I když je ping na seznam.cz pořád 14-15ms (ADSL) , kliknu na odkaz, nic se neděje, nereaguje, celé PC je zpomalené, po naistalování AVASTU pc ani nenajelo, v nouzi sem musel uniinstall. Zde je výpis:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Spajky at 2010-01-10 14:30:16
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 458 MB (5%) free of 8 GB
Total RAM: 1279 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:23, on 10.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\Spajky\wqu.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Motherboard Monitor 5\MBM5.EXE
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Weather Watcher\ww.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\QIP\qip.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Spajky\Plocha\RSIT.exe
F:\Down ff\Spajky.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\Documents and Settings\Spajky\wqu.exe \s
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [MBM 5] "D:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ewrb] D:\WINDOWS\system32\ewrb.exe \u
O4 - HKCU\..\Run: [WeatherWatcher] D:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [QIP2005] D:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WDDMStatus.lnk = D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - D:\Program Files\Firebird\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 10897 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2009-04-01 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-01 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-01 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"=D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"MBM 5"=D:\Program Files\Motherboard Monitor 5\MBM5.EXE [2004-06-12 594944]
"Logitech Utility"=D:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2006-03-09 86016]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-04-01 136600]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CTSysVol"=D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
"CTDVDDet"=D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]
"CTHelper"=D:\WINDOWS\system32\CTHELPER.EXE [2003-04-10 28672]
"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []
"TkBellExe"=D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-04-02 180269]
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
"ewrb"=D:\WINDOWS\system32\ewrb.exe [2010-01-08 58368]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"=D:\Program Files\Weather Watcher\ww.exe [2007-01-21 995328]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"RemoteCenter"=D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2002-11-21 135168]
"QIP2005"=D:\Program Files\QIP\qip.exe [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-12-16 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
D:\Program Files\BitComet\BitComet.exe [2006-09-15 3998208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
D:\WINDOWS\system32\CTHELPER.EXE [2003-04-10 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
D:\PROGRA~1\DAP\DAP.EXE [2005-03-27 2487296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBS]
D:\Program Files\IBS expert\TAXexpert 3 CZ\taxcheck.exe /verysilent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
D:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
D:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
D:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
D:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
D:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe [2006-05-07 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
D:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2002-11-21 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
D:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-04-02 180269]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
D:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
F:\Test3\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Program Files\Winamp\winampa.exe [2004-12-20 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
D:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-07-12 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"OpenVPNService"=3
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2
"aspnet_state"=3
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
WDDMStatus.lnk - D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\mIRCczLite\mirc.exe"="D:\Program Files\mIRCczLite\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\ICQ\Icq.exe"="D:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"D:\Program Files\DC++\DCPlusPlus.exe"="D:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"D:\Program Files\DC++\StrongDC.exe"="D:\Program Files\DC++\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Program Files\Strong DC++\StrongDC.exe"="D:\Program Files\Strong DC++\StrongDC.exe:*:Enabled:StrongDC++"
"D:\Program Files\totalcmd\TOTALCMD.EXE"="D:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Program Files\InterVideo\DVD6\WinDVD.exe"="D:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\Program Files\DAP\DAP.exe"="D:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"G:\Hry\AoE2\empires2.exe"="G:\Hry\AoE2\empires2.exe:*:Enabled:Age of Empires II"
"G:\Hry\MRDKA\game.dat"="G:\Hry\MRDKA\game.dat:*:Enabled:game"
"D:\Program Files\Windows Media Player\wmplayer.exe"="D:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"G:\Test\UT2003\System\UT2003.exe"="G:\Test\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"G:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="G:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"G:\Hry\GENERALS\game.dat"="G:\Hry\GENERALS\game.dat:*:Enabled:game"
"G:\Hry\Vietcong\vietcong.exe"="G:\Hry\Vietcong\vietcong.exe:*:Enabled:vietcong"
"D:\WINDOWS\system32\dpnsvr.exe"="D:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Program Files\Miranda IM\miranda32.exe"="D:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"G:\Test6\LFS\LFS.exe"="G:\Test6\LFS\LFS.exe:*:Enabled:LFS"
"F:\Hry\RRT2\RT2_TSC.EXE"="F:\Hry\RRT2\RT2_TSC.EXE:*:Enabled:Railroad Tycoon II"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Test3\Warcraft III\war3.exe"="F:\Test3\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"F:\Hry\Stronghold Crusader\Stronghold Crusader.exe"="F:\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"D:\WINDOWS\system32\dplaysvr.exe"="D:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"F:\Hry\Worms2\frontend.exe"="F:\Hry\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend"
"F:\Hry\Worms Armageddon\WA.exe"="F:\Hry\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon"
"F:\Hry\RollerCoaster Tycoon\rct.exe"="F:\Hry\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"F:\Down ff\nhl_2002\nhl2002.exe"="F:\Down ff\nhl_2002\nhl2002.exe:*:Enabled:nhl2002"
"D:\Program Files\Hamachi\hamachi.exe"="D:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi Client"
"G:\Hry\Vietcong\vcded.exe"="G:\Hry\Vietcong\vcded.exe:*:Enabled:vcded"
"D:\WINDOWS\system32\wbu.exe"="D:\WINDOWS\system32\wbu.exe:*:Enabled:ENABLE"
"D:\WINDOWS\system32\ewrb.exe"="D:\WINDOWS\system32\ewrb.exe:*:Enabled:ENABLE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faa488ac-e303-11de-8f79-0050fc811d63}]
shell\AutoRun\command - "H:\WD SmartWare.exe" autoplay=true
======List of files/folders created in the last 1 months======
2010-01-10 14:30:16 ----D---- D:\rsit
2010-01-10 14:20:57 ----A---- D:\WINDOWS\ntbtlog.txt
2010-01-08 11:21:30 ----A---- D:\WINDOWS\system32\ewrb.exe
======List of files/folders modified in the last 1 months======
2010-01-10 14:30:20 ----D---- D:\WINDOWS\Prefetch
2010-01-10 14:29:51 ----AD---- D:\WINDOWS\temp
2010-01-10 14:29:29 ----D---- D:\Program Files\Weather Watcher
2010-01-10 14:29:00 ----D---- D:\Program Files\Mozilla Firefox
2010-01-10 14:26:40 ----D---- D:\WINDOWS
