Wed Jul 11 10:40:31 2007 => Offending file found: C:\Documents and Settings\uživatel\Data aplikací\thinstall\glary utilities 2.0\4000004a00002i\regrepair.exe
Wed Jul 11 10:40:31 2007 => System found infected with sandboxer Spyware/Adware (regrepair.exe)! Action taken: Nic nebylo provedeno.
Wed Jul 11 10:40:58 2007 => Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Jul 11 10:40:58 2007 => Executable Command Found in {00cd8967-f298-11db-9cf6-0019d10df8d4}\Shell\AutoRun\command: F:\autoplay.exe
Wed Jul 11 10:40:58 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00cd8967-f298-11db-9cf6-0019d10df8d4} !!!
Wed Jul 11 10:40:58 2007 => Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedenoLogfile of HijackThis v1.99.1
Scan saved at 12:01:46, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Upozorňovač na e-maily na email.seznam.cz] C:\Program Files\Seznam\Postak\Postak.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Pridať do Anti-Baneru - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C90D6094-0F5D-42B5-BCC5-23EC553B3C66}: NameServer = 192.168.115.1,80.82.146.10
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Projizdel jsem comp mwav.a nasel me tento bordel,muzu poprosit oradu co s tim?
Prosim o radu-nalezen Fujacks type worm
Log z HJT je čistý akorát fixni zbytečnost:
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
Poté použij ComboFix:
Stáhni si ComboFix a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
Poté použij ComboFix:
Stáhni si ComboFix a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
2006-03-02 14:00 110080 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
2006-03-02 14:00 132096 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000013_.tmp.dll.vir
2006-03-02 14:00 137216 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2006-03-02 14:00 147968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2006-03-02 14:00 1835904 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000012_.tmp.dll.vir
2006-03-02 14:00 34304 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
2006-03-02 14:00 611328 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
2006-03-02 14:00 720896 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
2006-03-02 14:00 96768 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000003_.tmp.dll.vir
2006-03-02 14:00 982016 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
Věpis CESTY slo§ky
S‚riov‚ źˇslo svazku je 94B3-B570
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| | REGEDIT.COM.vir
| |
| \---system32
| TASKMGR.COM.vir
| _000003_.tmp.dll.vir
| _000006_.tmp.dll.vir
| _000007_.tmp.dll.vir
| _000008_.tmp.dll.vir
| _000009_.tmp.dll.vir
| _000010_.tmp.dll.vir
| _000012_.tmp.dll.vir
| _000013_.tmp.dll.vir
|
\---Registry_backups
[/code]
2006-03-02 14:00 132096 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000013_.tmp.dll.vir
2006-03-02 14:00 137216 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2006-03-02 14:00 147968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2006-03-02 14:00 1835904 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000012_.tmp.dll.vir
2006-03-02 14:00 34304 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
2006-03-02 14:00 611328 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
2006-03-02 14:00 720896 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
2006-03-02 14:00 96768 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000003_.tmp.dll.vir
2006-03-02 14:00 982016 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
Věpis CESTY slo§ky
S‚riov‚ źˇslo svazku je 94B3-B570
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| | REGEDIT.COM.vir
| |
| \---system32
| TASKMGR.COM.vir
| _000003_.tmp.dll.vir
| _000006_.tmp.dll.vir
| _000007_.tmp.dll.vir
| _000008_.tmp.dll.vir
| _000009_.tmp.dll.vir
| _000010_.tmp.dll.vir
| _000012_.tmp.dll.vir
| _000013_.tmp.dll.vir
|
\---Registry_backups
[/code]
Omlouvam se.Tady je ten vypis."u§ivatel" - 2007-07-11 14:35:52 - ComboFix 07-07-10.1 - Service Pack 2
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 13:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 13:52 <DIR> d-------- C:\backups
2007-07-11 11:23 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-07-11 03:58 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\RegClean
2007-07-11 00:53 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-07-10 23:27 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\Google
2007-07-10 23:25 <DIR> d-------- C:\Program Files\Google
2007-07-10 02:54 <DIR> d-------- C:\Program Files\totalcmd
2007-07-09 00:03 <DIR> d-------- C:\Program Files\Webteh
2007-07-08 19:40 <DIR> d-------- C:\Program Files\CyberLink
2007-07-08 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Elaborate Bytes
2007-07-08 14:23 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-07-08 12:07 <DIR> d-------- C:\Program Files\XoftSpySE
2007-07-07 21:16 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-07-04 23:39 <DIR> d-------- C:\Program Files\Neoretix
2007-07-03 20:49 545,280 --a------ C:\WINDOWS\flashax.exe
2007-07-03 20:49 12,288 --a------ C:\WINDOWS\impborl.dll
2007-07-01 21:09 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-01 20:09 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-07-01 20:09 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-07-01 20:09 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-07-01 20:09 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-06-30 22:36 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\WinRAR
2007-06-29 19:46 <DIR> d-------- C:\Program Files\Lonely Cat Games
2007-06-29 14:21 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-06-28 01:40 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Plocha
2007-06-26 18:45 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\Lavasoft
