA + 767 77E0553B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword + 110 77E0571B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword + 170 77E0577B 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + CC 77E058BB 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + EC 77E058DB 1 Byte [31]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + 10C 77E058FB 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + 12C 77E0591B 1 Byte [FD]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!MSChapSrvChangePassword2 + 14C 77E0593B 1 Byte [3C]
.text ...
.text C:\WINDOWS\explorer.exe[3464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
Device \Driver\BTHUSB \Device\000000a5 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a7 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158311ff51
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x55 0xCC 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xDC 0xAC 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x7B 0x9F 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8D 0x95 0xB5 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5A 0x67 0x06 0xDB ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158311ff51 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x55 0xCC 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xDC 0xAC 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x7B 0x9F 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8D 0x95 0xB5 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5A 0x67 0x06 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x55 0xCC 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xDC 0xAC 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x52 0x7B 0x9F 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8D 0x95 0xB5 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x5A 0x67 0x06 0xDB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94C
---- EOF - GMER 1.0.15 ----
-
simonides2000
- Level 1
- Příspěvky: 72
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Hijack - prosím o kontrolu
Zasílám také log z RootRepeal (použil jsem hardware scan z úvodní nabídky, kdy se mě to ptalo zda chci použít jádro systému Windows, nebo harware scan), jak jsi požadovala v poslední zprávě (ani už nebudu psát, že jsem ho udělal až na potřetí, protože mi to dvakrát při skenu spadlo, že se mi zase odregistrovaly programy, padá mi např. také ICQ a jiné programy protože instrukce odkazují na paměť s kterou nelze provést operaci a podobné věci, které jsem popsal v mém úvodním příspěvku - co bych povídal.. :-) ) - no co to je za šmejda co tam někde vězí... 
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/04 12:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2300000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C3000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1DC4000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\K3MRCWL9.HW6\X7DMXN20.YAY\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\K3MRCWL9.HW6\X7DMXN20.YAY\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
SSDT
-------------------
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0f35
#: 003 Function Name: NtAccessCheckByType
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dac4a
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0fbc
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063fce4
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641e75
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641ebe
#: 009 Function Name: NtAddBootEntry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 010 Function Name: NtAdjustGroupsToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063f4a3
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0787
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806377ba
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805df8e8
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e462
#: 016 Function Name: NtAllocateUuids
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d8781
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7258
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e839e
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbcf
#: 022 Function Name: NtCancelIoFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc537
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0b65
#: 027 Function Name: NtCompactKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655d14
#: 028 Function Name: NtCompareTokens
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfff3
#: 030 Function Name: NtCompressKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655f83
#: 033 Function Name: NtCreateDebugObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806613c6
#: 034 Function Name: NtCreateDirectoryObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a976b
#: 036 Function Name: NtCreateEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650234
#: 038 Function Name: NtCreateIoCompletion
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805da665
#: 039 Function Name: NtCreateJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5cd6
#: 040 Function Name: NtCreateJobSet
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637c63
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7459e22
#: 042 Function Name: NtCreateMailslotFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6e7f
#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b4823
#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf743acdc
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf743aece
#: 049 Function Name: NtCreateProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650855
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e6e56
#: 055 Function Name: NtCreateToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a6ada
#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aa552
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80662541
#: 058 Function Name: NtDebugContinue
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8066269b
#: 059 Function Name: NtDelayExecution
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb07
#: 060 Function Name: NtDeleteAtom
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dcc8e
#: 061 Function Name: NtDeleteBootEntry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbcf
#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d54ac
#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf745a610
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641f15
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf745a8c4
#: 067 Function Name: NtDisplayString
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b5cd8
#: 070 Function Name: NtEnumerateBootEntries
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbbb
#: 074 Function Name: NtExtendSection
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062d419
#: 075 Function Name: NtFilterToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce473
#: 076 Function Name: NtFindAtom
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e26f2
#: 079 Function Name: NtFlushKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d93bb
#: 080 Function Name: NtFlushVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e8ab6
#: 081 Function Name: NtFlushWriteBuffer
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062ecc1
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e817
#: 085 Function Name: NtGetContextThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635741
#: 086 Function Name: NtGetDevicePowerState
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633c17
#: 090 Function Name: NtImpersonateClientOfPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfd66
#: 092 Function Name: NtInitializeRegistry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a9d25
#: 093 Function Name: NtInitiatePowerAction
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806339e3
#: 094 Function Name: NtIsProcessInJob
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637b17
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633bfe
#: 096 Function Name: NtListenPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a9b94
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a8f96
#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce7e5
#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce944
#: 100 Function Name: NtLockFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd05b
#: 101 Function Name: NtLockProductActivationKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdce7
#: 102 Function Name: NtLockRegistryKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c7155
#: 103 Function Name: NtLockVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ae0d5
#: 104 Function Name: NtMakePermanentObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e704c
#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7113
#: 106 Function Name: NtMapUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062dabe
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062df17
#: 109 Function Name: NtModifyBootEntry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbcf
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd2f2
#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e218f
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e1fa1
#: 115 Function Name: NtOpenEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650325
#: 117 Function Name: NtOpenIoCompletion
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806210d3
#: 118 Function Name: NtOpenJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637ebb
#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7458b14
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e9252
#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e71ca
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e1939
#: 131 Function Name: NtOpenTimer
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065015b
#: 133 Function Name: NtPowerInformation
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a43a4
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d88c7
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cd91a
#: 138 Function Name: NtPulseEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aa4aa
#: 140 Function Name: NtQueryBootEntryOrder
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 141 Function Name: NtQueryBootOptions
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 147 Function Name: NtQueryEaFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621320
#: 150 Function Name: NtQueryInformationAtom
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aa812
#: 153 Function Name: NtQueryInformationPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b0c5
#: 158 Function Name: NtQueryIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650d07
#: 159 Function Name: NtQueryIoCompletion
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621194
#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806556fc
#: 162 Function Name: NtQueryMutant
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065068e
