Zdravim prosim o kontrolu logu obcas sa mi stane, ze mi nejde internet a netusim preco urcite to nieje providerom. na ikonke siete ukazuje, ze pakety prichadazju a aj odchadzaju ale proste net nejde pri pingu na stranku napise nieje mozne najst hostitela napr www.google.sk ping na gateway ide toto trva nejaku hodinu a po par restartoch pc internet nejde netusim v com to je. Prikladam log :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2011-08-09 20:13:37
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (8%) free of 33 GB
Total RAM: 2047 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:13:41, on 9.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Programs\Avast\afwServ.exe
C:\Program Files\Programs\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Programs\Avast\avastUI.exe
C:\Program Files\Programs\LogMeIn Hamachi NEW\hamachi-2-ui.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Programs\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Programs\Samsung PC studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Programs\LogMeIn Hamachi NEW\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Programs\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Programs\FireFox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Programs\FireFox\plugin-container.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: YouTubeUploaderLib.YouTubeUploaderLib - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [avast] "C:\Program Files\Programs\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\Programs\LogMeIn Hamachi NEW\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\Programs\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Programs\Samsung PC studio\NPSAgent.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Programs\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachii\hamachi.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WConfig.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B2EFE16-4472-4A3D-9A81-EB959A3D6445}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Programs\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Programs\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Programs\LogMeIn Hamachi NEW\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Programs\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
--
End of file - 12001 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1222892560.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003UA.job
C:\WINDOWS\tasks\RMSmartUpdate.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\8bcy1wp1.default
prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"wrc@avast.com"=C:\Program Files\Programs\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=13]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll
C:\Program Files\Programs\FireFox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
C:\Program Files\Programs\FireFox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
npwachk.xpt
nsIBitCometAgent.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Programs\FireFox\plugins\
npBitCometAgent.dll
npdeployJava1.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class
C:\Program Files\Programs\FireFox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\8bcy1wp1.default\searchplugins\
bsplayer-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-23 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-24 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-24 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-01-11 1230704]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]
"avast"=C:\Program Files\Programs\Avast\avastUI.exe [2011-07-04 3493720]
"LogMeIn Hamachi Ui"=C:\Program Files\Programs\LogMeIn Hamachi NEW\hamachi-2-ui.exe [2011-05-25 1951112]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"DAEMON Tools Lite"=C:\Program Files\Programs\DAEMON Tools\daemon.exe [2008-07-24 490952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-23 39408]
"AutoStartNPSAgent"=C:\Program Files\Programs\Samsung PC studio\NPSAgent.exe [2010-02-26 102400]
"AlcoholAutomount"=C:\Program Files\Programs\Alcohol 52\AxAutoMntSrv.exe [2010-08-20 33120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 135664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Documents and Settings\Admin\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
hamachi.lnk - C:\Program Files\Hamachii\hamachi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-20 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Programs\12Voip\12Voip.exe"="C:\Program Files\Programs\12Voip\12Voip.exe:*:Enabled:12Voip"
"C:\Program Files\Programs\QIP Infium2\infium.exe"="C:\Program Files\Programs\QIP Infium2\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Programs\Opera\opera.exe"="C:\Program Files\Programs\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Programs\Garena\Garena.exe"="C:\Program Files\Programs\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Programs\QIP 8080\QIP\qip.exe"="C:\Program Files\Programs\QIP 8080\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Hry\World of Warcraft\Repair.exe"="D:\Hry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\Hry\World of Warcraft\Launcher.exe"="D:\Hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Hry\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="D:\Hry\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Programs\PASW Statistics\WinWrapIDE.exe"="C:\Program Files\Programs\PASW Statistics\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\Programs\PASW Statistics\paswstat.exe"="C:\Program Files\Programs\PASW Statistics\paswstat.exe:*:Disabled:Statistics18:exe"
