Objekt "video ax object Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "zlob Trojan" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\Alg.AlgSetup" odkazuje na neplatný objekt "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\Alg.AlgSetup.1" odkazuje na neplatný objekt "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\ICQPhone.SipxPhoneManager" odkazuje na neplatný objekt "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\Plenoptic.Plenoptic" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\Plenoptic.Plenoptic.1" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\RTCCore.RTCClient" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\RTCCore.RTCClient.1" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Common Files\Ahead\AudioPlugins\msa.dll". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Nero\CoverDesigner\covered-deu.nls". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Nero\Nero BackItUp\BackItUp-Deu.nls". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "D:\Dankes\Mobil\Programy na praci\3GP player\Resource\NokiaMultimediaPlayer_Nokia.NGR". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "D:\Dankes\Mobil\Programy na praci\3GP player\Help\NokiaMultimediaPlayers_eng.chm". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "D:\Dankes\Mobil\Programy na praci\3GP player\Lang\NokiaMultimediaPlayer_eng.NLR". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Shared Tools\DAO" odkazuje na neplatný objekt "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%16%B7u%3D%A1%7F%89%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F%EA%97%B4%01%2C%B2y%A4%F8%D0%C6%F0%DD%C6O%25". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0Co". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%98%8C%F9%8AqzQ%C9%D3E%D9%93%60%5C%86%FC%CB%B6%29%C6%20%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F%EA%97%B4%01%2C%B2y%A4%F8%D0%C6%F0%25D". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%9B%A82%3D%3A%A6%D1%1AC%21K%AA_Zj%17%DD%2A%95%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0Co". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%A3%E7%19-%F5%2B%B4_%A8%80%97Jd%1C%26%9D%A0h%E9Q%CB%90%AD%C3%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%AAA%24%F0%B8%08%039-%D1%F0W%D3%038V%18%0F%7EPlqC%AFR%91%5B%AF%E7%F5%1C9%01%11%B5%B3%06%3E%F3%B3%84%99an_%19%C8%95Hd". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%AAA%24%F0%B8%08%039-%D1%F0W%D3%038V%18%0F%7EPlqC%AFR%91%5B%AF%E7%F5%1C9%01%11%B5%B3%06%3E%F3%B3%84%99an_%19%C8%95Hd%AF7". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%AAA%24%F0%B8%08%039-%D1%F0W%D3%038V%18%0F%7EPlqC%AFR%91%5B%AF%E7%F5%1C9%01%11%B5%B3%06%3E%F3%B3%84%99an_%19%C8%95Hd%AF7%25C". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%AAA%24%F0%B8%08%039-%D1%F0W%D3%038V%18%0F%7EPlqC%AFR%91%5B%AF%E7%F5%1C9%01%11%B5%B3%06%3E%F3%B3%84%99an_%19%C8%95Hd%AF7%CC". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%EC%F8%5Ev%C1%12%40DU%B5%F9%D4%2C%12%84F%9A2%98%B1%28%DF%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".%F6e%D8v%1E%9F%A2%27f%9F%CC0%7CM%B5%A4V%AC%A4%F7qp%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9F%A4%0B%E0%DC%1D%8Fp%96%96O%0016%D6%CDI". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".-%1EB5i%24%5D%D8C%9E%1A%1D%F0%B3V%DB%B0J%AAU%C6%18%154%28%25". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".-%1EB5i%24%5D%D8C%9E%1A%1D%F0%B3V%DB%B0J%AAU%C6%18%154%28%90%8F%25". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".-%1EB5i%24%5D%D8C%9E%1A%1D%F0%B3V%DB%B0J%AAU%C6%18%154%28%90%8F%8A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".-%1EB5i%24%5D%D8C%9E%1A%1D%F0%B3V%DB%B0J%AAU%C6%18%154%28%90%8F%8A%25A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".-%1EB5i%24%5D%D8C%9E%1A%1D%F0%B3V%DB%B0J%AAU%C6%18%154%28%90%8F%8A%AA9%F3". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".1i%E1e%CD%87%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0CoO%15". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".9%D1%3C%2C%B3%80%0AC%B1%F2n%DC%7B7%8DS%7E%99%DF%3D%25vn%F4%C5%3F%00%93v%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".BAK". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".bsp". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".c32". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".class". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".comodofirewall". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%00%FC%1B%0F%E4%D4B%21%C4%02%BF%C1%19%A5%09%AA7%8DS%7E%99%DF%3D%25vn%F4%C5%3F%00%93v%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%05%2B%16%83%C41%C8L%F9W%AA%18%D8%F5%C5%AD%07%92%08%F6%E4%C5%B5%FA%CB%1F%FF%9EE%E8%13v%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0C". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%0A%AC%0D%BAaU%25%9B%93G%97r%ED%91%04%98%08%A4%13%09%00%A0w1%1A%A1%C6%9A%1D%00%89%E2%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%0B%E1e%C4%C0fZV%C9%D7U%21%09%E3%A3%20W%AB%3D%F6%D4E%B0%E6%2C7%0B%C9R%1A%03%03%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%10m3%10%92%EA%18%81%B5%5D%D2%83%81%FA%C9%A3%CAX%98%7E%8A%3F%05%94%E8%A7%EA%94%D9%C8%01%19%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%14%D6i%BBH%DF%FB%10%90%99%A9%F61%AD%21%CC%11%09%DB%FE%80JG%9E%9E%07%D4%F6%F2%98r%16%A7uS%10%D6%A1%03%D3C%91H%CE%10%F0%9D%FCPN%83%12%C1N%06%40%AB%FD%7D%E5%97n%F6%A9%98%FB%F9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%14%D6i%BBH%DF%FB%10%90%99%A9%F61%AD%21%CCU%AAX%187Q%ED%F3%9E%07%D4%F6%F2%98r%16%A7uS%10%D6%A1%03%D3C%91H%CE%10%F0%9D%FCPN%83%12%C1N%06%40%AB%FD%7D%E5%97n%F6%A9%98%FB%F9%26%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%16%40%EFvr%7D%CB%0E%D8%BC%5C%C3%27%C3%DA%C3%85%05%9F%90%F9%B5%7B%1E%9E2%5Cb%BCOH%B1%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%17%E9S%F1%B1Y%F9%BA%E2%22%B4%A17%E9PU%D0%1F%C8fra%8F1%20%F2%CA%9Fsz%08%3E%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%23%07%3B%C4%D0R%C6Bp%F2%01%BF%90%0B%B4%A9O%0C%84%0F4%BE81%D1%D1x%B0%F7%B5Zw%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%26%9E%FA%DF%21K%E1%D08%3D%3E%86%8Cn%80%00%27%00%B3%1D%25Df%A1%1A%A1%C6%9A%1D%00%89%E2%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0C". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%27%3B24i%15%2B%21%5D%B4n%00FC%24J%EE%94%1FJ4%3D%14%96%E5%7E%E6%26%8F%18%92%5E%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%2B%15/%277w%B8%5D%05%16v%85P%60%D6h%9D%A3%E6%BD%FD%832%BE%BFv%D3%97%2A90%FF%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%3AV%04%C4%BF%E5%DB%04%A3%E7%19-%F5%2B%B4_%F84%FB%E3gU%DBb%B3%94a1%E4b%18E%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%3AV%04%C4%BF%E5%DB%04%E2%D7%904%F2%DC%06%18%CE%D8%81%0D%E0%81%10%FCL%E4%7CR%2C%F0%D8s%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%3C%0FT%96Y%9B%85%FD%DAW%1A%F5%98x%DE%1B%C2%D9%D9%B4%FBBM%CB%16%92%D4%F8%F7%BE%D1%5C%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%3E%B7%CF%86%852%E3%04%8A%C3%C7%0A%27q%FD6%CB%08H%E0%E1%0CX%8A7%8B%BE%ACb%87k%EB%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%3F%3Ca%0B%94%BD%10%B0%DDiZ%D3%E6_%E4%0C%DD%92r%40%91%14%CE0%BF%EF%D4X%DD%9C%9A%FA%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%7FT%C9%D6%91%E2%CA%84m%B1%18k%9B%FF%C9%CC9%22%D0%5D%A6%03%D7k%F6%A3%2B%82%E1%AC%FB%B7%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%864%5B%E9-%D5%FD%28%90%99%A9%F61%AD%21%CC%9DZ%5B/%AA%B7%9D33%F9%5E%21%1B%1BON%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%8Cn%09p%F6Xkg%02%29%1F%82%03%2C%CC%EBYc%24%CE%EE%C9V%C0%2Br%0F%D5%83%CD%EE%05%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%8D%40%ABd%7D%8E%F6%18%D4%A8%7B%1D%2C%B5%3D%EC%BF%1F%1Cj%8C8%99%D4s%F9%B7%AAu%12L%9F%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%8F%BF%EE%90%28%A8g%FF%2C%F1%1DZ%8C%CB%05%91%AC%0A%F4%F7x%23%F7%5C%86%404xU%C1%E1%B2%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%94%15%07%09vhiR%9E9%9C%D8%D8%F7%FD%FD3%5D%EF%40%A1%E5k%B1b%FD%3C%3B%7D%0C%ABR%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%97%B0u%BBg%27%C6%BB%3EM%AC%DF%C7%85%DD%BD%F8%0F%BB%DA%FF%F8%83%D6%2C7%0B%C9R%1A%03%03%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0C". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%97D%8D%CFp%5BK%29%5D%F7%82f%AB%A7%8B%80%A3%CD%FEh%29%18Nz%A5%92%E3x%EC%7B%86%CE%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%97D%8D%CFp%5BK%29p%F2%01%BF%90%0B%B4%A9%91%81%23%F8s%A0%96F%DA%AC%25D%E7J%DE%21%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%9B%10%E7%1C%2BR%F79%14%F6%EC%159l%FF%E7%B9%CD%06%D2t%C44%BCs%F9%B7%AAu%12L%9F%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%A5%BD%CE%C0v%C4%84%A8%A5%D06%1D%AF%8F%B1%0Dx%26%DC%B1%C2X%CCT%2CB%ADZS%1B%F6%A5%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%A8%2B%FA%40A%CA%072%A5%91%FA%F6C%9F%7B%0EU%3Fu%0B%07%18%F1%ED%13%28Y%F1%BBK%BD9%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%A8%2B%FA%40A%CA%072L%EF%A8%BC%19%E0%3E%FC%F84%FB%E3gU%DBb%B3%94a1%E4b%18E%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%A8%A8%985%7F%89%E8%F3%FA%8D%17%EAh%A4%CA%DA7%8DS%7E%99%DF%3D%25vn%F4%C5%3F%00%93v%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%AA%03%B6%86E%C6Q%02%9B%A3%0D7y%FCl%7D%1A%E8%98%25%22%BE%B0%BA%5C%86%FC%CB%B6%29%C6%20%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0C". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%ACC%E9%D6%F6%15%3BT%DF%0F%C2/J%2B%7D%D2%ED%F5w%E6%F6M%E99%DE%5C%B3i%D8%25%DDb%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%AD%F3%2B%FE%0C%11%F0%84%A7%B1%97q%14%07%3B%94%3D%3A%A6%D1%1AC%21K%8B%07J%DC%B8%1FH%B5%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%AF%96%C7%AC%3D%B3%20%F4x%BC%5D%17%AA8%10%86g%BB%F1%FE%C7%A5%B9%07%DB%D9%F5K%26%8Cc%D1%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%D". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%BD%9E%D0%88%82%03%81%1B%D3%EE%C5%8C%C1%F3%E9W%9AL%ED%EF%E8%CA%CE%D6%DE%5C%B3i%D8%25%DDb%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%CB%F5%A3%82%2Be%D2%DC%05%16v%85P%60%D6h%D2z%E1%BEV%E7q%18%86%404xU%C1%E1%B2%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%CC%0B%D3s%07%E1%83%96%09%26%A8%03%A2p%5D9%0C%18%B1%EC%CByh%AB%CB%1F%FF%9EE%E8%13v%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%D5%D7kO%B4H%5E%A0%15%D2%A6%26%DEP%D2%0BP%FD%98%BD%FC%17/%B1%073%CB%B8%9A%A3%F2%DF%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%DA%83%0C6%B5x%1D%5C%E2%22%B4%A17%E9PU%91%D8%FD%E9%BE%28%15%1C%C7%D2%08%F6u%07%81P%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%DC%A1%3D%14%25%D6AYR%C0%8C%7C%1B7%7E%CF%0C%18%B1%EC%CByh%AB%CB%1F%FF%9EE%E8%13v%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%E0%FC4%3F%1E%CA%D9%D9%40%7E%CB%A7%5B%D7%15%BEh%C0%E6r%B2%F0%BB%20%B9M%854Q%D1%BE%A7%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%E0%FC4%3F%1E%CA%D9%D9%9Do%89%89%5E%AFf%F1%BF%1F%1Cj%8C8%99%D4s%F9%B7%AAu%12L%9F%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%E1%8F%21%97%E4%F7%7D%E0%7E%0A%A1%15s%04%3BV3%5D%EF%40%A1%E5k%B1b%FD%3C%3B%7D%0C%ABR%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%E6%A9%B3k%3C%5EDO%A7%B1%97q%14%07%3B%94%E4%A4%92%9E%5D%F5%97i%00%88%93%08D%F7%02%FF%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%E8%0F%3D%7E%F8%10%25%D8%87%26%98%8EO%04%26%E6_%96M-%FB%81lf%1C%C5%93%A3%89%1E%D6%BA%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%E8%0F%3D%7E%F8%10%25%D8%9E%2Aii%3D%AA%F3%91%5EmplD%DA%B5A%28%95C%EBA%E6%F3W%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%EDuT%19%A4%22%06%2C%98%19%5D%ED%11%DE%B0%90%3Fo%CD%8F%CA%A3%96%87P%0Be4p3N%7C%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%F1%E1%5Bo%D8%5C%CBr%17%CAz%B76Y%84%7F%08%EE%F5%AD%2B%EAq%19%DB%A3%2A%14%D9%C7%959%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%F3%FBa%22%BC%A4%06%D3%9Do%89%89%5E%AFf%F1%3D%3A%A6%D1%1AC%21Kb%FD%3C%3B%7D%0C%ABR%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%FA%A6%C3%03%02%9D/%27%02%29%1F%82%03%2C%CC%EB%03%CE5G%17%3B%23%26%F6%A3%2B%82%E1%AC%FB%B7%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%FD%C7%D0wB%82%AE%C3%D8%A7%B5%EA%82-%97K%22%F0%03%A9t%7B%04i%E8%F1h%25T%22%B5%99%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=5%23%E1%BA%D0%C8%2B%20%8C%DC%0FA%F8%F9%AF%02%E4%16w%15%A0%94%3B%CE%1F%84X%D7%27%BA%26%8A%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=6%D1%8B%AD%2684%DA%1F%B1v%C6%C3%98%81a%96H%1F%7D%08%14%20%E9%BB%BB%F9%A2%B1%7D%89R%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=7%5ES%C7%81e_5%9E%28%99%3D8%EFB%DCj%E0HE%B2%D06%08_%1E9%96%180Y%1E%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F%EA%97%B4%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=8%96%F2q%C2%2Cy%BB%A5%91%FA%F6C%9F%7B%0E%A3%24%98%9F%09W%D7z%20%B5%10%8C%91%15%D1s%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=8%96%F2q%C2%2Cy%BB%A5%91%FA%F6C%9F%7B%0E%A3%24%98%9F%09W%D7z%E1%A4%0A%12%0E%3Bo%F2%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=8%BF%AD%10%E61%87%9D%C9%D7U%21%09%E3%A3%20%0EZ%DC%7DL%F7%12%99%17%7C%0C4%93A-%8E%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=A%9F%92%23%C3%D4%F0%04em%85%BDd%8D%11%27Bj%F1%D3%DA%A1%BAc%1C%C5%93%A3%89%1E%D6%BA%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=b%A4%84%D0%02%FE%19%A8%EEm%5C%BA%AD%DDbY%3Fo%CD%8F%CA%A3%96%87P%0Be4p3N%7C%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=f%F3%3D%25n%C1%15O%F3%9B%ECB%2A%0Ez%06%F61%00%FD%5B%A5%D2%C1%9E%07%D4%F6%F2%98r%16%A7uS%10%D6%A1%03%D3C%91H%CE%10%F0%9D%FCPN%83%12%C1N%06%40%AB%FD%7D%E5%97n%F6%A9%98%FB%F9%2". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=K%DA%A8z%21sY%5Bi%B9%C4%AF%B1%FD%84%5E%DA%A6%82%3F%AF%CF%60%888%0C%F7%90%F8%81%93e%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=l9n%86%00g%D2%8B%D8%A7%B5%EA%82-%97K%D0%1A%C4%8D%A6%3A%E5%233%F9%5E%21%1B%1BON%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=mZ%F3Y%C1%2C6APA%DCCy%87%25v/%DAk%C7%87%7D%C2%1A%B9%115V%E9V%25B%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9F%A4%0B%E0". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=p%AA%7C%00j%0FYO%B5%DA%E0_%D9/%B6%C0U%C7%F3%BBq%F4%9D%C0%2C7%0B%C9R%1A%03%03%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=U%82%FB%86P%B6%E5Qx%27%E4V%DD%D1%95%8B%110%F0A%8A%1D%00%5Chk%01%7BJ%D9%DB%08%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=vL%28V%CC%CBV%F4%E8mw%22F%BA%3BHR%7F%B1%7F%11v%CE%BA%BFv%D3%97%2A90%FF%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=vL%28V%CC%CBV%F4p%F2%01%BF%90%0B%B4%A9%7F%EE%83%20_%80%3Fkb%FD%3C%3B%7D%0C%ABR%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=X%F8%3Cq%E5%94%89%81%D6%24%85K%0B%8Bj%E8r%D2%235%BC%2B%8A%1F%13%8102%22%A9uc%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=_%A08%1C%91%CB%BBL%A5%F3%0A%C4%83%90%29%18a2G%7Ba1%15e_%1E9%96%180Y%1E%07%A1%15%E9%A8%87%C8%FF%CC%DA%9Dz%19%EF%EF%DB%D8W%0AL%EEG%BA%C2%BF%0AS%8C%2A%5EQ%18%0Cg%A8%B7%7F%EA%97". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".CZE". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dat". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".doc?A54x250c6eb9". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".doc?A54x35ce9c26". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ent". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jad". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".KW%7D%E2%84%FD%A6%92%C9%23%ED%FCL%40_%D3%CDr%C3%B7%88pA_%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0CoO%25". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".nup". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".orig". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".p2l". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pak". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".PAS". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pf". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".php". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".php?id=1731&whiche=3". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ptb". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rozv_stud_prn". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".S%BE%C6%EF%17%20y%83%FC%AE%1B%8C%E0%7D%9E%5Df%D9%AC%B8%F1%B8%B1%EDn%09%26%AD%2A8%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%B". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".srt". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sub". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".svg". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".T%8C%2BF%7E%25%F4%3D%20gb%C2%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0CoO%15K%25". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tab". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tga". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".tmp". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".txd". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".u%24%FA%03%2BU%7D-%A8W%2C%99%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0Co". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".u%24%FA%03%2BU%7D-%A8W%2C%99%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%0CoO%25". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".u%24%FA%03%7E%25%F4%3D%20gb%C2%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".u%24%FA%03%7E%25%F4%3D%20gb%C2%95q%EA%F4%98%E7%1B%F1%5E%C1%24w%B3%95%25%ACZ%13%EA%FA%8F%BE%E7%E2%8D%99%01E%29%F2%08%97%CD%A6%03%E6%C4%CB%28K%F7%BB%BC%83%89%3C%A5ya%250". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".WAD". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".wd". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".y%C6%9A%18%9C%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9F%A4%0B%E0%DC%1D%8Fp%96%96O%0016%D6%CDI". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "DC++". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "IExplorer Security Plug-in". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "InstallShield_{0D09E359-0C98-4D93-B6F9-1FF68ED4B27C}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Internet Explorer Secure Bar". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Messenger Service". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "SUPER ©". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Video AX Object". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Windows Safety Alert". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Wudf01000". Provedené akce: Nic nebylo provedeno.