2007-06-26 17:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-06-26 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-06-25 18:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Custom Skin Clock
2007-06-25 02:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Nokia
2007-06-25 02:45 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-25 02:45 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-25 02:45 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-25 02:45 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-25 02:45 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-25 01:23 <DIR> d-------- C:\Program Files\Winamp
2007-06-23 23:27 <DIR> d-------- C:\Program Files\OO Software
2007-06-17 19:30 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\MusicIP
2007-06-17 01:18 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Pro
2007-06-17 00:49 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATAAP~1\Ahead
2007-06-17 00:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-06-16 19:44 <DIR> d-------- C:\WINDOWS\SOFTDISK
2007-06-16 19:42 40,960 --a------ C:\WINDOWS\Nov Panda.dll
2007-06-16 18:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-06-16 18:32 229,376 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-16 18:32 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-06-16 18:32 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-06-16 18:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-06-16 16:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-15 20:49 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-06-14 15:51 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\ATI
2007-06-14 02:00 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-06-14 02:00 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\MAGIX
2007-06-14 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\MAGIX
2007-06-14 01:59 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-06-14 01:59 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-06-14 01:59 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-06-14 01:59 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-06-14 01:59 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-06-14 01:59 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-06-14 01:59 53,248 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-06-14 01:59 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-06-14 01:59 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-06-14 01:59 487,424 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-06-14 01:59 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-06-14 01:59 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-06-14 01:59 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-14 01:59 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-06-14 01:59 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-06-14 01:59 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-06-14 01:59 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-06-14 01:59 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-06-14 01:59 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-06-14 01:59 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-06-14 01:59 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-06-14 01:59 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-06-14 01:59 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-06-14 01:59 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-06-14 01:59 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-06-14 01:58 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-06-14 01:58 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-06-13 23:50 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\AltrixSoft
2007-06-13 00:13 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\Media Player Classic
2007-06-13 00:12 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-13 00:12 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-13 00:12 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-06-13 00:12 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-13 00:12 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-13 00:12 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-10 14:27:14 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\OpenOffice.org2
2007-07-08 14:20:37 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\BSplayer Pro
2007-07-08 08:48:51 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Vso
2007-07-08 08:48:50 87,608 ----a-w C:\DOCUME~1\UIVATE~1\DATAAP~1\ezpinst.exe
2007-07-08 08:48:50 47,360 ----a-w C:\DOCUME~1\UIVATE~1\DATAAP~1\pcouffin.sys
2007-07-08 08:39:05 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-03 00:37:12 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Nokia Multimedia Player
2007-07-01 18:57:26 -------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-06-29 12:22:56 -------- d-----w C:\Program Files\DIFX
2007-06-29 12:22:30 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-06-29 12:22:28 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-29 12:07:03 -------- d-----w C:\Program Files\Nokia
2007-06-26 14:53:53 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 21:06:56 -------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner
2007-06-18 22:56:51 11,561 -c--a-w C:\WINDOWS\mozver.dat
2007-06-17 12:58:51 -------- d-----w C:\Program Files\CCleaner
2007-06-16 17:42:43 40,960 ----a-w C:\WINDOWS\Nová Panda.dll
2007-06-14 13:31:40 724,992 -c--a-w C:\WINDOWS\iun6002.exe
2007-06-13 23:46:28 -------- d-----w C:\Program Files\WinAVI MP4 Converter
2007-06-12 20:54:31 182 -c--a-w C:\WINDOWS\system32\FOLESVR.DLL
2007-06-10 21:45:19 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\PC Suite