"C:\Program Files\Programs\PASW Statistics\paswstat.com"="C:\Program Files\Programs\PASW Statistics\paswstat.com:*:Disabled:Statistics18:com"
"C:\Program Files\Programs\FreeCall\FreeCall.exe"="C:\Program Files\Programs\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Programs\Samsung PC studio\npsasvr.exe"="C:\Program Files\Programs\Samsung PC studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Programs\Samsung PC studio\npsvsvr.exe"="C:\Program Files\Programs\Samsung PC studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"D:\Hry\Ubisoft\Assassin's Creed II\server.exe"="D:\Hry\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:ServerEmuUbi"
"C:\Assassin's Creed II\server.exe"="C:\Assassin's Creed II\server.exe:*:Enabled:ServerEmuUbi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\Brotherhood\ACBSP.exe"="D:\Hry\Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"D:\Hry\Brotherhood\ACBMP.exe"="D:\Hry\Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"D:\Hry\Brotherhood\AssassinsCreedBrotherhood.exe"="D:\Hry\Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"D:\Hry\Brotherhood\UPlayBrowser.exe"="D:\Hry\Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"D:\Hry\League of Legends\lol.launcher.exe"="D:\Hry\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher"
"C:\Riot Games\League of Legends\lol.launcher.exe"="C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.lhacm"=lhacm.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.dvsd"=mcdvd_32.dll
"vidc.DIVX"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-08-09 19:29:10 ----RA---- C:\WINDOWS\system32\drivers\senfilt.sys
2011-08-09 19:29:10 ----RA---- C:\WINDOWS\system32\drivers\aeaudio.sys
2011-08-09 19:29:10 ----RA---- C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011-08-09 19:28:57 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2011-08-09 19:28:56 ----N---- C:\WINDOWS\system32\SMMedia.dll
2011-08-09 19:28:55 ----N---- C:\WINDOWS\system32\DSndUp.exe
2011-08-09 19:28:55 ----N---- C:\WINDOWS\system32\CleanUp.exe
2011-08-09 19:21:10 ----A---- C:\WINDOWS\system32\msssc.dll
2011-08-09 19:20:19 ----D---- C:\swsetup
2011-08-08 01:45:53 ----D---- C:\PDF
2011-08-03 12:38:17 ----A---- C:\WINDOWS\system32\drivers\aswFW.sys
2011-08-03 12:38:02 ----A---- C:\WINDOWS\system32\drivers\aswNdis2.sys
2011-08-03 12:37:59 ----A---- C:\WINDOWS\system32\drivers\aswNdis.sys
2011-07-16 16:04:30 ----D---- C:\Documents and Settings\Admin\Application Data\TS3Client
2011-07-16 16:03:06 ----D---- C:\Program Files\TeamSpeak 3 Client
======List of files/folders modified in the last 1 month======
2011-08-09 20:13:38 ----D---- C:\Program Files\trend micro
2011-08-09 20:11:17 ----D---- C:\WINDOWS\system32
2011-08-09 20:10:56 ----D---- C:\WINDOWS\temp
2011-08-09 20:10:53 ----D---- C:\Documents and Settings\Admin\Application Data\Hamachi
2011-08-09 20:10:31 ----D---- C:\Documents and Settings\Admin\Application Data\Dropbox
2011-08-09 20:10:04 ----SD---- C:\WINDOWS\Tasks
2011-08-09 20:08:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-09 20:01:27 ----D---- C:\Documents and Settings\Admin\Application Data\DiskAid
2011-08-09 20:01:01 ----D---- C:\Program Files\Programs
2011-08-09 19:59:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-08-09 19:59:34 ----D---- C:\Program Files\Registry Mechanic
2011-08-09 19:59:10 ----RD---- C:\Program Files
2011-08-09 19:56:07 ----D---- C:\Program Files\Common Files\BioWare
2011-08-09 19:50:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-09 19:46:48 ----D---- C:\WINDOWS
2011-08-09 19:30:18 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-09 19:29:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-09 19:29:11 ----D---- C:\WINDOWS\system
2011-08-09 19:29:10 ----D---- C:\WINDOWS\system32\drivers
2011-08-09 19:29:10 ----D---- C:\Program Files\Analog Devices
2011-08-09 19:29:08 ----HD---- C:\WINDOWS\inf
2011-08-09 19:29:06 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-09 19:28:27 ----A---- C:\WINDOWS\Ascd_tmp.ini
2011-08-09 19:21:10 ----D---- C:\WINDOWS\Prefetch
2011-08-09 19:06:57 ----A---- C:\WINDOWS\wincmd.ini
2011-08-09 17:32:00 ----D---- C:\Program Files\Warcraft 3
2011-08-09 13:53:28 ----A---- C:\WINDOWS\AS_Debug.txt
2011-08-08 19:06:16 ----SHD---- C:\WINDOWS\Installer
2011-08-08 19:06:16 ----D---- C:\Config.Msi
2011-08-04 20:03:13 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-04 20:02:18 ----D---- C:\Documents and Settings\Admin\Application Data\BSplayer
2011-08-04 14:50:43 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2011-08-02 23:18:04 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2011-07-26 19:18:20 ----D---- C:\WINDOWS\Minidump
2011-07-18 12:00:16 ----D---- C:\Documents and Settings\Admin\Application Data\AVI ReComp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2011-07-04 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2011-07-04 194264]
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-10-30 43648]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-09 436792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-10-01 82380]
R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2011-07-04 103384]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-12-22 158736]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 42960]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-20 2843136]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-06-12 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 120208]
R3 WLC811GPCI;802.11b WLAN PCI; C:\WINDOWS\system32\DRIVERS\WLC811G.sys [2003-08-01 50432]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 auwbzh9u;auwbzh9u; C:\WINDOWS\system32\drivers\auwbzh9u.sys []