Soubor C:\AUTORUN.INF je infikovaný virem Fujack !! Provedené akce: No Action Taken.
Soubor D:\AUTORUN.INF je infikovaný virem Fujack !! Provedené akce: No Action Taken.
nevyžádané restartování
konečně
tak jsem ten avenger udělal ještě jednou a vyšlo to
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\prxsmttp
*******************
Script file located at: \??\C:\ccwhrajs.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Kamil\Nabídka Start\Programy\Po spuštění\ctfmon.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\prxsmttp
*******************
Script file located at: \??\C:\ccwhrajs.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Kamil\Nabídka Start\Programy\Po spuštění\ctfmon.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
combo + hijack
ComboFix 07-09-08.8 - "Kamil" 2007-09-09 12:54:49.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.710 [GMT 2:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-09-08 22:27 147,968 --a------ C:\WINDOWS\R.COM
2007-09-08 22:27 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-09-08 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-08-31 16:05 <DIR> dr-hs---- C:\Recycled
2007-08-26 20:17 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-26 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\NCH Swift Sound
2007-08-26 13:12 <DIR> d-------- C:\Program Files\Mp3 Knife
2007-08-24 14:13 <DIR> d-------- C:\DOCUME~1\Kamil\Phone Browser
2007-08-24 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PC Suite
2007-08-24 14:04 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-24 14:04 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-24 14:04 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-24 14:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-24 14:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-24 14:04 <DIR> d-------- C:\Program Files\DIFX
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-24 14:03 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-08-24 14:03 <DIR> d-------- C:\Program Files\Nokia
2007-08-24 14:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-27 13:04 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-12 13:35 --------- d-------- C:\Program Files\ICQLite
2007-07-21 19:15 --------- d-------- C:\Program Files\QIP
2007-07-21 17:16 298576 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-21 17:16 180224 --a------ C:\WINDOWS\system32\imon.dll
2007-07-21 17:16 114688 --a------ C:\WINDOWS\system32\nms32.dll
2007-07-21 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 14:32 --------- d-------- C:\Program Files\KYE
2007-07-21 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-07-21 12:40 --------- d-------- C:\Program Files\Trend Micro
2007-07-18 13:58 --------- d-------- C:\Program Files\Codec Pack - All In 1
2007-07-17 14:49 --------- d-------- C:\Program Files\Lavasoft
2007-07-17 14:49 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 14:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-17 12:07 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 09:47 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-29 21:29]
"nwiz"="nwiz.exe" [2004-04-29 21:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-29 21:29]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"mouseElf"="C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 14:21]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-10-02 18:30]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 genmcmn;Genius NetScroll Optical Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S0 qyonupco;qyonupco;C:\WINDOWS\system32\drivers\gxwjechb.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
.
Contents of the 'Scheduled Tasks' folder
"2007-05-01 19:20:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 12:55:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-09 12:56:16
C:\ComboFix-quarantined-files.txt ... 2007-09-09 12:56
C:\ComboFix2.txt ... 2007-09-08 21:16
C:\ComboFix3.txt ... 2007-09-08 17:59
.