2010-01-10 14:23:34 ----D---- D:\WINDOWS\system32
2010-01-10 14:23:30 ----D---- D:\WINDOWS\system32\drivers
2010-01-10 14:06:33 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-01-10 13:18:59 ----D---- D:\WINDOWS\system32\CatRoot2
2010-01-10 13:10:59 ----D---- D:\Program Files\Garena
2010-01-09 15:54:20 ----A---- D:\WINDOWS\winamp.ini
2010-01-05 16:54:40 ----SD---- D:\WINDOWS\Tasks
2010-01-05 16:54:40 ----RD---- D:\Program Files
2010-01-05 16:49:04 ----D---- D:\WINDOWS\Minidump
2009-12-29 22:02:43 ----D---- D:\Program Files\DC++
2009-12-16 18:18:16 ----D---- D:\Program Files\QIP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; D:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 easdrv;easdrv; D:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 mbmiodrvr;mbmiodrvr; \??\D:\WINDOWS\system32\mbmiodrvr.sys []
R1 StarOpen;StarOpen; D:\WINDOWS\system32\drivers\StarOpen.sys [2009-10-14 5632]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; D:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616]
R2 eamon;EAMON; D:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 MaVctrl;MaVctrl; D:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2004-08-23 11089]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; D:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 PfModNT;PfModNT; \??\D:\WINDOWS\system32\PfModNT.sys []
R2 PStrip;PStrip; D:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992]
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ctac32k;Creative AC3 Software Decoder; D:\WINDOWS\System32\drivers\ctac32k.sys [2003-03-25 134656]
R3 ctaud2k;Creative Audio Driver (WDM); D:\WINDOWS\system32\drivers\ctaud2k.sys [2003-04-11 502160]
R3 ctgame;Game Port; D:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160]
R3 ctprxy2k;Creative Proxy Driver; D:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-03-25 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; D:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-03-25 135696]
R3 emupia;E-mu Plug-in Architecture Driver; D:\WINDOWS\System32\drivers\emupia2k.sys [2003-03-25 144736]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; D:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-04-03 850880]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-25 25280]
R3 hap16v2k;Creative P16V HAL Driver; D:\WINDOWS\System32\drivers\hap16v2k.sys [2003-04-01 142752]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LHidUsb;Logitech USB Receiver device driver; D:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; D:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-12-11 70894]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-09 3650368]
R3 ossrv;Creative OS Services Driver; D:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-25 190176]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 tap0801;TAP-Win32 Adapter V8; D:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; D:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-17 12416]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S2 BT848;WinFast TV2000 XP WDM Video Capture; D:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-04-12 69404]
S2 BTTUNER;bt848 tweaked WDM TvTuner; D:\WINDOWS\system32\drivers\BTTUNER.sys [2001-10-08 9187]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar; D:\WINDOWS\system32\drivers\BTXBAR.sys [2001-10-08 8193]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; D:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-04-12 34478]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; D:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-04-12 9804]
S3 61883;61883 Unit Device; D:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ASAPIW2k;ASAPIW2K; D:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
S3 Avc;AVC Device; D:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 azcwn7vk;azcwn7vk; D:\WINDOWS\system32\drivers\azcwn7vk.sys []
S3 catchme;catchme; \??\D:\ComboFix.exe\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; D:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
S3 DSDrv4;DSDrv4; \??\D:\PROGRA~1\DScaler\DSDrv4.sys []
S3 GarenaPEngine;GarenaPEngine; \??\D:\DOCUME~1\Spajky\LOCALS~1\Temp\PIX134.tmp []
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; D:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-12-11 51582]
S3 MaRdPnp;MaRdPnp; D:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 MSDV;Microsoft DV Camera and VCR; D:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Ovladač programu Sledování sítě; D:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NPF;NetGroup Packet Filter Driver; D:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 P730C;P730C; D:\WINDOWS\system32\DRIVERS\P730C.sys [2004-09-16 25300]
S3 P730M;P730M; D:\WINDOWS\system32\DRIVERS\P730M.sys [2004-09-16 25300]
S3 P730U;P730U; D:\WINDOWS\system32\DRIVERS\P730U.sys [2005-05-25 49365]
S3 Ser2pl;MAT Serial port driver; D:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); D:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-05-20 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; D:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-05-20 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; D:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-05-20 84512]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WDC_SAM;WD SCSI Pass Thru driver; D:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; D:\WINDOWS\system32\CTSvcCDA.EXE [1999-12-13 44032]
R2 ekrn;Eset Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-04-01 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2006-03-09 143436]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 WDDMService;WD SmartWare Drive Manager; D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 WMDM PMSP Service;WMDM PMSP Service; D:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; D:\Program Files\Firebird\bin\fbguard.exe [2007-12-12 65536]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; D:\Program Files\Firebird\bin\fbserver.exe [2007-12-12 1531989]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S4 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S4 OpenVPNService;OpenVPN Service; D:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-04-05 16384]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Zdravím, tohle fixni v HJT :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\Documents and Settings\Spajky\wqu.exe \s
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ewrb] D:\WINDOWS\system32\ewrb.exe \u
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
HJT najdeš zde :
F:\Down ff\Spajky
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Pak použij Mbam z mého podpisu.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\Documents and Settings\Spajky\wqu.exe \s
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Spajky\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ewrb] D:\WINDOWS\system32\ewrb.exe \u
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
HJT najdeš zde :
F:\Down ff\Spajky
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Pak použij Mbam z mého podpisu.
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Super, díky, mbamem sem to smaozřejmě projížděl už předtím, našel 2 infikované soubory, samozřejmě smazáno, ale problémy přetrvaly. Můžeš mi prosím nějak "lidštějš" říci, co sem tam měl vlastně špatně?
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
No špatně je Qip Search Bar, wqu.exe a ewrb.exe - se mě už vůbec nelíbí,
Logitech Desktop Messenger a různé autoupdate není třeba.
Jelikož máš s PC stále problém použijeme větší kalibr, proto stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah vlož sem.
Logitech Desktop Messenger a různé autoupdate není třeba.
Jelikož máš s PC stále problém použijeme větší kalibr, proto stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah vlož sem.