S3 axr4jpfq;axr4jpfq; C:\WINDOWS\system32\drivers\axr4jpfq.sys []
S3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 cpuz132;cpuz132; C:\WINDOWS\system32\drivers\cpuz132.sys []
S3 CrystalSysInfo;CrystalSysInfo; C:\WINDOWS\system32\drivers\CrystalSysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\XLL5D.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Programs\Garena\safedrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 109328]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-20 512000]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Programs\Avast\AvastSvc.exe [2011-07-04 42184]
R2 avast! Firewall;avast! Firewall; C:\Program Files\Programs\Avast\afwServ.exe [2011-07-04 121000]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-10-31 32256]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-07-15 233472]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\Programs\LogMeIn Hamachi NEW\hamachi-2.exe [2011-05-25 1336712]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-24 153376]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-05 75136]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Programs\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-04 1523008]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu problem s internetom
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu problem s internetom
Ještě poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu problem s internetom
Spustil som combofix vsetko to islo az do stage 50 potom napisalo deleting files a bum modra obrazovka a dumbovalo physical memory a nejaky stop: 0x000000C5(0x00000004 0x00000002 0x00000001 0x8054AFD2) spustil sa pc a net nesiel ten isty problem skusil som spusit combofix druhy krat to iste zase modra obrazovka a ked sa spustil pc net ide
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu problem s internetom
Vir asi způsobil nějaký problém, po němž to padalo. Podívejte se, zda máte v PC soubor C:\combofix.txt . Pokud ano, zkopírujte jeho obsah sem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu problem s internetom
ano je ale je nieje to txt ale ma ikonu tento pocitac vola sa ComboFix cez lavy dvojklik sa dostanem k C D DVD diskovej a k dokumentom a cez pravy ked dam vlastnosty tak je tam iba zalozka vseobecne a ma velkost 33MB
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu problem s internetom
Zkuste udělat nový sken, ale v nouz. režimu. Pak dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu problem s internetom
rano zase nesiel internet spravil som log v safe mode po spusteni nesiel tak som dal obnovit system pri obnovovani to zamrzne asi v polke vtedy dam tvrdi restart pc a ked sa spusti tak to ide toto fungovalo asi 2 krat zatial tu je log :
ComboFix 11-08-09.02 - Admin 11.08.2011 13:03:16.11.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1754 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\Mikrotik
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\advtool.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\advtool.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\dhcp.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\dhcp.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\hotspot.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\hotspot.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\ppp.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\ppp.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roteros.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roteros.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roting2.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roting2.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\secure.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\secure.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\system.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\system.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\wlan2.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\wlan2.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\Admin\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\msssc.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-09 21:41 . 2011-08-11 09:02 -------- d-----w- C:\## aswSnx private storage
2011-08-09 17:29 . 2001-09-19 04:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2011-08-09 17:29 . 2007-01-16 01:09 293888 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2011-08-09 17:29 . 2006-08-06 22:57 93952 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2011-08-09 17:29 . 2006-03-17 09:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2011-08-09 17:28 . 2005-05-04 06:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2011-08-09 17:28 . 2001-09-11 12:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2011-08-09 17:28 . 2006-07-10 12:42 49152 ------w- c:\windows\system32\DSndUp.exe
2011-08-09 17:28 . 2002-04-17 12:05 45056 ------w- c:\windows\system32\CleanUp.exe
2011-08-09 17:20 . 2011-08-09 17:20 -------- d-----w- C:\swsetup
2011-08-07 23:45 . 2011-08-07 23:45 -------- d-----w- C:\PDF
2011-08-03 10:38 . 2011-07-04 11:37 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-08-03 10:38 . 2011-07-04 11:36 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-08-03 10:37 . 2011-07-04 11:12 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-08-02 19:58 . 2011-08-02 19:58 -------- d-----w- c:\documents and settings\Admin\riotsGamesLogs
2011-07-16 14:04 . 2011-07-16 20:28 -------- d-----w- c:\documents and settings\Admin\Application Data\TS3Client