#: 164 Function Name: NtQueryOpenSubKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655903
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621bd7
#: 168 Function Name: NtQuerySecurityObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9eae
#: 169 Function Name: NtQuerySemaphore
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f493
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fc0b
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fba5
#: 175 Function Name: NtQueryTimer
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3c32
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3b8d
#: 182 Function Name: NtRaiseHardError
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f1cf
#: 184 Function Name: NtReadFileScatter
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806224af
#: 185 Function Name: NtReadRequestData
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e050e
#: 188 Function Name: NtReleaseMutant
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb72
#: 191 Function Name: NtRemoveProcessDebug
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80662616
#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf745ad30
#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806564d8
#: 197 Function Name: NtReplyWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b1a4
#: 198 Function Name: NtRequestDeviceWakeup
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633b8b
#: 199 Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e94d0
#: 201 Function Name: NtRequestWakeupLatency
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633984
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065606d
#: 205 Function Name: NtResumeProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063775a
#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065616e
#: 208 Function Name: NtSaveKeyEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656259
#: 209 Function Name: NtSaveMergedKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656386
#: 211 Function Name: NtSetBootEntryOrder
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 212 Function Name: NtSetBootOptions
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635967
#: 214 Function Name: NtSetDebugFilterState
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80663ff6
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805afd61
#: 216 Function Name: NtSetDefaultLocale
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6343
#: 217 Function Name: NtSetDefaultUILanguage
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d62ea
#: 218 Function Name: NtSetEaFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621867
#: 221 Function Name: NtSetHighEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650619
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065053d
#: 223 Function Name: NtSetInformationDebugObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661fb7
#: 225 Function Name: NtSetInformationJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5e2a
#: 226 Function Name: NtSetInformationKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065525f
#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a6174
#: 231 Function Name: NtSetIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650833
#: 233 Function Name: NtSetLdtEntries
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80636673
#: 234 Function Name: NtSetLowEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806505af
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806504cb
#: 236 Function Name: NtSetQuotaInformationFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621baf
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9caf
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fea8
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fba5
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aabc8
#: 242 Function Name: NtSetSystemTime
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064ee83
#: 243 Function Name: NtSetThreadExecutionState
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb0b7
#: 245 Function Name: NtSetTimerResolution
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb37e
#: 246 Function Name: NtSetUuidSeed
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdac6
#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf745a0e2
#: 248 Function Name: NtSetVolumeInformationFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806220ed
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064e5cf
#: 251 Function Name: NtStartProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650a9c
#: 252 Function Name: NtStopProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650c55
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806376ff
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063761b
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650db5
#: 256 Function Name: NtTerminateJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063802d
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf743a982
#: 261 Function Name: NtTranslateFilePath
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbf7
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806247a0
#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654dd6
#: 264 Function Name: NtUnloadKeyEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654fff
#: 265 Function Name: NtUnlockFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd1bb
#: 266 Function Name: NtUnlockVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062ed35
#: 268 Function Name: NtVdmControl
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ad706
#: 269 Function Name: NtWaitForDebugEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661d00
#: 270 Function Name: NtWaitForMultipleObjects
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056ec4d
#: 272 Function Name: NtWaitHighEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650461
#: 273 Function Name: NtWaitLowEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806503f7
#: 275 Function Name: NtWriteFileGather
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc824
#: 276 Function Name: NtWriteRequestData
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0592
#: 279 Function Name: NtCreateKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c291a
#: 281 Function Name: NtReleaseKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80651229
#: 282 Function Name: NtWaitForKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80651494
#: 283 Function Name: NtQueryPortInformationProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80634f75
==EOF==
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/08/04 12:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2300000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C3000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1DC4000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\K3MRCWL9.HW6\X7DMXN20.YAY\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\K3MRCWL9.HW6\X7DMXN20.YAY\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
SSDT
-------------------
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0f35
#: 003 Function Name: NtAccessCheckByType
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dac4a
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0fbc
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063fce4
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641e75
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641ebe
#: 009 Function Name: NtAddBootEntry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 010 Function Name: NtAdjustGroupsToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063f4a3
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0787
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806377ba
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805df8e8
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e462
#: 016 Function Name: NtAllocateUuids
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d8781
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7258
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e839e
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbcf
#: 022 Function Name: NtCancelIoFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc537
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0b65
#: 027 Function Name: NtCompactKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655d14
#: 028 Function Name: NtCompareTokens
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfff3
#: 030 Function Name: NtCompressKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655f83
#: 033 Function Name: NtCreateDebugObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806613c6
#: 034 Function Name: NtCreateDirectoryObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a976b
#: 036 Function Name: NtCreateEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650234
#: 038 Function Name: NtCreateIoCompletion
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805da665
#: 039 Function Name: NtCreateJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5cd6
#: 040 Function Name: NtCreateJobSet
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637c63
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7459e22
#: 042 Function Name: NtCreateMailslotFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6e7f
#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b4823
#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf743acdc
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf743aece
#: 049 Function Name: NtCreateProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650855
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e6e56
#: 055 Function Name: NtCreateToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a6ada
#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aa552
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80662541
#: 058 Function Name: NtDebugContinue
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8066269b
#: 059 Function Name: NtDelayExecution
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb07
#: 060 Function Name: NtDeleteAtom
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dcc8e
#: 061 Function Name: NtDeleteBootEntry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbcf
#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d54ac
#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf745a610
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641f15
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf745a8c4
#: 067 Function Name: NtDisplayString
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b5cd8
#: 070 Function Name: NtEnumerateBootEntries
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbbb
#: 074 Function Name: NtExtendSection
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062d419
#: 075 Function Name: NtFilterToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce473
#: 076 Function Name: NtFindAtom
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e26f2
#: 079 Function Name: NtFlushKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d93bb