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Tady to je:
ComboFix 10-01-04.01 - Spajky 10.01.2010 17:13:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.937 [GMT 1:00]
Spuštěný z: d:\documents and settings\Spajky\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Spajky\Dokumenty\cc_20080824_222145.reg
d:\documents and settings\Spajky\Dokumenty\cc_20090121_161048.reg
d:\documents and settings\Spajky\secupdat.dat
d:\windows\system32\Data
d:\windows\system32\Data\CTP0240W.DAT
d:\windows\system32\Data\CTP0242W.DAT
d:\windows\system32\Data\CTP0243W.DAT
d:\windows\system32\Data\CTP0244W.DAT
d:\windows\system32\Data\CTP0280W.DAT
d:\windows\system32\Data\CTP0320W.DAT
d:\windows\system32\ieuinit.inf
d:\windows\system32\secupdat.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 13:30 . 2010-01-10 13:30 -------- d-----w- D:\rsit
2010-01-08 10:22 . 2010-01-08 10:22 6144 ---ha-w- d:\documents and settings\Spajky\xox.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ---h--w- d:\documents and settings\Spajky\wqu.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ----a-w- d:\windows\system32\ewrb.exe
2010-01-05 15:41 . 2010-01-05 15:41 59904 ---h--w- d:\documents and settings\Spajky\vfe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:08 . 2007-01-24 11:43 -------- d-----w- d:\program files\Weather Watcher
2010-01-10 15:03 . 2008-07-19 14:37 -------- d-----w- d:\program files\Winamp
2010-01-10 13:41 . 2009-02-09 20:01 -------- d-----w- d:\program files\Garena
2009-12-29 21:02 . 2005-03-26 20:08 -------- d-----w- d:\program files\DC++
2009-12-16 17:18 . 2007-01-25 19:23 -------- d-----w- d:\program files\QIP
2009-12-08 16:22 . 2006-05-20 09:31 -------- d-----w- d:\program files\SpeedFan
2009-12-07 16:19 . 2009-12-07 16:18 -------- d-----w- d:\program files\ACD Systems
2009-12-07 16:19 . 2009-12-07 16:19 -------- d-----w- d:\program files\Common Files\ACD Systems
2009-12-07 07:44 . 2009-12-07 07:44 -------- d-----w- d:\program files\Western Digital
2009-12-06 18:51 . 2008-08-26 05:32 137918 -c--a-w- d:\windows\War3Unin.dat
2009-11-15 08:29 . 2009-05-24 20:48 6080 ----a-w- d:\windows\system32\drivers\UNIDRV.SYS
2009-10-26 18:21 . 2001-10-25 14:00 74426 ----a-w- d:\windows\system32\perfc005.dat
2009-10-26 18:21 . 2001-10-25 14:00 401726 ----a-w- d:\windows\system32\perfh005.dat
2009-10-14 13:55 . 2008-06-12 15:04 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ComboFix 10-01-04.01 - Spajky 10.01.2010 17:13:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.937 [GMT 1:00]
Spuštěný z: d:\documents and settings\Spajky\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Spajky\Dokumenty\cc_20080824_222145.reg
d:\documents and settings\Spajky\Dokumenty\cc_20090121_161048.reg
d:\documents and settings\Spajky\secupdat.dat
d:\windows\system32\Data
d:\windows\system32\Data\CTP0240W.DAT
d:\windows\system32\Data\CTP0242W.DAT
d:\windows\system32\Data\CTP0243W.DAT
d:\windows\system32\Data\CTP0244W.DAT
d:\windows\system32\Data\CTP0280W.DAT
d:\windows\system32\Data\CTP0320W.DAT
d:\windows\system32\ieuinit.inf
d:\windows\system32\secupdat.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 13:30 . 2010-01-10 13:30 -------- d-----w- D:\rsit
2010-01-08 10:22 . 2010-01-08 10:22 6144 ---ha-w- d:\documents and settings\Spajky\xox.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ---h--w- d:\documents and settings\Spajky\wqu.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ----a-w- d:\windows\system32\ewrb.exe
2010-01-05 15:41 . 2010-01-05 15:41 59904 ---h--w- d:\documents and settings\Spajky\vfe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:08 . 2007-01-24 11:43 -------- d-----w- d:\program files\Weather Watcher
2010-01-10 15:03 . 2008-07-19 14:37 -------- d-----w- d:\program files\Winamp
2010-01-10 13:41 . 2009-02-09 20:01 -------- d-----w- d:\program files\Garena
2009-12-29 21:02 . 2005-03-26 20:08 -------- d-----w- d:\program files\DC++
2009-12-16 17:18 . 2007-01-25 19:23 -------- d-----w- d:\program files\QIP
2009-12-08 16:22 . 2006-05-20 09:31 -------- d-----w- d:\program files\SpeedFan
2009-12-07 16:19 . 2009-12-07 16:18 -------- d-----w- d:\program files\ACD Systems
2009-12-07 16:19 . 2009-12-07 16:19 -------- d-----w- d:\program files\Common Files\ACD Systems
2009-12-07 07:44 . 2009-12-07 07:44 -------- d-----w- d:\program files\Western Digital
2009-12-06 18:51 . 2008-08-26 05:32 137918 -c--a-w- d:\windows\War3Unin.dat
2009-11-15 08:29 . 2009-05-24 20:48 6080 ----a-w- d:\windows\system32\drivers\UNIDRV.SYS
2009-10-26 18:21 . 2001-10-25 14:00 74426 ----a-w- d:\windows\system32\perfc005.dat
2009-10-26 18:21 . 2001-10-25 14:00 401726 ----a-w- d:\windows\system32\perfh005.dat
2009-10-14 13:55 . 2008-06-12 15:04 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Promiň:
ComboFix 10-01-04.01 - Spajky 10.01.2010 17:13:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.937 [GMT 1:00]
Spuštěný z: d:\documents and settings\Spajky\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Spajky\Dokumenty\cc_20080824_222145.reg
d:\documents and settings\Spajky\Dokumenty\cc_20090121_161048.reg
d:\documents and settings\Spajky\secupdat.dat
d:\windows\system32\Data
d:\windows\system32\Data\CTP0240W.DAT
d:\windows\system32\Data\CTP0242W.DAT
d:\windows\system32\Data\CTP0243W.DAT
d:\windows\system32\Data\CTP0244W.DAT
d:\windows\system32\Data\CTP0280W.DAT
d:\windows\system32\Data\CTP0320W.DAT
d:\windows\system32\ieuinit.inf
d:\windows\system32\secupdat.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 13:30 . 2010-01-10 13:30 -------- d-----w- D:\rsit
2010-01-08 10:22 . 2010-01-08 10:22 6144 ---ha-w- d:\documents and settings\Spajky\xox.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ---h--w- d:\documents and settings\Spajky\wqu.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ----a-w- d:\windows\system32\ewrb.exe
2010-01-05 15:41 . 2010-01-05 15:41 59904 ---h--w- d:\documents and settings\Spajky\vfe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:08 . 2007-01-24 11:43 -------- d-----w- d:\program files\Weather Watcher
2010-01-10 15:03 . 2008-07-19 14:37 -------- d-----w- d:\program files\Winamp
2010-01-10 13:41 . 2009-02-09 20:01 -------- d-----w- d:\program files\Garena
2009-12-29 21:02 . 2005-03-26 20:08 -------- d-----w- d:\program files\DC++
2009-12-16 17:18 . 2007-01-25 19:23 -------- d-----w- d:\program files\QIP
2009-12-08 16:22 . 2006-05-20 09:31 -------- d-----w- d:\program files\SpeedFan
2009-12-07 16:19 . 2009-12-07 16:18 -------- d-----w- d:\program files\ACD Systems