2011-07-16 14:03 . 2011-07-16 14:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-06-02 10:23 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-02 10:23 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-02 10:23 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-02 10:23 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-02 10:23 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-06-02 10:23 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-06-02 10:23 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-06-02 10:23 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-02 10:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-06-02 10:23 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-19 16:28 . 2011-06-19 16:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 21:02 . 2009-05-09 19:59 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-03 23:56 . 2011-06-21 20:21 330600 ----a-w- c:\windows\system32\HMIPCore.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Programs\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\Programs\DAEMON Tools\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408]
"AutoStartNPSAgent"="c:\program files\Programs\Samsung PC studio\NPSAgent.exe" [2010-02-26 102400]
"AlcoholAutomount"="c:\program files\Programs\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avast"="c:\program files\Programs\Avast\avastUI.exe" [2011-07-04 3493720]
"LogMeIn Hamachi Ui"="c:\program files\Programs\LogMeIn Hamachi NEW\hamachi-2-ui.exe" [2011-05-25 1951112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
hamachi.lnk - c:\program files\Hamachii\hamachi.exe [2011-6-12 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WConfig.lnk - c:\program files\WLAN\WConfig\WConfig.exe [2008-10-2 397312]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"12Voip"="c:\program files\Programs\12Voip\12Voip.exe" -nosplash -minimized
"FreeCall"="c:\program files\Programs\FreeCall\FreeCall.exe" -nosplash -minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Programs\\12Voip\\12Voip.exe"=
"c:\\Program Files\\Programs\\QIP Infium2\\infium.exe"=
"c:\\Program Files\\Programs\\Opera\\opera.exe"=
"c:\\Program Files\\Programs\\Garena\\Garena.exe"=
"c:\\Program Files\\Programs\\QIP 8080\\QIP\\qip.exe"=
"d:\\Hry\\World of Warcraft\\Repair.exe"=
"d:\\Hry\\World of Warcraft\\Launcher.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\WinWrapIDE.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\paswstat.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\paswstat.com"=
"c:\\Program Files\\Programs\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Programs\\Samsung PC studio\\npsasvr.exe"=
"c:\\Program Files\\Programs\\Samsung PC studio\\npsvsvr.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\server.exe"=
"c:\\Assassin's Creed II\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Brotherhood\\ACBSP.exe"=
"d:\\Hry\\Brotherhood\\ACBMP.exe"=
"d:\\Hry\\Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Hry\\Brotherhood\\UPlayBrowser.exe"=
"d:\\Hry\\League of Legends\\lol.launcher.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24718:TCP"= 24718:TCP:BitComet 24718 TCP
"24718:UDP"= 24718:UDP:BitComet 24718 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58682:TCP"= 58682:TCP:Pando Media Booster
"58682:UDP"= 58682:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"56565:TCP"= 56565:TCP:Pando Media Booster
"56565:UDP"= 56565:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"6884:TCP"= 6884:TCP:League of Legends Launcher
"6884:UDP"= 6884:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [3.8.2011 12:37 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [3.8.2011 12:38 194264]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.6.2011 12:45 270888]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2008 13:09 436792]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [3.8.2011 12:38 103384]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.6.2011 12:23 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2011 12:23 309848]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [11.1.2011 20:34 158736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [11.1.2011 20:34 42960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2011 12:23 19544]
S2 avast! Firewall;avast! Firewall;c:\program files\Programs\Avast\afwServ.exe [3.8.2011 12:37 121000]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [26.2.2010 12:49 233472]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Programs\LogMeIn Hamachi NEW\hamachi-2.exe [25.5.2011 17:29 1336712]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.12.2008 19:07 222456]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11.1.2011 1:24 632792]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [4.3.2011 18:30 1523008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26.2.2010 12:49 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Programs\Garena\safedrv.sys --> c:\program files\Programs\Garena\safedrv.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18.6.2009 18:52 18432]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11.1.2011 0:23 27064]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.6.2011 12:45 65576]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.12.2010 16:31 109328]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [22.12.2010 16:31 120208]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [2.10.2008 17:13 50432]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-01-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8222892560.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-08-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 06:50]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 08:56]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 08:56]
.