#: 080 Function Name: NtFlushVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e8ab6
#: 081 Function Name: NtFlushWriteBuffer
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062ecc1
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e817
#: 085 Function Name: NtGetContextThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635741
#: 086 Function Name: NtGetDevicePowerState
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633c17
#: 090 Function Name: NtImpersonateClientOfPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfd66
#: 092 Function Name: NtInitializeRegistry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a9d25
#: 093 Function Name: NtInitiatePowerAction
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806339e3
#: 094 Function Name: NtIsProcessInJob
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637b17
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633bfe
#: 096 Function Name: NtListenPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a9b94
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a8f96
#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce7e5
#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce944
#: 100 Function Name: NtLockFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd05b
#: 101 Function Name: NtLockProductActivationKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdce7
#: 102 Function Name: NtLockRegistryKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c7155
#: 103 Function Name: NtLockVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ae0d5
#: 104 Function Name: NtMakePermanentObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e704c
#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7113
#: 106 Function Name: NtMapUserPhysicalPages
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062dabe
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062df17
#: 109 Function Name: NtModifyBootEntry
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbcf
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd2f2
#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e218f
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e1fa1
#: 115 Function Name: NtOpenEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650325
#: 117 Function Name: NtOpenIoCompletion
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806210d3
#: 118 Function Name: NtOpenJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637ebb
#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7458b14
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e9252
#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e71ca
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e1939
#: 131 Function Name: NtOpenTimer
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065015b
#: 133 Function Name: NtPowerInformation
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a43a4
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d88c7
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cd91a
#: 138 Function Name: NtPulseEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aa4aa
#: 140 Function Name: NtQueryBootEntryOrder
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 141 Function Name: NtQueryBootOptions
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 147 Function Name: NtQueryEaFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621320
#: 150 Function Name: NtQueryInformationAtom
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aa812
#: 153 Function Name: NtQueryInformationPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b0c5
#: 158 Function Name: NtQueryIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650d07
#: 159 Function Name: NtQueryIoCompletion
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621194
#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806556fc
#: 162 Function Name: NtQueryMutant
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065068e
#: 164 Function Name: NtQueryOpenSubKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655903
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621bd7
#: 168 Function Name: NtQuerySecurityObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9eae
#: 169 Function Name: NtQuerySemaphore
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f493
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fc0b
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fba5
#: 175 Function Name: NtQueryTimer
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3c32
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3b8d
#: 182 Function Name: NtRaiseHardError
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f1cf
#: 184 Function Name: NtReadFileScatter
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806224af
#: 185 Function Name: NtReadRequestData
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e050e
#: 188 Function Name: NtReleaseMutant
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb72
#: 191 Function Name: NtRemoveProcessDebug
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80662616
#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf745ad30
#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806564d8
#: 197 Function Name: NtReplyWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b1a4
#: 198 Function Name: NtRequestDeviceWakeup
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633b8b
#: 199 Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e94d0
#: 201 Function Name: NtRequestWakeupLatency
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633984
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065606d
#: 205 Function Name: NtResumeProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063775a
#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065616e
#: 208 Function Name: NtSaveKeyEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656259
#: 209 Function Name: NtSaveMergedKeys
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656386
#: 211 Function Name: NtSetBootEntryOrder
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 212 Function Name: NtSetBootOptions
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbe3
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635967
#: 214 Function Name: NtSetDebugFilterState
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80663ff6
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805afd61
#: 216 Function Name: NtSetDefaultLocale
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6343
#: 217 Function Name: NtSetDefaultUILanguage
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d62ea
#: 218 Function Name: NtSetEaFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621867
#: 221 Function Name: NtSetHighEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650619
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065053d
#: 223 Function Name: NtSetInformationDebugObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661fb7
#: 225 Function Name: NtSetInformationJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5e2a
#: 226 Function Name: NtSetInformationKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065525f
#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805a6174
#: 231 Function Name: NtSetIntervalProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650833
#: 233 Function Name: NtSetLdtEntries
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80636673
#: 234 Function Name: NtSetLowEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806505af
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806504cb
#: 236 Function Name: NtSetQuotaInformationFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621baf
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9caf
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fea8
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fba5
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805aabc8
#: 242 Function Name: NtSetSystemTime
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064ee83
#: 243 Function Name: NtSetThreadExecutionState
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb0b7
#: 245 Function Name: NtSetTimerResolution
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb37e
#: 246 Function Name: NtSetUuidSeed
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdac6
#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf745a0e2
#: 248 Function Name: NtSetVolumeInformationFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806220ed
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064e5cf
#: 251 Function Name: NtStartProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650a9c
#: 252 Function Name: NtStopProfile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650c55
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806376ff
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063761b
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650db5
#: 256 Function Name: NtTerminateJobObject
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063802d
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf743a982
#: 261 Function Name: NtTranslateFilePath
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbf7
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806247a0
#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654dd6
#: 264 Function Name: NtUnloadKeyEx
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654fff
#: 265 Function Name: NtUnlockFile
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd1bb
#: 266 Function Name: NtUnlockVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062ed35
#: 268 Function Name: NtVdmControl
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ad706
#: 269 Function Name: NtWaitForDebugEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661d00
#: 270 Function Name: NtWaitForMultipleObjects
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056ec4d
#: 272 Function Name: NtWaitHighEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650461
#: 273 Function Name: NtWaitLowEventPair
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806503f7
#: 275 Function Name: NtWriteFileGather
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc824
#: 276 Function Name: NtWriteRequestData
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0592
#: 279 Function Name: NtCreateKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c291a
#: 281 Function Name: NtReleaseKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80651229
#: 282 Function Name: NtWaitForKeyedEvent
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80651494
#: 283 Function Name: NtQueryPortInformationProcess
Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80634f75
==EOF==
-
simonides2000
- Level 1
- Příspěvky: 72
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Hijack - prosím o kontrolu
Soubor čistý... Instalační CD mám. To jedno je ale s SP2, co jsem zakoupil, takže všechno doinstalovávám a druhé mám s SP3, ale trochu upravené s implementací některých prvků a stejně doinstalovávám a aktualizuji drivery a pod. Ale instalačky mám.