2009-12-07 16:19 . 2009-12-07 16:19 -------- d-----w- d:\program files\Common Files\ACD Systems
2009-12-07 07:44 . 2009-12-07 07:44 -------- d-----w- d:\program files\Western Digital
2009-12-06 18:51 . 2008-08-26 05:32 137918 -c--a-w- d:\windows\War3Unin.dat
2009-11-15 08:29 . 2009-05-24 20:48 6080 ----a-w- d:\windows\system32\drivers\UNIDRV.SYS
2009-10-26 18:21 . 2001-10-25 14:00 74426 ----a-w- d:\windows\system32\perfc005.dat
2009-10-26 18:21 . 2001-10-25 14:00 401726 ----a-w- d:\windows\system32\perfh005.dat
2009-10-14 13:55 . 2008-06-12 15:04 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="d:\program files\Weather Watcher\ww.exe" [2007-01-21 995328]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 135168]
"QIP2005"="d:\program files\QIP\qip.exe" [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"MBM 5"="d:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"CTSysVol"="d:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="d:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2004-12-20 33792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-04-11 05:33 118784 ----a-w- d:\windows\system32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 10:57 94208 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2006-09-15 17:02 3998208 ----a-w- d:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-04-10 08:36 28672 ----a-w- d:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2005-03-27 09:37 2487296 ----a-w- d:\progra~1\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2008-06-10 17:52 1447168 ----a-w- d:\program files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:06 3144800 ----a-w- d:\program files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-09 13:29 7561216 ----a-w- d:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 14:29 1519616 ----a-w- d:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 08:55 99328 ----a-w- d:\program files\OpenVPN\bin\openvpn-gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 10:34 406016 -c--a-w- d:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-07 18:39 98304 -c--a-w- d:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2002-11-21 08:33 135168 ----a-w- d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 02:10 49263 -c--a-w- d:\program files\Java\jre1.5.0_09\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-02 19:39 180269 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- d:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 14:38 61440 ----a-w- f:\test3\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"OpenVPNService"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\mIRCczLite\\mirc.exe"=
"d:\\Program Files\\ICQ\\Icq.exe"=
"d:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Program Files\\DC++\\StrongDC.exe"=
"d:\\Program Files\\Strong DC++\\StrongDC.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"g:\\Hry\\AoE2\\empires2.exe"=
"g:\\Hry\\MRDKA\\game.dat"=
"d:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"g:\\Test\\UT2003\\System\\UT2003.exe"=
"g:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"g:\\Hry\\GENERALS\\game.dat"=
"g:\\Hry\\Vietcong\\vietcong.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"g:\\Test6\\LFS\\LFS.exe"=
"f:\\Hry\\RRT2\\RT2_TSC.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Test3\\Warcraft III\\war3.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"f:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Hry\\Worms2\\frontend.exe"=
"f:\\Hry\\Worms Armageddon\\WA.exe"=
"f:\\Hry\\RollerCoaster Tycoon\\rct.exe"=
"f:\\Down ff\\nhl_2002\\nhl2002.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"g:\\Hry\\Vietcong\\vcded.exe"=
"d:\\WINDOWS\\system32\\ewrb.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9380:TCP"= 9380:TCP:BitComet 9380 TCP
"9380:UDP"= 9380:UDP:BitComet 9380 UDP
"16012:TCP"= 16012:TCP:BitComet 16012 TCP
"16012:UDP"= 16012:UDP:BitComet 16012 UDP
"26353:TCP"= 26353:TCP:BitComet 26353 TCP
"26353:UDP"= 26353:UDP:BitComet 26353 UDP
R0 Pnp680;SiI 680 ATA Controller;d:\windows\system32\drivers\pnp680.sys [19.10.2006 21:18 35991]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 PStrip;PStrip;d:\windows\system32\drivers\pstrip.sys [15.7.2007 2:37 27992]
R2 WDDMService;WD SmartWare Drive Manager;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 ctgame;Game Port;d:\windows\system32\drivers\ctgame.sys [7.12.2008 14:43 12160]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [24.6.2004 2:54 23552]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [17.12.2008 15:37 717296]
S2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [12.8.2006 10:05 69404]
S2 BTTUNER;bt848 tweaked WDM TvTuner;d:\windows\system32\drivers\bttuner.sys [26.3.2005 19:29 9187]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;d:\windows\system32\drivers\btxbar.sys [26.3.2005 19:29 8193]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\bin\fbguard.exe -s --> d:\program files\Firebird\bin\fbguard.exe -s [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [12.8.2006 10:06 34478]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [12.8.2006 10:08 9804]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\bin\fbserver.exe -s --> d:\program files\Firebird\bin\fbserver.exe -s [?]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp --> d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 P730C;P730C;d:\windows\system32\drivers\P730C.sys [12.10.2007 12:31 25300]
S3 P730M;P730M;d:\windows\system32\drivers\P730M.sys [12.10.2007 12:31 25300]
S3 P730U;P730U;d:\windows\system32\drivers\P730U.sys [12.10.2007 12:31 49365]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [7.12.2009 8:45 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Download with &DAP - d:\progra~1\DAP\dapextie.htm
IE: + Offline &Explorer: Download the link - file://d:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\Offline Explorer\Add_AllO.htm
IE: Download &all with DAP - d:\progra~1\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
FF - ProfilePath - d:\documents and settings\Spajky\Data aplikací\Mozilla\Firefox\Profiles\arijtnju.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://pretaktovani.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-DAEMON Tools - d:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-IBS - d:\program files\IBS expert\TAXexpert 3 CZ\taxcheck.exe
AddRemove-HNR Game - d:\program files\HNR Game\Uninst.isu
AddRemove-Starsiege Demo - f:\hry\Starsiege Demo\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:17
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp"
.
