samovolné odosielanie mailov

Problematika virů a antivirů, zabezpečení PC - firewall, spyware, atd.
Odpovědět
jansimo
Nováček
Nováček
Uživatelský avatar
Registrován: 06. čer 2007

samovolné odosielanie mailov

Příspěvek od jansimo »

prosim o pomoc
pocitac samovolne odosiela maily indikuje mi to kontrola mailov v avaste
dekuji

posilam log s hijack
Logfile of HijackThis v1.99.1
Scan saved at 14:23:09, on 22.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\program files\microcom\adsl deskporte usb\CnxDslTb.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\hijackthis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=062707 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B2FE6AA-664A-4DD2-A46F-1DA7E9D36BA0}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Nahoru
likc
Začátečník
Začátečník
Registrován: 30. čer 2006

Příspěvek od likc »

V logu jsou jen nejaky drobnosti. Nic, co by to melo zapricinovat. Projed PC MWAVem a uvidime.
A bezi Ti spybot a spyware terminator naraz, to nedela moc dobrotu.
Nahoru
jansimo
Nováček
Nováček
Uživatelský avatar
Registrován: 06. čer 2007

Příspěvek od jansimo »

posilam log z mwav
spzbot vypnu
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tencent qq Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ultimate defender Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "zlob Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "savenow Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.EU.14" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.EU.14" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\KMPlayer.kpl" refers to invalid object "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Action Taken: No Action Taken.
Entry "HKCR\KMPlayer.ksf" refers to invalid object "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.FormatArray" refers to invalid object "{43FF2CB2-1696-4908-A48B-4D86D3B6F80E}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.FormatArray.1" refers to invalid object "{43FF2CB2-1696-4908-A48B-4D86D3B6F80E}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.MidView" refers to invalid object "{DF81C0D2-829E-4E65-B7A3-1D43E4127A98}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.MidView.1" refers to invalid object "{DF81C0D2-829E-4E65-B7A3-1D43E4127A98}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.Translator" refers to invalid object "{9EBF84C3-BEE8-4cba-8BCD-E831EC22F2AA}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.Translator.1" refers to invalid object "{9EBF84C3-BEE8-4cba-8BCD-E831EC22F2AA}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.Translator2" refers to invalid object "{F449EDFD-590E-4f4c-B41E-FA69EC05FF79}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.Translator2.1" refers to invalid object "{F449EDFD-590E-4f4c-B41E-FA69EC05FF79}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.TxtWords" refers to invalid object "{8BAFE568-6FC1-430B-83C5-A6CFD906E6C2}". Action Taken: No Action Taken.
Entry "HKCR\TrnCOM.TxtWords.1" refers to invalid object "{8BAFE568-6FC1-430B-83C5-A6CFD906E6C2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Sony Ericsson\Mobile4\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Sony Ericsson\Mobile4\InstSupport\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Opera\program\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Opera\program\plugins\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ax". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bin". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ex_". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".hdr". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".inx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".phtml". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sis". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ZZZ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Thunderbird (1.5.0.10)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Winamp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4EFF8DED-380B-4530-9D4E-DB67DA3E71D2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}". Action Taken: No Action Taken.
Nahoru
rary
Začátečník
Začátečník
Registrován: 20. čer 2006

Příspěvek od rary »

MWAV je taky ok.
Takže udělej toto:
Stáhni si combofix
a spusť ho.Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)

Musíš mít účet administrátora aby ti fungoval combofix.
Nahoru
jansimo
Nováček
Nováček
Uživatelský avatar
Registrován: 06. čer 2007

Příspěvek od jansimo »

log s comboscanu
combofix jsem nenašel

ComboScan v20070306.20 run by PC on 2007-06-22 at 20:19:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
24: 2007-06-22 18:19:35 UTC - RP24 - ComboScan Restore Point
23: 2007-06-22 17:58:13 UTC - RP23 - Nainštalovaný Nero 7 Demo
22: 2007-06-22 17:42:53 UTC - RP22 - Odebráno: Nero 7 Demo
21: 2007-06-22 09:24:58 UTC - RP21 - Kontrolný bod systému
20: 2007-06-20 18:01:33 UTC - RP20 - Kontrolný bod systému


-- First Restore Point --
1: 2007-06-09 21:32:38 UTC - RP1 - Kontrolný bod systému


Performed disk cleanup.