Soubor ACEDRV07.sys přijatý 2010.08.04 19:14:02 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Soubor ACEDRV07.sys přijatý 2010.08.04 19:14:02 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Re: Hijack - prosím o kontrolu
Zatím nevím, ale asi nám nic jiného nezbyde. Nic tam nevidím .
Používáš Tune Up utilities?
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
.Používáš Tune Up utilities?
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
-
simonides2000
- Level 1
- Příspěvky: 72
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Hijack - prosím o kontrolu
Reinstalu bych se chtěl opravdu mermomocí vyhnout... Copak instalace - tu mám hotovou za 20 minut, ale dát tam vše potřebné zpět... To je pro mne otázka minimálně týdne a to ještě pokud bych pracoval 24 hodin denně.. TU jsem používal, ale přibližně před dvěma týdny jsem ho odinstaloval, protože mi tam dělal bordel. Teď si maně vzpomínám, že počítač začal dělat neplechu po tom, co jsem prováděl operace s TU... Celé se to nějak po.... Tak hned potom jsem ho odinstaloval, protože něco podobného mi dělal i při předminulé kontrole... Ani ohlasy na něj nejsou zrovna nejlepší.. Ale nějakou příčinnou souvislost moc nevidím... Ten AVP stahuji a udělám to hned...Má to 70 MB... asi to potrvá to udělat...
Copak instalace - tu mám hotovou za 20 minut, ale dát tam vše potřebné zpět... To je pro mne otázka minimálně týdne a to ještě pokud bych pracoval 24 hodin denně.. TU jsem používal, ale přibližně před dvěma týdny jsem ho odinstaloval, protože mi tam dělal bordel. Teď si maně vzpomínám, že počítač začal dělat neplechu po tom, co jsem prováděl operace s TU... Celé se to nějak po.... Tak hned potom jsem ho odinstaloval, protože něco podobného mi dělal i při předminulé kontrole... Ani ohlasy na něj nejsou zrovna nejlepší.. Ale nějakou příčinnou souvislost moc nevidím... Ten AVP stahuji a udělám to hned...Má to 70 MB... asi to potrvá to udělat...Re: Hijack - prosím o kontrolu
Avptool je tak na celou noc .
Bohužel, tune up může dělat problémy
, pokud nějak rozhasil systém .
Zkusíme pak ještě jednu opravu
.Bohužel, tune up může dělat problémy
, pokud nějak rozhasil systém .Zkusíme pak ještě jednu opravu
-
simonides2000
- Level 1
- Příspěvky: 72
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Hijack - prosím o kontrolu
Mně bohužel nejde AVPtool vůbec nainstalovat... nejdříve se mi objeví tabulka, že je doporučena instalace v bezpečném módu a pak když pokračuje, tak po třičtvrtine se mi to zasekne na jednom souboru a dál mne to nepustí... Nevím, co přesně myslí bezpečným módem... zkusil jsem to nainstalovat v normálním módu, v poslední známé konfiguraci, v režimu nouze - nikde se mi to nepovedlo.... Chápu, že by mi TU rizhasil systém, ale jakým způsobem by mi tam dodal nějaký sajrajt, nebo službu, která by mi bortila systém.... Takže AVP zatím nic... beru jakoukoli jinou opravu...
Chápu, že by mi TU rizhasil systém, ale jakým způsobem by mi tam dodal nějaký sajrajt, nebo službu, která by mi bortila systém.... Takže AVP zatím nic... beru jakoukoli jinou opravu... Re: Hijack - prosím o kontrolu
Podle Rootrepealu je tam pořád ovladač od tune up.
Nevím, ten program nepoužívám, jen vím že občas může takto ublížit.
Prosím Tě spust znovu combofix, jen si něco ověřím a zítra vymyslím tu opravu.
Ale stejně si pro jistotu zazálohuj data.
Nevím, ten program nepoužívám, jen vím že občas může takto ublížit.
Prosím Tě spust znovu combofix, jen si něco ověřím a zítra vymyslím tu opravu.
Ale stejně si pro jistotu zazálohuj data.
-
simonides2000
- Level 1
- Příspěvky: 72
- Registrován: srpen 09
- Pohlaví:
- Stav:
Offline
Re: Hijack - prosím o kontrolu
TuneUp je opravdu šílený program... má spoustu funkcí a možností, ale v sobě má implementován snad nějaký červ nebo co... Přišel jsem na to dost pozdě.... Nebrat v žádném případě.. !! Jinak jsem v registrech při ruční kontrole našel ještě 4 klíče TU, tak jsem je smáznul. Udělal jsem sken programem Advanced System Care. Nabídnul mi spoustu oprav (jenom ve službách asi 15) a kromě toho jsem v tomto programu udělal analyzér bezpečnosti. Náhled posílám pro ilustraci a log z této analýzy posílám taky. Je kompatibilní s logem Hijack, tak možná z něj něco vyčteš. A na konci posílám log z Combofixu. Zkus se na to podívat a dopoledne tu zase budu.
LOG ADVANCED SYSTEM CARE
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 23:36:40, on 4.8.2010
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v6.0 (6.0.2800.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translat\WEBIE.DLL
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint
O3 - Toolbar: - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translat\WEBIE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [Namedate] C:\Program Files\Nezmeskej\nezmeskej.exe s s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} -
O9 - Extra button: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
O9 - Extra button: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
O9 - Extra button: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4096294281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} (Java Plug-in 1.4.2_11) - http://java.sun.com/products/plugin/aut ... s-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: BlueSoleil Hid Service - Unknown - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ec57704d342c) (gupdate1c9ec57704d342c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Nepřerušitelný zdroj napájení (UPS) (UPS) - Unknown - C:\WINDOWS\System32\ups.exe
LOG COMBOFIX
ComboFix 10-08-02.03 - Milan 04.08.2010 23:41:09.6.2 - x86
Spuštěný z: c:\documents and settings\Milan\Plocha\xyz.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.