--- E O F ---
________
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:18, on 9.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46DDDE7-AD09-4921-9C03-953EE3FBEA6F}: NameServer = 172.27.12.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5392 bytes
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.710 [GMT 2:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-09-08 22:29 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-09-08 22:27 147,968 --a------ C:\WINDOWS\R.COM
2007-09-08 22:27 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-09-08 17:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-08-31 16:05 <DIR> dr-hs---- C:\Recycled
2007-08-26 20:17 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-26 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\NCH Swift Sound
2007-08-26 13:12 <DIR> d-------- C:\Program Files\Mp3 Knife
2007-08-24 14:13 <DIR> d-------- C:\DOCUME~1\Kamil\Phone Browser
2007-08-24 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PC Suite
2007-08-24 14:04 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-24 14:04 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-24 14:04 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-24 14:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-24 14:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-24 14:04 <DIR> d-------- C:\Program Files\DIFX
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-24 14:03 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-08-24 14:03 <DIR> d-------- C:\Program Files\Nokia
2007-08-24 14:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-27 13:04 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-12 13:35 --------- d-------- C:\Program Files\ICQLite
2007-07-21 19:15 --------- d-------- C:\Program Files\QIP
2007-07-21 17:16 298576 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-21 17:16 180224 --a------ C:\WINDOWS\system32\imon.dll
2007-07-21 17:16 114688 --a------ C:\WINDOWS\system32\nms32.dll
2007-07-21 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 14:32 --------- d-------- C:\Program Files\KYE
2007-07-21 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-07-21 12:40 --------- d-------- C:\Program Files\Trend Micro
2007-07-18 13:58 --------- d-------- C:\Program Files\Codec Pack - All In 1
2007-07-17 14:49 --------- d-------- C:\Program Files\Lavasoft
2007-07-17 14:49 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 14:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-17 12:07 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 09:47 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-29 21:29]
"nwiz"="nwiz.exe" [2004-04-29 21:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-29 21:29]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"mouseElf"="C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 14:21]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-10-02 18:30]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 genmcmn;Genius NetScroll Optical Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S0 qyonupco;qyonupco;C:\WINDOWS\system32\drivers\gxwjechb.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
.
Contents of the 'Scheduled Tasks' folder
"2007-05-01 19:20:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 12:55:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-09 12:56:16
C:\ComboFix-quarantined-files.txt ... 2007-09-09 12:56
C:\ComboFix2.txt ... 2007-09-08 21:16
C:\ComboFix3.txt ... 2007-09-08 17:59
.
--- E O F ---
________
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:18, on 9.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46DDDE7-AD09-4921-9C03-953EE3FBEA6F}: NameServer = 172.27.12.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5392 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
K Mwav:
Stáhni si a použij: CCleaner (Čistič a Problémy) případně můžeš také i RegCleaner
* * * * * * * * * * * * * * * *
Log z HJT je v pořádku a Combofix také vypadá dobře.
* * * * * * * * * * * * * * * *
Pro jistotu si stáhni tento program: Flash Disinfector
Připoj k PC tu flešku co se mapuje na F a spusť ho.
* * * * * * * * * * * * * * * *
Stáhni si spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.
Mělo by to být v pořádku, ale zkus když tak za den dva sem dát pro jistotu nový log z Combofix.
Poznámka:
Pokud mwav nezkontroloval celý disk C tak si ulož prosím tě na disk C ten skript co se používal na disku F a spusť ho a dej sem ten log, který se ukáže.
Stáhni si a použij: CCleaner (Čistič a Problémy) případně můžeš také i RegCleaner
* * * * * * * * * * * * * * * *
Log z HJT je v pořádku a Combofix také vypadá dobře.
* * * * * * * * * * * * * * * *
Pro jistotu si stáhni tento program: Flash Disinfector
Připoj k PC tu flešku co se mapuje na F a spusť ho.
* * * * * * * * * * * * * * * *
Stáhni si spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.
Mělo by to být v pořádku, ale zkus když tak za den dva sem dát pro jistotu nový log z Combofix.
Poznámka:
Pokud mwav nezkontroloval celý disk C tak si ulož prosím tě na disk C ten skript co se používal na disku F a spusť ho a dej sem ten log, který se ukáže.
oukej...
domluveno tak třeba ve středu to bude vše, tak se kdyžtak mrkni 
díky za všechno
ten soubor z C:\
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 88CF-E647.
Věpis adres ýe C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Věpis adres ýe C:\Recycled\Recycled
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Věpis adres ýe C:\WINDOWS\$NtServicePackUninstall$
20.09.2002 20:05 13˙312 ctfmon.exe
1 soubor…, 13˙312 bajt…
Věpis adres ýe C:\WINDOWS\ServicePackFiles\i386
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Věpis adres ýe C:\WINDOWS\system32
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Poźet soubor… v seznamu:
5 soubor…, 84˙992 bajt…
Adres ý…: 0, Volněch bajt…: 33˙263˙583˙232
díky za všechno
ten soubor z C:\
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 88CF-E647.