2007-06-09 14:16:51 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Datalayer
2007-06-01 23:22:41 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Opera
2007-05-26 17:53:09 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Desperate Housewives
2007-05-26 16:55:48 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\AdobeUM
2007-05-24 23:40:49 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\LangSoft
2007-05-24 14:26:57 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-05-24 14:24:30 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Zoufale manzelky
2007-05-24 14:22:03 -------- d-----w C:\Program Files\Buena Vista Games
2007-05-24 14:21:44 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\InstallShield
2007-05-23 08:56:03 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\CyberLink
2007-05-22 20:10:13 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Nokia
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\ICQLite
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\dvdcss
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\DivX
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Desktop Sidebar
2007-05-21 18:10:53 516,096 ----a-w C:\WINDOWS\UN32.EXE
2007-05-21 18:06:22 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-05-21 18:06:22 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-05-21 18:06:21 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-05-20 00:59:51 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Joost
2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-18 13:46:22 -------- d-----w C:\Program Files\Seznam
2007-05-16 21:59:10 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Netscape
2007-05-16 15:18:40 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:30:43 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\GlarySoft
2007-05-15 21:15:07 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Thinstall
2007-05-14 13:25:32 -------- d-----w C:\Program Files\FLVPlayer
2007-05-12 17:55:51 73,416 -c--a-w C:\WINDOWS\system32\perfc005.dat
2007-05-12 17:55:51 398,746 -c--a-w C:\WINDOWS\system32\perfh005.dat
2007-05-12 17:44:37 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:06:40 202,248 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:06:24 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-05-08 03:10:02 4 ----a-w C:\WINDOWS\info147.sys
2007-05-07 13:48:06 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-05-05 22:51:24 0 --sha-r C:\MSDOS.SYS
2007-05-05 22:51:24 0 --sha-r C:\IO.SYS
2007-05-02 08:41:35 15,175,296 ----a-w C:\mwav.exe
2007-04-26 01:27:58 79,376 ----a-w C:\WINDOWS\system32\MiniDump.dll
2007-04-25 14:22:50 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 00:47:13 10,076 -c--a-w C:\WINDOWS\msvrc20.dll
2007-04-19 09:23:36 148,992 -c--a-w C:\WINDOWS\system32\nsesetup.dll
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 12:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"Upozorňovač na e-maily na email.seznam.cz"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"GreyMSIAds"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2007-06-16 16:23:23 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-11 12:05:52 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-07-08 11:38:16 C:\WINDOWS\tasks\XoftSpySE.job
2007-05-25 15:28:10 C:\WINDOWS\tasks\Úklid 1 kliknutím.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 14:38:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Upozornovac na e-maily na email.seznam.cz"="C:\\Program Files\\Seznam\\Postak\\Postak.exe"
Completion time: 2007-07-11 14:39:25
C:\ComboFix-quarantined-files.txt ... 2007-07-11 14:39
--- E O F ---
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 13:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 13:52 <DIR> d-------- C:\backups
2007-07-11 11:23 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-07-11 10:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-07-11 03:58 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\RegClean
2007-07-11 00:53 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-07-10 23:27 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\Google
2007-07-10 23:25 <DIR> d-------- C:\Program Files\Google
2007-07-10 02:54 <DIR> d-------- C:\Program Files\totalcmd
2007-07-09 00:03 <DIR> d-------- C:\Program Files\Webteh
2007-07-08 19:40 <DIR> d-------- C:\Program Files\CyberLink
2007-07-08 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Elaborate Bytes
2007-07-08 14:23 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-07-08 12:07 <DIR> d-------- C:\Program Files\XoftSpySE
2007-07-07 21:16 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-07-04 23:39 <DIR> d-------- C:\Program Files\Neoretix
2007-07-03 20:49 545,280 --a------ C:\WINDOWS\flashax.exe
2007-07-03 20:49 12,288 --a------ C:\WINDOWS\impborl.dll
2007-07-01 21:09 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-01 20:09 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-07-01 20:09 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-07-01 20:09 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-07-01 20:09 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-06-30 22:36 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\WinRAR
2007-06-29 19:46 <DIR> d-------- C:\Program Files\Lonely Cat Games
2007-06-29 14:21 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-06-28 01:40 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Plocha
2007-06-26 18:45 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\Lavasoft
2007-06-26 17:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-06-26 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-06-25 18:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Custom Skin Clock
2007-06-25 02:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Nokia