2010-08-04 21:40 . 2010-08-04 21:40 -------- d-----w- c:\windows\LastGood
2010-08-04 20:50 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\34391222.sys
2010-08-04 20:50 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3439122.sys
2010-08-04 20:50 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\34391221.sys
2010-08-04 20:37 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\37473412.sys
2010-08-04 20:37 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3747341.sys
2010-08-04 20:37 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\37473411.sys
2010-08-04 20:29 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\34811722.sys
2010-08-04 20:29 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3481172.sys
2010-08-04 20:29 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\34811721.sys
2010-08-04 20:23 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\39167702.sys
2010-08-04 20:23 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3916770.sys
2010-08-04 20:23 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\39167701.sys
2010-08-03 14:49 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-08-03 14:49 . 2010-08-03 14:49 -------- d-----w- c:\program files\VS Revo Group
2010-08-03 09:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 09:05 . 2010-08-03 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 09:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 20:33 . 2010-08-02 20:34 -------- d-----w- C:\rsit
2010-08-02 20:23 . 2010-08-02 20:27 -------- d-----w- C:\xyz26423x
2010-08-02 19:16 . 2010-08-02 19:44 -------- d-----w- c:\program files\HiJack
2010-07-26 20:58 . 2010-07-26 21:08 -------- d-----w- c:\program files\NirSoft
2010-07-25 16:49 . 2010-07-25 16:59 -------- d-----w- C:\xyz
2010-07-25 16:28 . 2010-07-25 16:28 -------- d-----w- c:\program files\Common Files\Skype
2010-07-25 13:25 . 2001-10-24 10:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-07-25 13:24 . 2008-04-14 11:00 543232 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2010-07-25 13:23 . 2010-07-25 13:23 -------- d-----w- c:\windows\system32\URTTEMP
2010-07-25 13:22 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-25 13:22 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-25 13:22 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-25 13:22 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-25 13:21 . 2008-04-14 11:00 726590 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2010-07-25 13:21 . 2008-04-14 11:00 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2010-07-25 13:21 . 2008-04-14 11:00 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2010-07-25 13:19 . 2010-07-25 13:19 -------- d-----w- c:\windows\system32\winrm
2010-07-25 13:18 . 2010-01-14 15:06 158720 ----a-w- c:\windows\system32\rdpinit.exe
2010-07-25 13:18 . 2010-01-14 15:07 45056 ----a-w- c:\windows\system32\winlogonnotification.dll
2010-07-25 13:18 . 2010-01-14 15:07 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-07-25 13:18 . 2010-01-14 15:07 12800 ----a-w- c:\windows\system32\wksprtps.dll
2010-07-25 13:18 . 2010-01-14 15:06 134144 ----a-w- c:\windows\system32\tspubwmi.dll
2010-07-25 13:18 . 2010-01-14 15:06 243200 ----a-w- c:\windows\system32\rdpshell.exe
2010-07-25 13:18 . 2010-01-14 15:06 46080 ----a-w- c:\windows\system32\tswbprxy.exe
2010-07-25 13:18 . 2010-01-14 15:04 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-07-25 13:18 . 2008-04-14 11:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-07-25 13:18 . 2008-05-02 08:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-07-25 13:17 . 2010-07-25 13:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-07-25 13:14 . 2008-04-14 05:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-07-25 13:14 . 2008-04-14 05:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-25 13:14 . 2008-04-14 05:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:20 . 2008-10-29 15:46 -------- d-----w- c:\program files\Spyware Doctor
2010-07-31 21:11 . 2010-06-30 20:31 72 ---h--w- c:\windows\popcreg.dat
2010-07-31 21:11 . 2010-06-30 20:31 24 ----a-w- c:\windows\popcinfot.dat
2010-07-27 12:25 . 2010-01-01 00:12 -------- d-----w- c:\program files\Replay Media Catcher
2010-07-26 13:35 . 2009-03-10 13:58 -------- d-----w- c:\program files\ICQ6.5
2010-07-25 13:20 . 2009-12-11 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 09:25 . 2008-10-15 18:06 -------- d-----w- c:\program files\Banka
2010-06-27 10:09 . 2009-02-07 23:33 -------- d-----w- c:\program files\Rapidshare
2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Google Chrome Backup
2010-06-23 12:49 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 12:49 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 11:12 . 2009-02-08 13:26 -------- d-----w- c:\program files\Share Rapid Uploader
2010-06-17 22:20 . 2010-06-17 22:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-17 16:44 . 2009-08-01 10:48 -------- d-----w- c:\program files\Opera
2010-06-16 10:04 . 2010-06-16 10:04 -------- d-----w- c:\program files\ESET
2010-06-13 18:24 . 2010-06-13 18:22 -------- d-----w- c:\program files\Sony
2010-06-13 18:22 . 2008-10-15 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 18:15 . 2010-01-01 00:18 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-13 18:15 . 2010-01-01 00:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-13 18:15 . 2010-01-01 00:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-06-08 21:43 . 2008-10-16 10:58 -------- d-----w- c:\program files\DreamCom
2009-08-03 21:02 . 2009-08-03 21:02 81 --sh--r- c:\windows\CT4CET.bin
2008-11-30 20:04 . 2008-11-30 20:04 23 -csha-w- c:\windows\system32\fdcebf2_z.dll
.