-- HijackThis (run as PC.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:19:42, on 22.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\program files\microcom\adsl deskporte usb\CnxDslTb.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\PC\LOCALS~1\Temp\Rar$EX00.500\comboscan.exe
C:\DOCUME~1\PC\Desktop\PC.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=062707 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
3R ADIDTSFiltService (ADI DTS Filter Service) - C:\WINDOWS\system32\drivers\adidts.sys
3R ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\ADIHdAud.sys
3R AEAudio (AE Audio Service) - C:\WINDOWS\system32\drivers\aeaudio.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
3S BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys
3S BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys
3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys
3S BthEnum (Bluetooth Request Block Driver) - C:\WINDOWS\system32\drivers\bthenum.sys
3S BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys
0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys
3S BTHPORT (Bluetooth Port Driver) - C:\WINDOWS\system32\drivers\bthport.sys
3S BTHUSB (Bluetooth Radio USB Driver) - C:\WINDOWS\system32\drivers\BTHUSB.SYS
3S BTNetFilter (Bluetooth Network Filter) - C:\WINDOWS\system32\drivers\BTNetFilter.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R CnxEtP (Conexant AccessRunner USB ADSL Adapter Filter Driver) - C:\WINDOWS\system32\drivers\CnxEtP.sys
3R CnxEtU (Conexant AccessRunner USB ADSL Interface Device Driver) - C:\WINDOWS\system32\drivers\CnxEtU.sys
3R CnxTgNP (Conexant AccessRunner ADSL WAN PPPoE Adapter Driver) - C:\WINDOWS\system32\drivers\CnxTgNP.sys
3S ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
2R CX23880 (WinFast CX2388x WDM Video Capture.) - C:\WINDOWS\system32\drivers\cx88vid.sys
2R CXAVXBAR (WinFast CX2388x WDM Crossbar.) - C:\WINDOWS\system32\drivers\cxavxbar.sys
2R CXTUNE (WinFast CX2388x WDM TVTuner.) - C:\WINDOWS\system32\drivers\cx88tune.sys
3S ENTECH - C:\WINDOWS\system32\drivers\Entech.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys
3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
4S InCDFs (InCD File System) - C:\WINDOWS\system32\drivers\InCDFs.sys (not found)
1S InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys (not found)
1S InCDRm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys (not found)
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
0R JGOGO (JMicron Hot-Plug Driver) - C:\WINDOWS\system32\drivers\JGOGO.sys
0R JRAID - C:\WINDOWS\system32\drivers\jraid.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys
3R LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys
3S mcdbus (Driver for MagicISO SCSI Host Controller) - C:\WINDOWS\system32\DRIVERS\mcdbus.sys (not found)
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3R MTsensor (ATK0110 ACPI UTILITY) - C:\WINDOWS\system32\drivers\ASACPI.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys
3S P17 (Sound Blaster Audigy) - C:\WINDOWS\system32\drivers\P17.sys (not found)
3R pepifilter (Volume Adapter) - C:\WINDOWS\system32\drivers\lv302af.sys
3R PID_PEPI (Logitech QuickCam IM(PID_PEPI)) - C:\WINDOWS\system32\drivers\LV302V32.SYS
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
0R sfdrv01a (StarForce Protection Environment Driver (version 1.x.a)) - C:\WINDOWS\system32\drivers\sfdrv01a.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - C:\WINDOWS\system32\drivers\sfsync04.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
1R sp_rsdrv2 (Spyware Terminator Driver 2) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R ULCDRHlp - C:\WINDOWS\system32\drivers\ULCDRHlp.sys
3R usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R vax347b - C:\WINDOWS\system32\drivers\vax347b.sys
0R vax347s - C:\WINDOWS\system32\drivers\vax347s.sys
3S VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys
3S VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys
3S WFIOCTL - C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS (not found)
4S WS2IFSL (Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - C:\WINDOWS\system32\drivers\yk51x86.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R sp_rssrv (Spyware Terminator Realtime Shield Service) - C:\Program Files\Spyware Terminator\sp_rsser.exe
2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
2R UleadBurningHelper (Ulead Burning Helper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-06-17 13:30:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-05-22 and 2007-06-22 -----------------------------