Celkový čas: 2010-01-10 17:19:31
ComboFix-quarantined-files.txt 2010-01-10 16:19
ComboFix2.txt 2009-01-03 18:43
ComboFix3.txt 2009-01-03 17:29
ComboFix4.txt 2008-08-25 21:16
Před spuštěním: 398 856 192
Po spuštění: 424 046 592
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 478632410AF2A6536D685B9B8C07F35F
ComboFix 10-01-04.01 - Spajky 10.01.2010 17:13:44.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.937 [GMT 1:00]
Spuštěný z: d:\documents and settings\Spajky\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Spajky\Dokumenty\cc_20080824_222145.reg
d:\documents and settings\Spajky\Dokumenty\cc_20090121_161048.reg
d:\documents and settings\Spajky\secupdat.dat
d:\windows\system32\Data
d:\windows\system32\Data\CTP0240W.DAT
d:\windows\system32\Data\CTP0242W.DAT
d:\windows\system32\Data\CTP0243W.DAT
d:\windows\system32\Data\CTP0244W.DAT
d:\windows\system32\Data\CTP0280W.DAT
d:\windows\system32\Data\CTP0320W.DAT
d:\windows\system32\ieuinit.inf
d:\windows\system32\secupdat.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 13:30 . 2010-01-10 13:30 -------- d-----w- D:\rsit
2010-01-08 10:22 . 2010-01-08 10:22 6144 ---ha-w- d:\documents and settings\Spajky\xox.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ---h--w- d:\documents and settings\Spajky\wqu.exe
2010-01-08 10:21 . 2010-01-08 10:21 58368 ----a-w- d:\windows\system32\ewrb.exe
2010-01-05 15:41 . 2010-01-05 15:41 59904 ---h--w- d:\documents and settings\Spajky\vfe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:08 . 2007-01-24 11:43 -------- d-----w- d:\program files\Weather Watcher
2010-01-10 15:03 . 2008-07-19 14:37 -------- d-----w- d:\program files\Winamp
2010-01-10 13:41 . 2009-02-09 20:01 -------- d-----w- d:\program files\Garena
2009-12-29 21:02 . 2005-03-26 20:08 -------- d-----w- d:\program files\DC++
2009-12-16 17:18 . 2007-01-25 19:23 -------- d-----w- d:\program files\QIP
2009-12-08 16:22 . 2006-05-20 09:31 -------- d-----w- d:\program files\SpeedFan
2009-12-07 16:19 . 2009-12-07 16:18 -------- d-----w- d:\program files\ACD Systems
2009-12-07 16:19 . 2009-12-07 16:19 -------- d-----w- d:\program files\Common Files\ACD Systems
2009-12-07 07:44 . 2009-12-07 07:44 -------- d-----w- d:\program files\Western Digital
2009-12-06 18:51 . 2008-08-26 05:32 137918 -c--a-w- d:\windows\War3Unin.dat
2009-11-15 08:29 . 2009-05-24 20:48 6080 ----a-w- d:\windows\system32\drivers\UNIDRV.SYS
2009-10-26 18:21 . 2001-10-25 14:00 74426 ----a-w- d:\windows\system32\perfc005.dat
2009-10-26 18:21 . 2001-10-25 14:00 401726 ----a-w- d:\windows\system32\perfh005.dat
2009-10-14 13:55 . 2008-06-12 15:04 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="d:\program files\Weather Watcher\ww.exe" [2007-01-21 995328]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 135168]
"QIP2005"="d:\program files\QIP\qip.exe" [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"MBM 5"="d:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"CTSysVol"="d:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="d:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2004-12-20 33792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-04-11 05:33 118784 ----a-w- d:\windows\system32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 10:57 94208 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2006-09-15 17:02 3998208 ----a-w- d:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-04-10 08:36 28672 ----a-w- d:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2005-03-27 09:37 2487296 ----a-w- d:\progra~1\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2008-06-10 17:52 1447168 ----a-w- d:\program files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:06 3144800 ----a-w- d:\program files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-09 13:29 7561216 ----a-w- d:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 14:29 1519616 ----a-w- d:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 08:55 99328 ----a-w- d:\program files\OpenVPN\bin\openvpn-gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 10:34 406016 -c--a-w- d:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-07 18:39 98304 -c--a-w- d:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2002-11-21 08:33 135168 ----a-w- d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 02:10 49263 -c--a-w- d:\program files\Java\jre1.5.0_09\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-02 19:39 180269 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- d:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 14:38 61440 ----a-w- f:\test3\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"OpenVPNService"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\mIRCczLite\\mirc.exe"=
"d:\\Program Files\\ICQ\\Icq.exe"=
"d:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Program Files\\DC++\\StrongDC.exe"=
"d:\\Program Files\\Strong DC++\\StrongDC.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"g:\\Hry\\AoE2\\empires2.exe"=
"g:\\Hry\\MRDKA\\game.dat"=
"d:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"g:\\Test\\UT2003\\System\\UT2003.exe"=
"g:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"g:\\Hry\\GENERALS\\game.dat"=
"g:\\Hry\\Vietcong\\vietcong.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"g:\\Test6\\LFS\\LFS.exe"=
"f:\\Hry\\RRT2\\RT2_TSC.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Test3\\Warcraft III\\war3.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"f:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Hry\\Worms2\\frontend.exe"=
"f:\\Hry\\Worms Armageddon\\WA.exe"=
"f:\\Hry\\RollerCoaster Tycoon\\rct.exe"=
"f:\\Down ff\\nhl_2002\\nhl2002.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"g:\\Hry\\Vietcong\\vcded.exe"=
"d:\\WINDOWS\\system32\\ewrb.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9380:TCP"= 9380:TCP:BitComet 9380 TCP
"9380:UDP"= 9380:UDP:BitComet 9380 UDP
"16012:TCP"= 16012:TCP:BitComet 16012 TCP
"16012:UDP"= 16012:UDP:BitComet 16012 UDP
"26353:TCP"= 26353:TCP:BitComet 26353 TCP
"26353:UDP"= 26353:UDP:BitComet 26353 UDP
R0 Pnp680;SiI 680 ATA Controller;d:\windows\system32\drivers\pnp680.sys [19.10.2006 21:18 35991]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 PStrip;PStrip;d:\windows\system32\drivers\pstrip.sys [15.7.2007 2:37 27992]
R2 WDDMService;WD SmartWare Drive Manager;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 ctgame;Game Port;d:\windows\system32\drivers\ctgame.sys [7.12.2008 14:43 12160]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [24.6.2004 2:54 23552]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [17.12.2008 15:37 717296]
S2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [12.8.2006 10:05 69404]