------- Sigcheck -------
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Namedate"="c:\program files\Nezmeskej\nezmeskej.exe" [2007-05-01 923136]
"Google Update"="c:\documents and settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-08-03 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 11:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-04-07 19:07 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 13:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
2007-05-01 10:00 923136 ----a-w- c:\program files\Nezmeskej\nezmeskej.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 13:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29 729088 -c--a-r- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-03 07:52 16841216 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 14:55 339968 ------w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-08 00:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
2008-10-22 18:57 28672 ----a-w- c:\program files\Vyčistit Počítač\UUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vs]
2008-06-24 13:21 28672 ----a-w- c:\program files\Vyčistit Soubory\UUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 12:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\Milan\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9ec57704d342c;Google Update Service (gupdate1c9ec57704d342c);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 133104]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-02-04 26224]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-26 721904]
S0 34391222;34391222 Boot Guard Driver;c:\windows\system32\DRIVERS\34391222.sys [2009-10-22 37392]
S0 37473412;37473412 Boot Guard Driver;c:\windows\system32\DRIVERS\37473412.sys [2009-10-22 37392]
S0 39167702;39167702 Boot Guard Driver;c:\windows\system32\DRIVERS\39167702.sys [2009-10-22 37392]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 34391221;34391221;c:\windows\system32\DRIVERS\34391221.sys [2009-09-25 128016]
S1 34811721;34811721;c:\windows\system32\DRIVERS\34811721.sys [2009-09-25 128016]
S1 34811722;34811722 Boot Guard Driver;c:\windows\system32\DRIVERS\34811722.sys [2009-10-22 37392]
S1 37473411;37473411;c:\windows\system32\DRIVERS\37473411.sys [2009-09-25 128016]
S1 39167701;39167701;c:\windows\system32\DRIVERS\39167701.sys [2009-09-25 128016]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S1 setup_9.0.0.722_04.08.2010_21-22drv;setup_9.0.0.722_04.08.2010_21-22drv;c:\windows\system32\DRIVERS\3439122.sys [2009-10-09 315408]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2004-10-18 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2004-10-18 34789]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-08-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-18 18:44]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = https://register.scansoft.com/form-eng. ... H08-001002
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 23:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94CDB5857A359AC78A869E5D4064D655D0D77BBF0BACA420D0AE6B02B94557CCC85B016D62953C62DEB4C5C0D32CC14D955606B56ABC74F98468742A34334278E57D1BC666D99533737A9842A18740B71192B3AD85E4AD094CCF3AD1953DF18CA330B2A2EFE29DF82CCD5B36CE9F6A6274997DDA5CB9AF4E45AA8930DC81AA5BAD908AD61CF99D75E1436733B508B021E39CF036A835ACCC8162C43BBE02073922E17A00BB4933EFDF192815E4B255CC79EE307A55B4AE8D098662B3A3A57100938CEDF85561D0B3E62E9E7B9EF96EBFC10C6FA98279901F54C66D98A9362C8F8A9AE36721343C8DA9875DC7DA19685A3D0FF8080229820FD0F9032E1FE24C4780B9EE2F8E1B8D5251CB0EA244AF008062B7289BDC4D0875621B56008ABEB90D65BE38F93F5034D67A476DF53744C919986D70324FD3F867DDC5ADD9A23E314B9C9FF8B706737177B2EACAF1C73EAB903D38D55B470C80058D3E62CCD4BCC4EE7C77811AEE87DB1180C90B0A3C69E0D5A1C4726BE8AC9EECAF6864AEC279576B4F04B416B6745B085B9AA6748FF678DC8BE3737A8A50A7437550B3183E15A2B355A98A664F05AF412EBB28AB6F7B531EB28A99E43A7243328522E766529733C2416F8E0B5C6969A8D9ABB170BE6EA914C5D1B9CAB4F56DE57AB02B3A3BE9EA173A7F5EC2BA34EE2CB20EF6C593AC073E64763E10701FF48E6071BCF9675C7CB1DBA9"
.
Celkový čas: 2010-08-04 23:47:03
ComboFix-quarantined-files.txt 2010-08-04 21:47
ComboFix2.txt 2010-08-03 09:01
Před spuštěním: Volných bajtů: 108 983 746 560
Po spuštění: Volných bajtů: 113 729 343 488
- - End Of File - - 6956CFF2995EC6CAA91CFC024B7084BC
LOG ADVANCED SYSTEM CARE
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 23:36:40, on 4.8.2010
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v6.0 (6.0.2800.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translat\WEBIE.DLL
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint
O3 - Toolbar: - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translat\WEBIE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [Namedate] C:\Program Files\Nezmeskej\nezmeskej.exe s s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} -
O9 - Extra button: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
O9 - Extra button: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
O9 - Extra button: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4096294281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} (Java Plug-in 1.4.2_11) - http://java.sun.com/products/plugin/aut ... s-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: BlueSoleil Hid Service - Unknown - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ec57704d342c) (gupdate1c9ec57704d342c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Nepřerušitelný zdroj napájení (UPS) (UPS) - Unknown - C:\WINDOWS\System32\ups.exe
LOG COMBOFIX
ComboFix 10-08-02.03 - Milan 04.08.2010 23:41:09.6.2 - x86
Spuštěný z: c:\documents and settings\Milan\Plocha\xyz.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.