2007-06-15 18:37:41 0 d-------- C:\Program Files\THQ
2007-06-13 16:15:17 0 d-------- C:\Program Files\Hamachi
2007-06-10 22:12:47 146 --a------ C:\WINDOWS\DelMR.bat
2007-06-10 21:30:47 0 d-------- C:\Program Files\Common Files\soft602
2007-06-10 21:30:44 0 d-------- C:\Program Files\Software602<SOFTWA~1>
2007-06-09 21:47:11 0 d-------- C:\WFDB
2007-06-09 21:32:25 9728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys
2007-06-09 21:32:25 162944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys
2007-06-09 21:32:25 50816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys
2007-06-09 20:49:33 420240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-09 20:49:05 0 d-------- C:\Program Files\Ulead Systems<ULEADS~1>
2007-06-07 18:43:12 0 d-------- C:\Documents and Settings\PC\Application Data\Opera
2007-06-07 18:43:05 0 d-------- C:\Program Files\Opera
2007-06-07 10:38:45 0 d-------- C:\avenger
2007-06-07 10:26:15 0 d-------- C:\Program Files\Ultimate Defender<ULTIMA~1>
2007-06-07 07:50:38 0 d-a------ C:\WINDOWS\zts2.exe
2007-06-07 07:50:38 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-07 07:50:38 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-07 07:50:38 0 d-a------ C:\WINDOWS\rundll16.exe
2007-06-07 07:50:38 0 d-a------ C:\WINDOWS\rundl132.dll
2007-06-07 07:50:38 0 d-a------ C:\WINDOWS\logo1_.exe
2007-06-07 07:48:36 135680 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-06-07 07:48:36 135680 --a------ C:\WINDOWS\system32\T.COM
2007-06-07 07:48:35 146432 --a------ C:\WINDOWS\REGEDIT.COM
2007-06-07 07:48:35 146432 --a------ C:\WINDOWS\R.COM
2007-06-07 07:29:29 0 d-------- C:\Program Files\CCleaner
2007-06-06 21:22:41 0 d-------- C:\!KillBox
2007-06-06 20:24:51 1040384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 20:23:26 196608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 19:44:35 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-06-06 14:16:04 0 d--h----- C:\WINDOWS\PIF
2007-06-04 21:31:44 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2007-06-04 21:18:35 0 d-------- C:\WinFast WorkArea<WINFAS~1>
2007-06-04 21:18:03 0 d-------- C:\Program Files\WinFast
2007-06-04 20:17:21 0 d-------- C:\Program Files\ChrisTV Lite<CHRIST~1>
2007-05-30 15:23:54 0 d-------- C:\Program Files\OLcrypt
2007-05-29 11:04:54 0 d-------- C:\Program Files\McAfee
2007-05-29 11:04:54 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-05-29 11:04:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator<SPYWAR~1>
2007-05-29 11:04:50 0 d-------- C:\Program Files\Common Files\Skype
2007-05-28 19:30:19 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-28 19:30:18 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-28 19:30:18 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-28 19:30:17 95872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-28 19:30:16 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-28 19:30:16 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-28 19:30:12 745600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-28 18:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-05-28 11:04:30 138368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys<SP_RSD~1.SYS>
2007-05-28 10:38:58 0 d-------- C:\Documents and Settings\PC\Application Data\Spyware Terminator<SPYWAR~1>
2007-05-28 10:38:55 0 d-------- C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-05-28 10:13:49 34 --a------ C:\WINDOWS\system32\rnplf12.dll
2007-05-28 10:12:10 368912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-05-28 10:12:10 0 d-------- C:\Program Files\Spy Cleaner Gold Trial<SPYCLE~1>
2007-05-26 13:46:00 356352 --a------ C:\WINDOWS\eSellerateEngine.dll<ESELLE~1.DLL>
2007-05-26 13:05:04 67860 --a------ C:\WINDOWS\system32\xpdt.sys
2007-05-26 12:21:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-26 12:21:31 0 d-------- C:\Program Files\Deskshare<DESKSH~1>
2007-05-25 23:03:01 0 d-------- C:\Program Files\Biromsoft<BIROMS~1>
2007-05-25 22:20:00 0 d-------- C:\Program Files\webcamXP
2007-05-23 14:15:20 0 d-------- C:\Program Files\Logitech
2007-05-23 13:43:02 53248 -ra------ C:\WINDOWS\system32\InstMed.exe