Věpis adres ýe C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Věpis adres ýe C:\Recycled\Recycled
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Věpis adres ýe C:\WINDOWS\$NtServicePackUninstall$
20.09.2002 20:05 13˙312 ctfmon.exe
1 soubor…, 13˙312 bajt…
Věpis adres ýe C:\WINDOWS\ServicePackFiles\i386
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Věpis adres ýe C:\WINDOWS\system32
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Poźet soubor… v seznamu:
5 soubor…, 84˙992 bajt…
Adres ý…: 0, Volněch bajt…: 33˙263˙583˙232
ta pitomá fleška
udělal jsem ten flash cleaner a stejně to napsalo
Svazek v jednotce F nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je D862-D57E.
Věpis adres ýe F:\Recycled
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Poźet soubor… v seznamu:
1 soubor…, 20˙480 bajt…
Adres ý…: 0, Volněch bajt…: 483˙385˙344
Svazek v jednotce F nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je D862-D57E.
Věpis adres ýe F:\Recycled
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Poźet soubor… v seznamu:
1 soubor…, 20˙480 bajt…
Adres ý…: 0, Volněch bajt…: 483˙385˙344
tak jo no...
ta fleška prostě nechce 
marná snaha
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hestceqb
*******************
Script file located at: \??\C:\WINDOWS\system32\tdiebqxn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Kamil\Nabídka Start\Programy\Po spuštění\ctfmon.exe deleted successfully.
File C:\Recycled\Recycled\ctfmon.exe deleted successfully.
Could not open file F:\Recycled\ctfmon.exe for deletion
Deletion of file F:\Recycled\ctfmon.exe failed!
Could not process line:
F:\Recycled\ctfmon.exe
Status: 0xc000003a
Completed script processing.
*******************
Finished! Terminate.
marná snaha
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hestceqb
*******************
Script file located at: \??\C:\WINDOWS\system32\tdiebqxn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Kamil\Nabídka Start\Programy\Po spuštění\ctfmon.exe deleted successfully.
File C:\Recycled\Recycled\ctfmon.exe deleted successfully.
Could not open file F:\Recycled\ctfmon.exe for deletion
Deletion of file F:\Recycled\ctfmon.exe failed!
Could not process line:
F:\Recycled\ctfmon.exe
Status: 0xc000003a
Completed script processing.
*******************
Finished! Terminate.
a novej ten skript
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je 88CF-E647.
Věpis adres ýe C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Věpis adres ýe C:\WINDOWS\$NtServicePackUninstall$
20.09.2002 20:05 13˙312 ctfmon.exe
1 soubor…, 13˙312 bajt…
Věpis adres ýe C:\WINDOWS\ServicePackFiles\i386
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Věpis adres ýe C:\WINDOWS\system32
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Poźet soubor… v seznamu:
4 soubor…, 64˙512 bajt…
Adres ý…: 0, Volněch bajt…: 32˙875˙835˙392
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:04, on 10.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46DDDE7-AD09-4921-9C03-953EE3FBEA6F}: NameServer = 172.27.12.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5367 bytes
combo:
ComboFix 07-09-08.8 - "Kamil" 2007-09-10 18:26:55.4 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.701 [GMT 2:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-10 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 16:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-09-09 22:05 147,968 --a------ C:\WINDOWS\R.COM
2007-09-09 22:05 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-09-09 20:33 <DIR> d-------- C:\Program Files\RegCleaner
2007-09-09 19:55 <DIR> d-------- C:\Program Files\CCleaner
2007-09-09 19:24 <DIR> drahs---- C:\autorun.inf
2007-08-31 16:05 <DIR> dr-hs---- C:\Recycled
2007-08-26 20:17 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-26 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\NCH Swift Sound
2007-08-26 13:12 <DIR> d-------- C:\Program Files\Mp3 Knife
2007-08-24 14:13 <DIR> d-------- C:\DOCUME~1\Kamil\Phone Browser
2007-08-24 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PC Suite
2007-08-24 14:04 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-24 14:04 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-24 14:04 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-24 14:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-24 14:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-24 14:04 <DIR> d-------- C:\Program Files\DIFX
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-24 14:03 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-08-24 14:03 <DIR> d-------- C:\Program Files\Nokia
2007-08-24 14:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-27 13:04 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-12 13:35 --------- d-------- C:\Program Files\ICQLite
2007-07-21 19:15 --------- d-------- C:\Program Files\QIP
2007-07-21 17:16 298576 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-21 17:16 180224 --a------ C:\WINDOWS\system32\imon.dll
2007-07-21 17:16 114688 --a------ C:\WINDOWS\system32\nms32.dll
2007-07-21 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 14:32 --------- d-------- C:\Program Files\KYE
2007-07-21 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-07-21 12:40 --------- d-------- C:\Program Files\Trend Micro
2007-07-18 13:58 --------- d-------- C:\Program Files\Codec Pack - All In 1
2007-07-17 14:49 --------- d-------- C:\Program Files\Lavasoft
2007-07-17 14:49 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 14:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-17 12:07 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 09:47 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-29 21:29]
"nwiz"="nwiz.exe" [2004-04-29 21:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-29 21:29]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"mouseElf"="C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 14:21]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-10-02 18:30]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 genmcmn;Genius NetScroll Optical Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 qyonupco;qyonupco;C:\WINDOWS\system32\drivers\gxwjechb.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56590217-c1d0-11db-9347-0011092c8e7c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- F:\Recycled\ctfmon.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-05-01 19:20:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 18:27:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 18:28:05
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:27
.