2007-06-25 02:45 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-25 02:45 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-25 02:45 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-25 02:45 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-25 02:45 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-25 01:23 <DIR> d-------- C:\Program Files\Winamp
2007-06-23 23:27 <DIR> d-------- C:\Program Files\OO Software
2007-06-17 19:30 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\MusicIP
2007-06-17 01:18 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Pro
2007-06-17 00:49 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATAAP~1\Ahead
2007-06-17 00:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-06-16 19:44 <DIR> d-------- C:\WINDOWS\SOFTDISK
2007-06-16 19:42 40,960 --a------ C:\WINDOWS\Nov Panda.dll
2007-06-16 18:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-06-16 18:32 229,376 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-16 18:32 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-06-16 18:32 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-06-16 18:32 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-06-16 16:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-15 20:49 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-06-14 15:51 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\ATI
2007-06-14 02:00 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-06-14 02:00 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\MAGIX
2007-06-14 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\MAGIX
2007-06-14 01:59 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-06-14 01:59 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-06-14 01:59 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-06-14 01:59 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-06-14 01:59 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-06-14 01:59 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-06-14 01:59 53,248 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-06-14 01:59 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2007-06-14 01:59 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-06-14 01:59 487,424 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-06-14 01:59 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-06-14 01:59 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-06-14 01:59 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-14 01:59 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-06-14 01:59 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-06-14 01:59 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-06-14 01:59 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-06-14 01:59 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-06-14 01:59 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-06-14 01:59 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-06-14 01:59 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-06-14 01:59 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-06-14 01:59 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-06-14 01:59 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-06-14 01:59 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-06-14 01:59 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-06-14 01:58 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-06-14 01:58 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-06-13 23:50 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\AltrixSoft
2007-06-13 00:13 <DIR> d-------- C:\DOCUME~1\UIVATE~1\DATAAP~1\Media Player Classic
2007-06-13 00:12 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-13 00:12 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-13 00:12 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-06-13 00:12 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-13 00:12 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-13 00:12 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-10 14:27:14 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\OpenOffice.org2
2007-07-08 14:20:37 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\BSplayer Pro
2007-07-08 08:48:51 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Vso
2007-07-08 08:48:50 87,608 ----a-w C:\DOCUME~1\UIVATE~1\DATAAP~1\ezpinst.exe
2007-07-08 08:48:50 47,360 ----a-w C:\DOCUME~1\UIVATE~1\DATAAP~1\pcouffin.sys
2007-07-08 08:39:05 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-03 00:37:12 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Nokia Multimedia Player
2007-07-01 18:57:26 -------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-06-29 12:22:56 -------- d-----w C:\Program Files\DIFX
2007-06-29 12:22:30 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-06-29 12:22:28 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-29 12:07:03 -------- d-----w C:\Program Files\Nokia
2007-06-26 14:53:53 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 21:06:56 -------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner
2007-06-18 22:56:51 11,561 -c--a-w C:\WINDOWS\mozver.dat
2007-06-17 12:58:51 -------- d-----w C:\Program Files\CCleaner
2007-06-16 17:42:43 40,960 ----a-w C:\WINDOWS\Nová Panda.dll
2007-06-14 13:31:40 724,992 -c--a-w C:\WINDOWS\iun6002.exe
2007-06-13 23:46:28 -------- d-----w C:\Program Files\WinAVI MP4 Converter
2007-06-12 20:54:31 182 -c--a-w C:\WINDOWS\system32\FOLESVR.DLL
2007-06-10 21:45:19 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\PC Suite
2007-06-09 14:16:51 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Datalayer
2007-06-01 23:22:41 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Opera
2007-05-26 17:53:09 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Desperate Housewives