-- Find3M Report ---------------------------------------------------------------

2007-06-22 19:58:18 0 d-------- C:\Program Files\Common Files\Ahead
2007-06-22 19:54:16 0 d-------- C:\Documents and Settings\PC\Application Data\uTorrent
2007-06-22 19:48:24 0 d-------- C:\Documents and Settings\PC\Application Data\Skype
2007-06-22 18:16:34 0 d-------- C:\Program Files\Warcraft III<WARCRA~1>
2007-06-22 17:36:51 0 d-------- C:\Documents and Settings\PC\Application Data\Hamachi
2007-06-21 12:18:16 0 d-------- C:\Program Files\The KMPlayer<THEKMP~1>
2007-06-21 11:53:19 0 d-------- C:\Program Files\Crystal Player<CRYSTA~1>
2007-06-18 11:07:47 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-06-14 10:54:51 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-06-10 22:20:54 0 d-------- C:\Program Files\Google
2007-06-10 22:16:10 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-06-10 22:14:14 0 d-------- C:\Program Files\Common Files\Real
2007-06-10 22:14:13 0 d-------- C:\Documents and Settings\PC\Application Data\Real
2007-06-10 22:12:59 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1>
2007-06-10 22:12:53 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1>
2007-06-10 22:10:04 0 d-------- C:\Program Files\Free Windows Registry Cleaner<FREEWI~1>
2007-06-09 20:49:04 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1>
2007-06-05 15:08:00 0 d-------- C:\Program Files\ICQToolbar<ICQTOO~1>
2007-05-29 11:04:51 0 d-------- C:\Program Files\Skype
2007-05-29 11:04:44 0 d-------- C:\Program Files\MagicDisc<MAGICD~1>
2007-05-29 11:04:02 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-05-28 11:03:23 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-05-26 13:04:53 0 d-------- C:\Program Files\uTorrent
2007-05-23 10:09:57 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-05-20 10:08:02 0 d-------- C:\Documents and Settings\PC\Application Data\Apple Computer<APPLEC~1>
2007-05-19 20:50:36 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-05-19 20:47:20 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-05-19 13:58:35 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-05-19 13:58:09 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-05-18 14:43:10 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-05-17 14:38:44 491520 --a------ C:\WINDOWS\WebIE.dll
2007-05-17 14:38:43 294912 --a------ C:\WINDOWS\TrnWord.dll
2007-05-17 14:38:43 356352 --a------ C:\WINDOWS\TrnOutl.dll
2007-05-17 14:38:43 45056 --a------ C:\WINDOWS\TRNOEH.DLL
2007-05-17 14:36:49 516096 --a------ C:\WINDOWS\UN32.EXE
2007-05-16 22:11:37 0 d-------- C:\Program Files\Common Files\Logitech
2007-05-16 17:12:02 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-14 19:47:48 0 d-------- C:\Program Files\moreTunes<MORETU~1>
2007-05-11 18:54:37 0 d-------- C:\Program Files\ICQ6
2007-05-08 17:42:05 23584 --a------ C:\Documents and Settings\PC\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-05-05 22:56:51 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-05-01 14:46:16 63011 --a------ C:\WINDOWS\War3Unin.dat
2007-05-01 14:43:42 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-01 14:43:42 139264 --a------ C:\WINDOWS\War3Unin.exe
2007-04-26 19:32:46 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer<DAEMON~2>
2007-04-25 18:15:37 0 d-------- C:\Program Files\LittleFighter2<LITTLE~1>
2007-04-25 16:21:15 144896 --a------ C:\WINDOWS\system32\schannel.dll
2007-04-24 22:04:28 0 d-------- C:\Program Files\Codec Pack - All In 1<CODECP~1>
2007-04-24 22:04:14 737280 --a------ C:\WINDOWS\iun6002.exe
2007-04-24 19:12:33 0 d-------- C:\Documents and Settings\PC\Application Data\Adobe
2007-04-24 19:11:55 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-23 15:45:05 0 d-------- C:\Program Files\ICQLite
2007-04-18 18:14:43 2854400 --a------ C:\WINDOWS\system32\msi.dll
2007-04-16 22:47:36 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-04-16 22:45:54 1710936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-16 22:45:48 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-16 22:45:42 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-16 22:45:36 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-16 22:45:28 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-04-16 22:45:20 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-16 22:45:20 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-11 20:05:45 12408 --a------ C:\WINDOWS\W3DemoUnin.dat<W3DEMO~1.DAT>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033 -noicon"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"JMB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"CorelDRAW Graphics Suite 11b"="C:\\Program Files\\Corel\\Corel Graphics 12\\Languages\\EN\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=062707 serial=DR12WEX-1504397-KTY lang=EN"
"CnxDslTaskBar"="\"c:\\program files\\microcom\\adsl deskporte usb\\CnxDslTb.exe\" \"Microcom\\ADSL DeskPorte USB\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Drag'n Drop CD+DVD"="C:\\Program Files\\Drag'n Drop CD+DVD\\BinFiles\\DragDrop.exe /StartUp"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"WinFastDTV"="C:\\Program Files\\WinFast\\WFDTV\\DTVSchdl.exe"
"WinFast Schedule"="C:\\Program Files\\WinFast\\WFDTV\\WFWIZ.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"="C:\\Program Files\\Common Files\\logishrd\\WUApp32.exe -v 0x046d -p 0x08ae -f video -m logitech -d 10.5.1.2023"
"IETI"="C:\\Program Files\\Skype\\Phone\\IEPlugin\\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"="C:\\Program Files\\Common Files\\logishrd\\WUApp32.exe -v 0x046d -p 0x08ae -f video -m logitech -d 10.5.1.2023"
"IETI"="C:\\Program Files\\Skype\\Phone\\IEPlugin\\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Schedule