2010-08-04 21:40 . 2010-08-04 21:40 -------- d-----w- c:\windows\LastGood
2010-08-04 20:50 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\34391222.sys
2010-08-04 20:50 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3439122.sys
2010-08-04 20:50 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\34391221.sys
2010-08-04 20:37 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\37473412.sys
2010-08-04 20:37 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3747341.sys
2010-08-04 20:37 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\37473411.sys
2010-08-04 20:29 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\34811722.sys
2010-08-04 20:29 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3481172.sys
2010-08-04 20:29 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\34811721.sys
2010-08-04 20:23 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\39167702.sys
2010-08-04 20:23 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3916770.sys
2010-08-04 20:23 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\39167701.sys
2010-08-03 14:49 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-08-03 14:49 . 2010-08-03 14:49 -------- d-----w- c:\program files\VS Revo Group
2010-08-03 09:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-03 09:05 . 2010-08-03 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 09:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 20:33 . 2010-08-02 20:34 -------- d-----w- C:\rsit
2010-08-02 20:23 . 2010-08-02 20:27 -------- d-----w- C:\xyz26423x
2010-08-02 19:16 . 2010-08-02 19:44 -------- d-----w- c:\program files\HiJack
2010-07-26 20:58 . 2010-07-26 21:08 -------- d-----w- c:\program files\NirSoft
2010-07-25 16:49 . 2010-07-25 16:59 -------- d-----w- C:\xyz
2010-07-25 16:28 . 2010-07-25 16:28 -------- d-----w- c:\program files\Common Files\Skype
2010-07-25 13:25 . 2001-10-24 10:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-07-25 13:24 . 2008-04-14 11:00 543232 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2010-07-25 13:23 . 2010-07-25 13:23 -------- d-----w- c:\windows\system32\URTTEMP
2010-07-25 13:22 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-25 13:22 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-25 13:22 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-25 13:22 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-25 13:21 . 2008-04-14 11:00 726590 -c--a-w- c:\windows\system32\dllcache\srchui.dll
2010-07-25 13:21 . 2008-04-14 11:00 58434 -c--a-w- c:\windows\system32\dllcache\srchctls.dll
2010-07-25 13:21 . 2008-04-14 11:00 3166208 -c--a-w- c:\windows\system32\dllcache\msgr3en.dll
2010-07-25 13:19 . 2010-07-25 13:19 -------- d-----w- c:\windows\system32\winrm
2010-07-25 13:18 . 2010-01-14 15:06 158720 ----a-w- c:\windows\system32\rdpinit.exe
2010-07-25 13:18 . 2010-01-14 15:07 45056 ----a-w- c:\windows\system32\winlogonnotification.dll
2010-07-25 13:18 . 2010-01-14 15:07 223232 ----a-w- c:\windows\system32\wksprt.exe
2010-07-25 13:18 . 2010-01-14 15:07 12800 ----a-w- c:\windows\system32\wksprtps.dll
2010-07-25 13:18 . 2010-01-14 15:06 134144 ----a-w- c:\windows\system32\tspubwmi.dll
2010-07-25 13:18 . 2010-01-14 15:06 243200 ----a-w- c:\windows\system32\rdpshell.exe
2010-07-25 13:18 . 2010-01-14 15:06 46080 ----a-w- c:\windows\system32\tswbprxy.exe
2010-07-25 13:18 . 2010-01-14 15:04 44544 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2010-07-25 13:18 . 2008-04-14 11:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-07-25 13:18 . 2008-05-02 08:49 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-07-25 13:17 . 2010-07-25 13:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-07-25 13:14 . 2008-04-14 05:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-07-25 13:14 . 2008-04-14 05:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-07-25 13:14 . 2008-04-14 05:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-07-25 12:53 . 2008-04-14 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:20 . 2008-10-29 15:46 -------- d-----w- c:\program files\Spyware Doctor
2010-07-31 21:11 . 2010-06-30 20:31 72 ---h--w- c:\windows\popcreg.dat
2010-07-31 21:11 . 2010-06-30 20:31 24 ----a-w- c:\windows\popcinfot.dat
2010-07-27 12:25 . 2010-01-01 00:12 -------- d-----w- c:\program files\Replay Media Catcher
2010-07-26 13:35 . 2009-03-10 13:58 -------- d-----w- c:\program files\ICQ6.5
2010-07-25 13:20 . 2009-12-11 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-14 09:25 . 2008-10-15 18:06 -------- d-----w- c:\program files\Banka
2010-06-27 10:09 . 2009-02-07 23:33 -------- d-----w- c:\program files\Rapidshare
2010-06-25 18:06 . 2010-06-25 18:06 -------- d-----w- c:\program files\Google Chrome Backup
2010-06-23 12:49 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 12:49 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-06-22 11:12 . 2009-02-08 13:26 -------- d-----w- c:\program files\Share Rapid Uploader
2010-06-17 22:20 . 2010-06-17 22:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-17 16:44 . 2009-08-01 10:48 -------- d-----w- c:\program files\Opera
2010-06-16 10:04 . 2010-06-16 10:04 -------- d-----w- c:\program files\ESET
2010-06-13 18:24 . 2010-06-13 18:22 -------- d-----w- c:\program files\Sony
2010-06-13 18:22 . 2008-10-15 16:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 18:15 . 2010-01-01 00:18 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-13 18:15 . 2010-01-01 00:18 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-06-13 18:15 . 2010-01-01 00:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-06-08 21:43 . 2008-10-16 10:58 -------- d-----w- c:\program files\DreamCom
2009-08-03 21:02 . 2009-08-03 21:02 81 --sh--r- c:\windows\CT4CET.bin
2008-11-30 20:04 . 2008-11-30 20:04 23 -csha-w- c:\windows\system32\fdcebf2_z.dll
.