2007-05-26 16:55:48 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\AdobeUM
2007-05-24 23:40:49 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\LangSoft
2007-05-24 14:26:57 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-05-24 14:24:30 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Zoufale manzelky
2007-05-24 14:22:03 -------- d-----w C:\Program Files\Buena Vista Games
2007-05-24 14:21:44 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\InstallShield
2007-05-23 08:56:03 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\CyberLink
2007-05-22 20:10:13 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Nokia
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\ICQLite
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\dvdcss
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\DivX
2007-05-22 20:08:32 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Desktop Sidebar
2007-05-21 18:10:53 516,096 ----a-w C:\WINDOWS\UN32.EXE
2007-05-21 18:06:22 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-05-21 18:06:22 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-05-21 18:06:21 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-05-20 00:59:51 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Joost
2007-05-19 20:08:25 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-18 13:46:22 -------- d-----w C:\Program Files\Seznam
2007-05-16 21:59:10 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Netscape
2007-05-16 15:18:40 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:30:43 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\GlarySoft
2007-05-15 21:15:07 -------- d-----w C:\DOCUME~1\UIVATE~1\DATAAP~1\Thinstall
2007-05-14 13:25:32 -------- d-----w C:\Program Files\FLVPlayer
2007-05-12 17:55:51 73,416 -c--a-w C:\WINDOWS\system32\perfc005.dat
2007-05-12 17:55:51 398,746 -c--a-w C:\WINDOWS\system32\perfh005.dat
2007-05-12 17:44:37 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:06:40 202,248 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:06:24 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-05-08 03:10:02 4 ----a-w C:\WINDOWS\info147.sys
2007-05-07 13:48:06 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-05-05 22:51:24 0 --sha-r C:\MSDOS.SYS
2007-05-05 22:51:24 0 --sha-r C:\IO.SYS
2007-05-02 08:41:35 15,175,296 ----a-w C:\mwav.exe
2007-04-26 01:27:58 79,376 ----a-w C:\WINDOWS\system32\MiniDump.dll
2007-04-25 14:22:50 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 00:47:13 10,076 -c--a-w C:\WINDOWS\msvrc20.dll
2007-04-19 09:23:36 148,992 -c--a-w C:\WINDOWS\system32\nsesetup.dll
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 -c--a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 12:56 63136 -ra------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"Upozorňovač na e-maily na email.seznam.cz"="C:\Program Files\Seznam\Postak\Postak.exe" [2006-05-18 14:36]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"GreyMSIAds"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2007-06-16 16:23:23 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-11 12:05:52 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-07-08 11:38:16 C:\WINDOWS\tasks\XoftSpySE.job
2007-05-25 15:28:10 C:\WINDOWS\tasks\Úklid 1 kliknutím.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 14:38:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Upozornovac na e-maily na email.seznam.cz"="C:\\Program Files\\Seznam\\Postak\\Postak.exe"
Completion time: 2007-07-11 14:39:25
C:\ComboFix-quarantined-files.txt ... 2007-07-11 14:39
--- E O F ---
Dal jsem to ted kontrolu MWAV.Vyhodilo to tohle-Wed Jul 11 14:50:14 2007 => Offending file found: C:\WINDOWS\system32\swreg.exe
Wed Jul 11 14:50:14 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.
Wed Jul 11 14:50:14 2007 => Offending file found: C:\WINDOWS\system32\swsc.exe
Wed Jul 11 14:50:14 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Nic nebylo provedeno.
Wed Jul 11 14:50:15 2007 => Offending file found: C:\Documents and Settings\uživatel\Data aplikací\thinstall\glary utilities 2.0\4000004a00002i\regrepair.exe
Wed Jul 11 14:50:15 2007 => System found infected with sandboxer Spyware/Adware (regrepair.exe)! Action taken: Nic nebylo provedeno.
Wed Jul 11 14:50:14 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: Nic nebylo provedeno.
Wed Jul 11 14:50:14 2007 => Offending file found: C:\WINDOWS\system32\swsc.exe
Wed Jul 11 14:50:14 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: Nic nebylo provedeno.
Wed Jul 11 14:50:15 2007 => Offending file found: C:\Documents and Settings\uživatel\Data aplikací\thinstall\glary utilities 2.0\4000004a00002i\regrepair.exe
Wed Jul 11 14:50:15 2007 => System found infected with sandboxer Spyware/Adware (regrepair.exe)! Action taken: Nic nebylo provedeno.
Tak jsem nakonec tyto 3 polozky nasel,a smazal rucne.Projel jsem to mwav,a bylo to ciste,tak doufam,ze je to pryc.Tady davam jeste vypis.Logfile of HijackThis v1.99.1
Scan saved at 16:38:35, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Upozorňovač na e-maily na email.seznam.cz] C:\Program Files\Seznam\Postak\Postak.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Pridať do Anti-Baneru - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C90D6094-0F5D-42B5-BCC5-23EC553B3C66}: NameServer = 192.168.115.1,80.82.146.10
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Scan saved at 16:38:35, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Upozorňovač na e-maily na email.seznam.cz] C:\Program Files\Seznam\Postak\Postak.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Pridať do Anti-Baneru - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C90D6094-0F5D-42B5-BCC5-23EC553B3C66}: NameServer = 192.168.115.1,80.82.146.10
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 70 hostů