-- End of ComboScan: finished at 2007-06-22 at 20:20:33 ------------------------
Nahoru
Baron Prášil
Začátečník
Začátečník
Uživatelský avatar
Registrován: 08. čer 2006

Příspěvek od Baron Prášil »

použij avenger
http://www.viry.cz/forum/viewtopic.php?t=21484

a tento skript

Files to delete:
C:\WINDOWS\system32\TASKMGR.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\REGEDIT.COM
C:\WINDOWS\R.COM
C:\WINDOWS\system32\xpdt.sys
C:\WINDOWS\iun6002.exe

po restartu pošli log z Avengeru a log z combofixu

udělej log z Combofixu
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah
Nahoru
jansimo
Nováček
Nováček
Uživatelský avatar
Registrován: 06. čer 2007

Příspěvek od jansimo »

avenger mi vytvoril prázdny log po reštarte napísalo nemožno nájst log

log z combofixu
ComboFix 07-06-21.3 - C:\Documents and Settings\PC\Desktop\ComboFix.exe
"PC" - 2007-06-23 10:18:32 - Service Pack 2 NTFS

Rootkit driver xpdt is present. ... attempting disinfection
xpdt ...... driver unloaded successfully.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\PC\APPLIC~1\Install.dat
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\xpdt.sys