S2 BTTUNER;bt848 tweaked WDM TvTuner;d:\windows\system32\drivers\bttuner.sys [26.3.2005 19:29 9187]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;d:\windows\system32\drivers\btxbar.sys [26.3.2005 19:29 8193]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\bin\fbguard.exe -s --> d:\program files\Firebird\bin\fbguard.exe -s [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [12.8.2006 10:06 34478]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [12.8.2006 10:08 9804]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\bin\fbserver.exe -s --> d:\program files\Firebird\bin\fbserver.exe -s [?]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp --> d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 P730C;P730C;d:\windows\system32\drivers\P730C.sys [12.10.2007 12:31 25300]
S3 P730M;P730M;d:\windows\system32\drivers\P730M.sys [12.10.2007 12:31 25300]
S3 P730U;P730U;d:\windows\system32\drivers\P730U.sys [12.10.2007 12:31 49365]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [7.12.2009 8:45 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Download with &DAP - d:\progra~1\DAP\dapextie.htm
IE: + Offline &Explorer: Download the link - file://d:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\Offline Explorer\Add_AllO.htm
IE: Download &all with DAP - d:\progra~1\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
FF - ProfilePath - d:\documents and settings\Spajky\Data aplikací\Mozilla\Firefox\Profiles\arijtnju.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://pretaktovani.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-DAEMON Tools - d:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-IBS - d:\program files\IBS expert\TAXexpert 3 CZ\taxcheck.exe
AddRemove-HNR Game - d:\program files\HNR Game\Uninst.isu
AddRemove-Starsiege Demo - f:\hry\Starsiege Demo\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:17
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp"
.
Celkový čas: 2010-01-10 17:19:31
ComboFix-quarantined-files.txt 2010-01-10 16:19
ComboFix2.txt 2009-01-03 18:43
ComboFix3.txt 2009-01-03 17:29
ComboFix4.txt 2008-08-25 21:16
Před spuštěním: 398 856 192
Po spuštění: 424 046 592
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 478632410AF2A6536D685B9B8C07F35F
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
V pohodě 
Nyní doladíme, proto pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
po aplikaci na Tebe vypadne další log, dej ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Nyní doladíme, proto pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
d:\documents and settings\Spajky\xox.exe
d:\documents and settings\Spajky\wqu.exe
d:\windows\system32\ewrb.exe
d:\documents and settings\Spajky\vfe.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Antivirus"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aswUpdSv"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\ewrb.exe"=-
FireFox::
FF - ProfilePath - d:\documents and settings\Spajky\Data aplikací\Mozilla\Firefox\Profiles\arijtnju.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
po aplikaci na Tebe vypadne další log, dej ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
ComboFix 10-01-04.01 - Spajky 10.01.2010 17:52:58.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.862 [GMT 1:00]
Spuštěný z: d:\documents and settings\Spajky\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Spajky\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"d:\documents and settings\Spajky\vfe.exe"
"d:\documents and settings\Spajky\wqu.exe"
"d:\documents and settings\Spajky\xox.exe"
"d:\windows\system32\ewrb.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Spajky\vfe.exe
d:\documents and settings\Spajky\wqu.exe
d:\documents and settings\Spajky\xox.exe
d:\windows\system32\ewrb.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 13:30 . 2010-01-10 13:30 -------- d-----w- D:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:08 . 2007-01-24 11:43 -------- d-----w- d:\program files\Weather Watcher
2010-01-10 15:03 . 2008-07-19 14:37 -------- d-----w- d:\program files\Winamp
2010-01-10 13:41 . 2009-02-09 20:01 -------- d-----w- d:\program files\Garena
2009-12-29 21:02 . 2005-03-26 20:08 -------- d-----w- d:\program files\DC++
2009-12-16 17:18 . 2007-01-25 19:23 -------- d-----w- d:\program files\QIP
2009-12-08 16:22 . 2006-05-20 09:31 -------- d-----w- d:\program files\SpeedFan
2009-12-07 16:19 . 2009-12-07 16:18 -------- d-----w- d:\program files\ACD Systems
2009-12-07 16:19 . 2009-12-07 16:19 -------- d-----w- d:\program files\Common Files\ACD Systems
2009-12-07 07:44 . 2009-12-07 07:44 -------- d-----w- d:\program files\Western Digital
2009-12-06 18:51 . 2008-08-26 05:32 137918 -c--a-w- d:\windows\War3Unin.dat
2009-11-15 08:29 . 2009-05-24 20:48 6080 ----a-w- d:\windows\system32\drivers\UNIDRV.SYS
2009-10-26 18:21 . 2001-10-25 14:00 74426 ----a-w- d:\windows\system32\perfc005.dat
2009-10-26 18:21 . 2001-10-25 14:00 401726 ----a-w- d:\windows\system32\perfh005.dat
2009-10-14 13:55 . 2008-06-12 15:04 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="d:\program files\Weather Watcher\ww.exe" [2007-01-21 995328]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 135168]
"QIP2005"="d:\program files\QIP\qip.exe" [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"MBM 5"="d:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"CTSysVol"="d:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="d:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2004-12-20 33792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-04-11 05:33 118784 ----a-w- d:\windows\system32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 10:57 94208 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2006-09-15 17:02 3998208 ----a-w- d:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-04-10 08:36 28672 ----a-w- d:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2005-03-27 09:37 2487296 ----a-w- d:\progra~1\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2008-06-10 17:52 1447168 ----a-w- d:\program files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:06 3144800 ----a-w- d:\program files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-09 13:29 7561216 ----a-w- d:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 14:29 1519616 ----a-w- d:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 08:55 99328 ----a-w- d:\program files\OpenVPN\bin\openvpn-gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 10:34 406016 -c--a-w- d:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-07 18:39 98304 -c--a-w- d:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2002-11-21 08:33 135168 ----a-w- d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 02:10 49263 -c--a-w- d:\program files\Java\jre1.5.0_09\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-02 19:39 180269 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- d:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 14:38 61440 ----a-w- f:\test3\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"OpenVPNService"=3 (0x3)