--- E O F ---
S‚riov‚ źˇslo svazku je 88CF-E647.
Věpis adres ýe C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ
27.06.2006 11:06 20˙480 ctfmon.exe
1 soubor…, 20˙480 bajt…
Věpis adres ýe C:\WINDOWS\$NtServicePackUninstall$
20.09.2002 20:05 13˙312 ctfmon.exe
1 soubor…, 13˙312 bajt…
Věpis adres ýe C:\WINDOWS\ServicePackFiles\i386
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Věpis adres ýe C:\WINDOWS\system32
17.08.2004 15:49 15˙360 ctfmon.exe
1 soubor…, 15˙360 bajt…
Poźet soubor… v seznamu:
4 soubor…, 64˙512 bajt…
Adres ý…: 0, Volněch bajt…: 32˙875˙835˙392
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:04, on 10.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu26\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A46DDDE7-AD09-4921-9C03-953EE3FBEA6F}: NameServer = 172.27.12.254
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5367 bytes
combo:
ComboFix 07-09-08.8 - "Kamil" 2007-09-10 18:26:55.4 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.701 [GMT 2:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-10 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 16:55 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-09-09 22:05 147,968 --a------ C:\WINDOWS\R.COM
2007-09-09 22:05 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-09-09 20:33 <DIR> d-------- C:\Program Files\RegCleaner
2007-09-09 19:55 <DIR> d-------- C:\Program Files\CCleaner
2007-09-09 19:24 <DIR> drahs---- C:\autorun.inf
2007-08-31 16:05 <DIR> dr-hs---- C:\Recycled
2007-08-26 20:17 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-08-26 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\NCH Swift Sound
2007-08-26 13:12 <DIR> d-------- C:\Program Files\Mp3 Knife
2007-08-24 14:13 <DIR> d-------- C:\DOCUME~1\Kamil\Phone Browser
2007-08-24 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\PC Suite
2007-08-24 14:04 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-24 14:04 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-24 14:04 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-24 14:04 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-24 14:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-24 14:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-24 14:04 <DIR> d-------- C:\Program Files\DIFX
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-08-24 14:04 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-08-24 14:03 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-08-24 14:03 <DIR> d-------- C:\Program Files\Nokia
2007-08-24 14:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-27 13:04 --------- d-------- C:\Program Files\NCH Swift Sound
2007-08-12 13:35 --------- d-------- C:\Program Files\ICQLite
2007-07-21 19:15 --------- d-------- C:\Program Files\QIP
2007-07-21 17:16 298576 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-07-21 17:16 180224 --a------ C:\WINDOWS\system32\imon.dll
2007-07-21 17:16 114688 --a------ C:\WINDOWS\system32\nms32.dll
2007-07-21 14:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 14:32 --------- d-------- C:\Program Files\KYE
2007-07-21 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-07-21 12:40 --------- d-------- C:\Program Files\Trend Micro
2007-07-18 13:58 --------- d-------- C:\Program Files\Codec Pack - All In 1
2007-07-17 14:49 --------- d-------- C:\Program Files\Lavasoft
2007-07-17 14:49 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 14:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-17 12:07 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 09:47 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-29 21:29]
"nwiz"="nwiz.exe" [2004-04-29 21:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-29 21:29]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"mouseElf"="C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 14:21]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-10-02 18:30]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 genmcmn;Genius NetScroll Optical Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 qyonupco;qyonupco;C:\WINDOWS\system32\drivers\gxwjechb.sys
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56590217-c1d0-11db-9347-0011092c8e7c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- F:\Recycled\ctfmon.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-05-01 19:20:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 18:27:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-10 18:28:05
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:27
.
--- E O F ---
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 90 hostů