------- Sigcheck -------
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Namedate"="c:\program files\Nezmeskej\nezmeskej.exe" [2007-05-01 923136]
"Google Update"="c:\documents and settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-08-03 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 11:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-04-07 19:07 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 13:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Namedate]
2007-05-01 10:00 923136 ----a-w- c:\program files\Nezmeskej\nezmeskej.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 13:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29 729088 -c--a-r- c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-03 07:52 16841216 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2005-09-05 14:55 339968 ------w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-08 00:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vp]
2008-10-22 18:57 28672 ----a-w- c:\program files\Vyčistit Počítač\UUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update_vs]
2008-06-24 13:21 28672 ----a-w- c:\program files\Vyčistit Soubory\UUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2005-03-02 12:21 278528 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\Milan\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9ec57704d342c;Google Update Service (gupdate1c9ec57704d342c);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 133104]
R3 ATE_PROCMON;ATE_PROCMON; [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-02-04 26224]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-26 721904]
S0 34391222;34391222 Boot Guard Driver;c:\windows\system32\DRIVERS\34391222.sys [2009-10-22 37392]
S0 37473412;37473412 Boot Guard Driver;c:\windows\system32\DRIVERS\37473412.sys [2009-10-22 37392]
S0 39167702;39167702 Boot Guard Driver;c:\windows\system32\DRIVERS\39167702.sys [2009-10-22 37392]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 34391221;34391221;c:\windows\system32\DRIVERS\34391221.sys [2009-09-25 128016]
S1 34811721;34811721;c:\windows\system32\DRIVERS\34811721.sys [2009-09-25 128016]
S1 34811722;34811722 Boot Guard Driver;c:\windows\system32\DRIVERS\34811722.sys [2009-10-22 37392]
S1 37473411;37473411;c:\windows\system32\DRIVERS\37473411.sys [2009-09-25 128016]
S1 39167701;39167701;c:\windows\system32\DRIVERS\39167701.sys [2009-09-25 128016]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S1 setup_9.0.0.722_04.08.2010_21-22drv;setup_9.0.0.722_04.08.2010_21-22drv;c:\windows\system32\DRIVERS\3439122.sys [2009-10-09 315408]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2004-10-18 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2004-10-18 34789]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-08-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-18 18:44]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 18:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = https://register.scansoft.com/form-eng. ... H08-001002
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Přidat do stávajícího PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translat\WEBIE.DLL
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 23:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="123304BFE11B718AC5314EFE1D9EFB17CC74CBA855FDC77BD432BF4B586C608D5AF104064F60240B319089FC6215A55651482FDABAA5EF40F855E564BEB091E09C9F27193790F505A57B35E7AE2194A5057BB36E2B166CF3954589523E625376C60D179A512B8B2CA40738295A54BA509F011DB849131A9CB6F9EAF3DA138E2B5ED030142832FDD948892D9215417CC8EF92637307DE4C657FA87E0C6C5A258378C5856E162DD7873CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B555D6018C4AC2071571CCA65C9150990C61D21E443ACEDE670D778A66C39378691A02FB643C08CCE5125BA9C29F2B9CE5618E75DAF912F3692CD7BA5AE47FE4AC6843FA5A4C8A9204D659CC0187568E49BB6021AFC557095173A7D94AC12A467CCF6AAB0A4A77F0CACEB8D7D920F03588947AA75018D12C8DBC7C49AD187518817F8EEF6FDB82F2B71D30C974911EC81DA255C32C3F3364AD752D21DA7C454E043807D86EF9DF976FF93AD2DC5B83F222B32C65185FB2A9672057AD125703CEF2D17232CDF0495138AE14D982CDCC56D7287C2DCCED8DE992CFDAED73631BF1DFB5B07737617D877E1DC077B7102806A0730A73E5B50305AC2F5A9403B17D8780E2E7D738413D94CDB5857A359AC78A869E5D4064D655D0D77BBF0BACA420D0AE6B02B94557CCC85B016D62953C62DEB4C5C0D32CC14D955606B56ABC74F98468742A34334278E57D1BC666D99533737A9842A18740B71192B3AD85E4AD094CCF3AD1953DF18CA330B2A2EFE29DF82CCD5B36CE9F6A6274997DDA5CB9AF4E45AA8930DC81AA5BAD908AD61CF99D75E1436733B508B021E39CF036A835ACCC8162C43BBE02073922E17A00BB4933EFDF192815E4B255CC79EE307A55B4AE8D098662B3A3A57100938CEDF85561D0B3E62E9E7B9EF96EBFC10C6FA98279901F54C66D98A9362C8F8A9AE36721343C8DA9875DC7DA19685A3D0FF8080229820FD0F9032E1FE24C4780B9EE2F8E1B8D5251CB0EA244AF008062B7289BDC4D0875621B56008ABEB90D65BE38F93F5034D67A476DF53744C919986D70324FD3F867DDC5ADD9A23E314B9C9FF8B706737177B2EACAF1C73EAB903D38D55B470C80058D3E62CCD4BCC4EE7C77811AEE87DB1180C90B0A3C69E0D5A1C4726BE8AC9EECAF6864AEC279576B4F04B416B6745B085B9AA6748FF678DC8BE3737A8A50A7437550B3183E15A2B355A98A664F05AF412EBB28AB6F7B531EB28A99E43A7243328522E766529733C2416F8E0B5C6969A8D9ABB170BE6EA914C5D1B9CAB4F56DE57AB02B3A3BE9EA173A7F5EC2BA34EE2CB20EF6C593AC073E64763E10701FF48E6071BCF9675C7CB1DBA9"
.
Celkový čas: 2010-08-04 23:47:03
ComboFix-quarantined-files.txt 2010-08-04 21:47
ComboFix2.txt 2010-08-03 09:01
Před spuštěním: Volných bajtů: 108 983 746 560
Po spuštění: Volných bajtů: 113 729 343 488
- - End Of File - - 6956CFF2995EC6CAA91CFC024B7084BC
Re: Hijack - prosím o kontrolu
Advanced system care také nepatří zrovna k mým oblíbeným programům. Nezkušený uživatel si může taky parádně nabourat systém, tu čistku v registrech dělá trošku větší, než by bylo vhodné 
.
Prosím tě, kdy přesně Ti vznikly ty problémy, po odinstalaci Tune up, případně mazání v registrech Advanced system care...
Odinstaluj
Toolbar: SnagIt
Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku
-nakonec zmáčkneš tlačítko Fix checked
*****************************
Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall
stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir
***************************************
Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:
-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož
.Prosím tě, kdy přesně Ti vznikly ty problémy, po odinstalaci Tune up, případně mazání v registrech Advanced system care...
Odinstaluj
Toolbar: SnagIt
Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku
Kód: Vybrat vše
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translat\WEBIE.DLL
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O3 - Toolbar: - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O9 - Extra button: - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} -
O9 - Extra button: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
O9 - Extra button: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
O9 - Extra button: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
-nakonec zmáčkneš tlačítko Fix checked
*****************************
Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall
stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir
***************************************
Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 99 hostů