"aspnet_state"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\mIRCczLite\\mirc.exe"=
"d:\\Program Files\\ICQ\\Icq.exe"=
"d:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Program Files\\DC++\\StrongDC.exe"=
"d:\\Program Files\\Strong DC++\\StrongDC.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"g:\\Hry\\AoE2\\empires2.exe"=
"g:\\Hry\\MRDKA\\game.dat"=
"d:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"g:\\Test\\UT2003\\System\\UT2003.exe"=
"g:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"g:\\Hry\\GENERALS\\game.dat"=
"g:\\Hry\\Vietcong\\vietcong.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"g:\\Test6\\LFS\\LFS.exe"=
"f:\\Hry\\RRT2\\RT2_TSC.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Test3\\Warcraft III\\war3.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"f:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Hry\\Worms2\\frontend.exe"=
"f:\\Hry\\Worms Armageddon\\WA.exe"=
"f:\\Hry\\RollerCoaster Tycoon\\rct.exe"=
"f:\\Down ff\\nhl_2002\\nhl2002.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"g:\\Hry\\Vietcong\\vcded.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9380:TCP"= 9380:TCP:BitComet 9380 TCP
"9380:UDP"= 9380:UDP:BitComet 9380 UDP
"16012:TCP"= 16012:TCP:BitComet 16012 TCP
"16012:UDP"= 16012:UDP:BitComet 16012 UDP
"26353:TCP"= 26353:TCP:BitComet 26353 TCP
"26353:UDP"= 26353:UDP:BitComet 26353 UDP
R0 Pnp680;SiI 680 ATA Controller;d:\windows\system32\drivers\pnp680.sys [19.10.2006 21:18 35991]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 PStrip;PStrip;d:\windows\system32\drivers\pstrip.sys [15.7.2007 2:37 27992]
R2 WDDMService;WD SmartWare Drive Manager;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 ctgame;Game Port;d:\windows\system32\drivers\ctgame.sys [7.12.2008 14:43 12160]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [24.6.2004 2:54 23552]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [17.12.2008 15:37 717296]
S2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [12.8.2006 10:05 69404]
S2 BTTUNER;bt848 tweaked WDM TvTuner;d:\windows\system32\drivers\bttuner.sys [26.3.2005 19:29 9187]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;d:\windows\system32\drivers\btxbar.sys [26.3.2005 19:29 8193]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\bin\fbguard.exe -s --> d:\program files\Firebird\bin\fbguard.exe -s [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [12.8.2006 10:06 34478]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [12.8.2006 10:08 9804]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\bin\fbserver.exe -s --> d:\program files\Firebird\bin\fbserver.exe -s [?]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp --> d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 P730C;P730C;d:\windows\system32\drivers\P730C.sys [12.10.2007 12:31 25300]
S3 P730M;P730M;d:\windows\system32\drivers\P730M.sys [12.10.2007 12:31 25300]
S3 P730U;P730U;d:\windows\system32\drivers\P730U.sys [12.10.2007 12:31 49365]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [7.12.2009 8:45 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Download with &DAP - d:\progra~1\DAP\dapextie.htm
IE: + Offline &Explorer: Download the link - file://d:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\Offline Explorer\Add_AllO.htm
IE: Download &all with DAP - d:\progra~1\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
FF - ProfilePath - d:\documents and settings\Spajky\Data aplikací\Mozilla\Firefox\Profiles\arijtnju.default\
FF - prefs.js: browser.startup.homepage - hxxp://pretaktovani.cz/
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:55
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp"
.
Celkový čas: 2010-01-10 17:56:57
ComboFix-quarantined-files.txt 2010-01-10 16:56
ComboFix2.txt 2010-01-10 16:19
ComboFix3.txt 2009-01-03 18:43
ComboFix4.txt 2009-01-03 17:29
ComboFix5.txt 2010-01-10 16:52
Před spuštěním: 439 705 600
Po spuštění: 417 882 112
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F0884064B6C7F53240E6D9E4F93063F9
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.862 [GMT 1:00]
Spuštěný z: d:\documents and settings\Spajky\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Spajky\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"d:\documents and settings\Spajky\vfe.exe"
"d:\documents and settings\Spajky\wqu.exe"
"d:\documents and settings\Spajky\xox.exe"
"d:\windows\system32\ewrb.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Spajky\vfe.exe
d:\documents and settings\Spajky\wqu.exe
d:\documents and settings\Spajky\xox.exe
d:\windows\system32\ewrb.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 13:30 . 2010-01-10 13:30 -------- d-----w- D:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:09 . 2008-12-07 13:43 292 ----a-w- d:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-10081102}.dat
2010-01-10 16:08 . 2007-01-24 11:43 -------- d-----w- d:\program files\Weather Watcher
2010-01-10 15:03 . 2008-07-19 14:37 -------- d-----w- d:\program files\Winamp
2010-01-10 13:41 . 2009-02-09 20:01 -------- d-----w- d:\program files\Garena
2009-12-29 21:02 . 2005-03-26 20:08 -------- d-----w- d:\program files\DC++
2009-12-16 17:18 . 2007-01-25 19:23 -------- d-----w- d:\program files\QIP
2009-12-08 16:22 . 2006-05-20 09:31 -------- d-----w- d:\program files\SpeedFan
2009-12-07 16:19 . 2009-12-07 16:18 -------- d-----w- d:\program files\ACD Systems
2009-12-07 16:19 . 2009-12-07 16:19 -------- d-----w- d:\program files\Common Files\ACD Systems
2009-12-07 07:44 . 2009-12-07 07:44 -------- d-----w- d:\program files\Western Digital
2009-12-06 18:51 . 2008-08-26 05:32 137918 -c--a-w- d:\windows\War3Unin.dat
2009-11-15 08:29 . 2009-05-24 20:48 6080 ----a-w- d:\windows\system32\drivers\UNIDRV.SYS
2009-10-26 18:21 . 2001-10-25 14:00 74426 ----a-w- d:\windows\system32\perfc005.dat
2009-10-26 18:21 . 2001-10-25 14:00 401726 ----a-w- d:\windows\system32\perfh005.dat
2009-10-14 13:55 . 2008-06-12 15:04 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="d:\program files\Weather Watcher\ww.exe" [2007-01-21 995328]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 135168]