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 10:15 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 18:37 <DIR> d-------- C:\Program Files\THQ
2007-06-13 16:15 <DIR> d-------- C:\Program Files\Hamachi
2007-06-10 22:12 146 --a------ C:\WINDOWS\DelMR.bat
2007-06-10 21:30 <DIR> d-------- C:\Program Files\Software602
2007-06-10 21:30 <DIR> d-------- C:\Program Files\Common Files\soft602
2007-06-09 21:47 <DIR> d-------- C:\WFDB
2007-06-09 21:32 9,728 --a------ C:\WINDOWS\system32\drivers\cxavxbar.sys
2007-06-09 21:32 50,816 --a------ C:\WINDOWS\system32\drivers\cx88tune.sys
2007-06-09 21:32 162,944 --a------ C:\WINDOWS\system32\drivers\cx88vid.sys
2007-06-09 20:49 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-09 20:49 <DIR> d-------- C:\Program Files\Ulead Systems
2007-06-07 18:43 <DIR> d-------- C:\Program Files\Opera
2007-06-07 18:43 <DIR> d-------- C:\DOCUME~1\PC\APPLIC~1\Opera
2007-06-07 10:26 <DIR> d-------- C:\Program Files\Ultimate Defender
2007-06-07 10:24 <DIR> d--hs---- C:\RECYCLER
2007-06-07 07:50 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-06-07 07:50 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-07 07:50 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-07 07:50 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-06-07 07:50 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-06-07 07:50 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-06-07 07:48 146,432 --a------ C:\WINDOWS\R.COM
2007-06-07 07:48 135,680 --a------ C:\WINDOWS\system32\T.COM
2007-06-07 07:29 <DIR> d-------- C:\Program Files\CCleaner
2007-06-06 21:22 <DIR> d-------- C:\!KillBox
2007-06-06 20:24 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 20:23 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 19:44 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-06-06 14:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-04 21:31 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2007-06-04 21:18 <DIR> d-------- C:\WinFast WorkArea
2007-06-04 21:18 <DIR> d-------- C:\Program Files\WinFast
2007-06-04 20:17 <DIR> d-------- C:\Program Files\ChrisTV Lite
2007-05-30 15:23 <DIR> d-------- C:\Program Files\OLcrypt
2007-05-29 11:04 <DIR> d-------- C:\Program Files\McAfee
2007-05-29 11:04 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-29 11:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-05-29 11:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-28 19:30 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-28 19:30 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-28 19:30 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-28 19:30 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-28 19:30 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-28 19:30 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-28 19:30 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-28 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-05-28 11:04 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-05-28 10:38 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-05-28 10:38 <DIR> d-------- C:\DOCUME~1\PC\APPLIC~1\Spyware Terminator
2007-05-28 10:13 34 --a------ C:\WINDOWS\system32\rnplf12.dll
2007-05-28 10:12 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-05-28 10:12 <DIR> d-------- C:\Program Files\Spy Cleaner Gold Trial
2007-05-26 13:46 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-05-26 12:21 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-26 12:21 <DIR> d-------- C:\Program Files\Deskshare
2007-05-25 23:03 <DIR> d-------- C:\Program Files\Biromsoft
2007-05-25 22:20 <DIR> d-------- C:\Program Files\webcamXP
2007-05-23 14:15 <DIR> d-------- C:\Program Files\Logitech
2007-05-23 13:43 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 21:46:46 -------- d-----w C:\DOCUME~1\PC\APPLIC~1\uTorrent
2007-06-22 17:58:18 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-22 17:48:24 -------- d-----w C:\DOCUME~1\PC\APPLIC~1\Skype
2007-06-22 16:16:34 -------- d-----w C:\Program Files\Warcraft III
2007-06-22 15:36:51 -------- d-----w C:\DOCUME~1\PC\APPLIC~1\Hamachi
2007-06-21 10:18:16 -------- d-----w C:\Program Files\The KMPlayer
2007-06-21 09:53:19 -------- d-----w C:\Program Files\Crystal Player
2007-06-14 08:54:51 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-13 14:15:17 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-10 20:20:54 -------- d-----w C:\Program Files\Google