2011-08-10 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-01-10 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: umb.sk\ais2
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{6B2EFE16-4472-4A3D-9A81-EB959A3D6445}: NameServer = 8.8.8.8,8.8.4.4
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8bcy1wp1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 13:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-11 13:11:47
ComboFix-quarantined-files.txt 2011-08-11 11:11
ComboFix2.txt 2011-04-28 15:50
.
Pre-Run: 2 864 070 656 bytes free
Post-Run: 2 838 265 856 voľných bajtov
.
- - End Of File - - D583DAB3E2CB1CF661E4D314611C8DAB
ComboFix 11-08-09.02 - Admin 11.08.2011 13:03:16.11.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1754 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\Mikrotik
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\advtool.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\advtool.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\dhcp.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\dhcp.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\hotspot.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\hotspot.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\ppp.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\ppp.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roteros.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roteros.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roting2.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\roting2.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\secure.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\secure.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\system.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\system.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\wlan2.crc
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\3.11\wlan2.dll
c:\documents and settings\Admin\Application Data\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\Admin\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\msssc.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-09 21:41 . 2011-08-11 09:02 -------- d-----w- C:\## aswSnx private storage
2011-08-09 17:29 . 2001-09-19 04:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2011-08-09 17:29 . 2007-01-16 01:09 293888 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2011-08-09 17:29 . 2006-08-06 22:57 93952 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2011-08-09 17:29 . 2006-03-17 09:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2011-08-09 17:28 . 2005-05-04 06:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2011-08-09 17:28 . 2001-09-11 12:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2011-08-09 17:28 . 2006-07-10 12:42 49152 ------w- c:\windows\system32\DSndUp.exe
2011-08-09 17:28 . 2002-04-17 12:05 45056 ------w- c:\windows\system32\CleanUp.exe
2011-08-09 17:20 . 2011-08-09 17:20 -------- d-----w- C:\swsetup
2011-08-07 23:45 . 2011-08-07 23:45 -------- d-----w- C:\PDF
2011-08-03 10:38 . 2011-07-04 11:37 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-08-03 10:38 . 2011-07-04 11:36 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-08-03 10:37 . 2011-07-04 11:12 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-08-02 19:58 . 2011-08-02 19:58 -------- d-----w- c:\documents and settings\Admin\riotsGamesLogs
2011-07-16 14:04 . 2011-07-16 20:28 -------- d-----w- c:\documents and settings\Admin\Application Data\TS3Client
2011-07-16 14:03 . 2011-07-16 14:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-06-02 10:23 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-06-02 10:23 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-06-02 10:23 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-06-02 10:23 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-06-02 10:23 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-06-02 10:23 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-06-02 10:23 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-06-02 10:23 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-06-02 10:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-06-02 10:23 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-19 16:28 . 2011-06-19 16:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 21:02 . 2009-05-09 19:59 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-03 23:56 . 2011-06-21 20:21 330600 ----a-w- c:\windows\system32\HMIPCore.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Programs\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\Programs\DAEMON Tools\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408]
"AutoStartNPSAgent"="c:\program files\Programs\Samsung PC studio\NPSAgent.exe" [2010-02-26 102400]
"AlcoholAutomount"="c:\program files\Programs\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avast"="c:\program files\Programs\Avast\avastUI.exe" [2011-07-04 3493720]
"LogMeIn Hamachi Ui"="c:\program files\Programs\LogMeIn Hamachi NEW\hamachi-2-ui.exe" [2011-05-25 1951112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Admin\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