"QIP2005"="d:\program files\QIP\qip.exe" [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"MBM 5"="d:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"CTSysVol"="d:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="d:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2004-12-20 33792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-04-11 05:33 118784 ----a-w- d:\windows\system32\CTASIO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 10:57 94208 ----a-w- d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2006-09-15 17:02 3998208 ----a-w- d:\program files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-04-10 08:36 28672 ----a-w- d:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2005-03-27 09:37 2487296 ----a-w- d:\progra~1\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2008-06-10 17:52 1447168 ----a-w- d:\program files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 -c--a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:06 3144800 ----a-w- d:\program files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-09 13:29 7561216 ----a-w- d:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 14:29 1519616 ----a-w- d:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 08:55 99328 ----a-w- d:\program files\OpenVPN\bin\openvpn-gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-12-04 10:34 406016 -c--a-w- d:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-07 18:39 98304 -c--a-w- d:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2002-11-21 08:33 135168 ----a-w- d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 02:10 49263 -c--a-w- d:\program files\Java\jre1.5.0_09\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-02 19:39 180269 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- d:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 14:38 61440 ----a-w- f:\test3\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- d:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"OpenVPNService"=3 (0x3)
"aspnet_state"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\mIRCczLite\\mirc.exe"=
"d:\\Program Files\\ICQ\\Icq.exe"=
"d:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Program Files\\DC++\\StrongDC.exe"=
"d:\\Program Files\\Strong DC++\\StrongDC.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\DAP\\DAP.exe"=
"g:\\Hry\\AoE2\\empires2.exe"=
"g:\\Hry\\MRDKA\\game.dat"=
"d:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"g:\\Test\\UT2003\\System\\UT2003.exe"=
"g:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"g:\\Hry\\GENERALS\\game.dat"=
"g:\\Hry\\Vietcong\\vietcong.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\Program Files\\ICQLite\\ICQLite.exe"=
"d:\\Program Files\\QIP\\qip.exe"=
"g:\\Test6\\LFS\\LFS.exe"=
"f:\\Hry\\RRT2\\RT2_TSC.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Test3\\Warcraft III\\war3.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"f:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"d:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Hry\\Worms2\\frontend.exe"=
"f:\\Hry\\Worms Armageddon\\WA.exe"=
"f:\\Hry\\RollerCoaster Tycoon\\rct.exe"=
"f:\\Down ff\\nhl_2002\\nhl2002.exe"=
"d:\\Program Files\\Hamachi\\hamachi.exe"=
"g:\\Hry\\Vietcong\\vcded.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9380:TCP"= 9380:TCP:BitComet 9380 TCP
"9380:UDP"= 9380:UDP:BitComet 9380 UDP
"16012:TCP"= 16012:TCP:BitComet 16012 TCP
"16012:UDP"= 16012:UDP:BitComet 16012 UDP
"26353:TCP"= 26353:TCP:BitComet 26353 TCP
"26353:UDP"= 26353:UDP:BitComet 26353 UDP
R0 Pnp680;SiI 680 ATA Controller;d:\windows\system32\drivers\pnp680.sys [19.10.2006 21:18 35991]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 PStrip;PStrip;d:\windows\system32\drivers\pstrip.sys [15.7.2007 2:37 27992]
R2 WDDMService;WD SmartWare Drive Manager;d:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;d:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 ctgame;Game Port;d:\windows\system32\drivers\ctgame.sys [7.12.2008 14:43 12160]
R3 tap0801;TAP-Win32 Adapter V8;d:\windows\system32\drivers\tap0801.sys [24.6.2004 2:54 23552]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [17.12.2008 15:37 717296]
S2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [12.8.2006 10:05 69404]
S2 BTTUNER;bt848 tweaked WDM TvTuner;d:\windows\system32\drivers\bttuner.sys [26.3.2005 19:29 9187]
S2 BTXBAR;bt848 tweaked TV WDM Crossbar;d:\windows\system32\drivers\btxbar.sys [26.3.2005 19:29 8193]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\bin\fbguard.exe -s --> d:\program files\Firebird\bin\fbguard.exe -s [?]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [12.8.2006 10:06 34478]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [12.8.2006 10:08 9804]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\bin\fbserver.exe -s --> d:\program files\Firebird\bin\fbserver.exe -s [?]
S3 GarenaPEngine;GarenaPEngine;\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp --> d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2.8.2005 22:10 32512]
S3 P730C;P730C;d:\windows\system32\drivers\P730C.sys [12.10.2007 12:31 25300]
S3 P730M;P730M;d:\windows\system32\drivers\P730M.sys [12.10.2007 12:31 25300]
S3 P730U;P730U;d:\windows\system32\drivers\P730U.sys [12.10.2007 12:31 49365]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [7.12.2009 8:45 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Download with &DAP - d:\progra~1\DAP\dapextie.htm
IE: + Offline &Explorer: Download the link - file://d:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\Offline Explorer\Add_AllO.htm
IE: Download &all with DAP - d:\progra~1\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
FF - ProfilePath - d:\documents and settings\Spajky\Data aplikací\Mozilla\Firefox\Profiles\arijtnju.default\
FF - prefs.js: browser.startup.homepage - hxxp://pretaktovani.cz/
---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 17:55
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\d:\docume~1\Spajky\LOCALS~1\Temp\VWB3AC.tmp"
.
Celkový čas: 2010-01-10 17:56:57
ComboFix-quarantined-files.txt 2010-01-10 16:56
ComboFix2.txt 2010-01-10 16:19
ComboFix3.txt 2009-01-03 18:43
ComboFix4.txt 2009-01-03 17:29
ComboFix5.txt 2010-01-10 16:52
Před spuštěním: 439 705 600
Po spuštění: 417 882 112
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F0884064B6C7F53240E6D9E4F93063F9
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Jaj, koukám že jsem ten script omylem pojmenoval CFScript.txt.txt , vadí to?
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Mazání proběhlo tak že nevadí.
Nyní přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
položka Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
položka Registry - tady vyčistíš registry; před použitím doporučuji udělat jejich zálohu, kterou Ccleaner nabízí,
čištění registru je třeba několikrát zopakovat !
Pak dej vědět jaký je stav PC.
Nyní přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
položka Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
položka Registry - tady vyčistíš registry; před použitím doporučuji udělat jejich zálohu, kterou Ccleaner nabízí,
čištění registru je třeba několikrát zopakovat !
Pak dej vědět jaký je stav PC.
Re: Zpomalené PC, odezva na internetu, prosím o kontrolu logu
Vše vypadá OK, zatím, nemám už bohužel čas se tomu dál věnovat, práce volá. Ale děkuji za pomoc!
Přispějete na provoz fóra?