2007-06-10 20:16:10 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-10 20:14:14 -------- d-----w C:\Program Files\Common Files\Real
2007-06-10 20:14:13 -------- d-----w C:\DOCUME~1\PC\APPLIC~1\Real
2007-06-10 20:12:59 -------- d-----w C:\Program Files\Sony Ericsson
2007-06-10 20:12:53 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-06-10 20:10:04 -------- d-----w C:\Program Files\Free Windows Registry Cleaner
2007-06-09 18:49:04 -------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-06-05 13:08:00 -------- d-----w C:\Program Files\ICQToolbar
2007-05-29 09:04:51 -------- d-----w C:\Program Files\Skype
2007-05-29 09:04:44 -------- d-----w C:\Program Files\MagicDisc
2007-05-29 09:04:02 -------- d-----w C:\Program Files\Common Files\LogiShrd
2007-05-28 09:03:23 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-26 11:04:53 -------- d-----w C:\Program Files\uTorrent
2007-05-23 08:09:57 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-20 08:08:02 -------- d-----w C:\DOCUME~1\PC\APPLIC~1\Apple Computer
2007-05-19 18:50:36 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-19 18:47:20 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-19 11:58:35 -------- d-----w C:\Program Files\QuickTime
2007-05-19 11:58:09 -------- d-----w C:\Program Files\Apple Software Update
2007-05-18 12:43:10 -------- d-----w C:\Program Files\Electronic Arts
2007-05-17 12:38:44 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-05-17 12:38:43 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-05-17 12:38:43 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-05-17 12:38:43 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-05-17 12:36:49 516,096 ----a-w C:\WINDOWS\UN32.EXE
2007-05-16 20:11:37 -------- d-----w C:\Program Files\Common Files\Logitech
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 17:47:48 -------- d-----w C:\Program Files\moreTunes
2007-05-11 16:54:37 -------- d-----w C:\Program Files\ICQ6
2007-05-08 15:42:05 23,584 ----a-w C:\DOCUME~1\PC\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-05 20:56:51 -------- d-----w C:\Program Files\DVD Shrink
2007-05-01 12:46:16 63,011 ----a-w C:\WINDOWS\War3Unin.dat
2007-05-01 12:43:42 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-05-01 12:43:42 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-04-26 17:32:46 -------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-04-26 17:29:37 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-25 16:15:37 -------- d-----w C:\Program Files\LittleFighter2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-24 20:04:28 -------- d-----w C:\Program Files\Codec Pack - All In 1
2007-04-24 20:04:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-04-23 13:45:05 -------- d-----w C:\Program Files\ICQLite
2007-04-18 16:14:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-11 18:05:45 12,408 ----a-w C:\WINDOWS\W3DemoUnin.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-18 13:14]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 08:22]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 15:26]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 14:00 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2004-06-23 01:15]
"CnxDslTaskBar"="c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" [2004-06-16 07:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2003-01-09 17:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ae -f video -m logitech -d 10.5.1.2023
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-17 11:30:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 10:21:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [2348]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-23 10:22:22
C:\ComboFix-quarantined-files.txt ... 2007-06-23 10:22

--- E O F ---
Nahoru
Baron Prášil
Začátečník
Začátečník
Uživatelský avatar
Registrován: 08. čer 2006

Příspěvek od Baron Prášil »

najdi a smaž
C:\WINDOWS\iun6002.exe
líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení

v přidat/odebrat programy odinstaluj
WhenUSave

toto
C:\WINDOWS\DelMR.bat
nech zkontrolovat tady
http://www.virustotal.com/flash/index_en.html

co ten problém?
Nahoru
jansimo
Nováček
Nováček
Uživatelský avatar
Registrován: 06. čer 2007

Příspěvek od jansimo »

ten problem zatím vyresen postu ted neodesíla
virus total nenasel nic
zatim dik.
Nahoru
Odpovědět

Zpět na „Viry, antiviry a bezpečnost“