hamachi.lnk - c:\program files\Hamachii\hamachi.exe [2011-6-12 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WConfig.lnk - c:\program files\WLAN\WConfig\WConfig.exe [2008-10-2 397312]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"12Voip"="c:\program files\Programs\12Voip\12Voip.exe" -nosplash -minimized
"FreeCall"="c:\program files\Programs\FreeCall\FreeCall.exe" -nosplash -minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Programs\\12Voip\\12Voip.exe"=
"c:\\Program Files\\Programs\\QIP Infium2\\infium.exe"=
"c:\\Program Files\\Programs\\Opera\\opera.exe"=
"c:\\Program Files\\Programs\\Garena\\Garena.exe"=
"c:\\Program Files\\Programs\\QIP 8080\\QIP\\qip.exe"=
"d:\\Hry\\World of Warcraft\\Repair.exe"=
"d:\\Hry\\World of Warcraft\\Launcher.exe"=
"d:\\Hry\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\WinWrapIDE.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\paswstat.exe"=
"c:\\Program Files\\Programs\\PASW Statistics\\paswstat.com"=
"c:\\Program Files\\Programs\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Programs\\Samsung PC studio\\npsasvr.exe"=
"c:\\Program Files\\Programs\\Samsung PC studio\\npsvsvr.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\server.exe"=
"c:\\Assassin's Creed II\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Brotherhood\\ACBSP.exe"=
"d:\\Hry\\Brotherhood\\ACBMP.exe"=
"d:\\Hry\\Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Hry\\Brotherhood\\UPlayBrowser.exe"=
"d:\\Hry\\League of Legends\\lol.launcher.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24718:TCP"= 24718:TCP:BitComet 24718 TCP
"24718:UDP"= 24718:UDP:BitComet 24718 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58682:TCP"= 58682:TCP:Pando Media Booster
"58682:UDP"= 58682:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"56565:TCP"= 56565:TCP:Pando Media Booster
"56565:UDP"= 56565:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"6884:TCP"= 6884:TCP:League of Legends Launcher
"6884:UDP"= 6884:UDP:League of Legends Launcher
"6900:TCP"= 6900:TCP:League of Legends Launcher
"6900:UDP"= 6900:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [3.8.2011 12:37 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [3.8.2011 12:38 194264]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.6.2011 12:45 270888]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.10.2008 13:09 436792]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [3.8.2011 12:38 103384]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.6.2011 12:23 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.6.2011 12:23 309848]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [11.1.2011 20:34 158736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [11.1.2011 20:34 42960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.6.2011 12:23 19544]
S2 avast! Firewall;avast! Firewall;c:\program files\Programs\Avast\afwServ.exe [3.8.2011 12:37 121000]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [26.2.2010 12:49 233472]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Programs\LogMeIn Hamachi NEW\hamachi-2.exe [25.5.2011 17:29 1336712]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.12.2008 19:07 222456]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11.1.2011 1:24 632792]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [4.3.2011 18:30 1523008]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26.2.2010 12:49 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp --> c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Programs\Garena\safedrv.sys --> c:\program files\Programs\Garena\safedrv.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18.6.2009 18:52 18432]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11.1.2011 0:23 27064]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.6.2011 12:45 65576]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.12.2010 16:31 109328]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [22.12.2010 16:31 120208]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [2.10.2008 17:13 50432]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-01-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8222892560.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-08-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 06:50]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 08:56]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1326574676-682003330-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 08:56]
.
2011-08-10 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-01-10 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: umb.sk\ais2
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{6B2EFE16-4472-4A3D-9A81-EB959A3D6445}: NameServer = 8.8.8.8,8.8.4.4
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8bcy1wp1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 13:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\XLL5D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-11 13:11:47
ComboFix-quarantined-files.txt 2011-08-11 11:11
ComboFix2.txt 2011-04-28 15:50
.
Pre-Run: 2 864 070 656 bytes free
Post-Run: 2 838 265 856 voľných bajtov
.
- - End Of File - - D583DAB3E2CB1CF661E4D314611C8DAB
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu problem s internetom
Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?