Ahoj,
prosim o preventivnu kontrolu logu:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Martin Hlinka at 2011-10-17 19:10:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (14%) free of 20 GB
Total RAM: 2047 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:11:20, on 17.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin Hlinka\My Documents\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Martin Hlinka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\TRANSLATOR\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\TRANSLATOR\WebIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Ashampoo HDD Control Guard] "C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OSTATN~1\OFFICE~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\TRANSLATOR\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\TRANSLATOR\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\TRANSLATOR\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\TRANSLATOR\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\TRANSLATOR\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\TRANSLATOR\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\TRANSLATOR\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\TRANSLATOR\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\TRANSLATOR\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: MAXDB: .M770423 (SAP DBTech-.M770423) - Unknown owner - H:\sapdb\NSP\db\pgm\kernel.exe (file missing)
O23 - Service: MAXDB: .M770423 (slow) (SAP DBTech-.M770423 (slow)) - Unknown owner - H:\sapdb\NSP\db\pgm\slowknl.exe (file missing)
O23 - Service: MAXDB: NSP (SAP DBTech-NSP) - Unknown owner - H:\sapdb\NSP\db\pgm\kernel.exe (file missing)
O23 - Service: MAXDB: NSP (slow) (SAP DBTech-NSP (slow)) - Unknown owner - H:\sapdb\NSP\db\pgm\slowknl.exe (file missing)
O23 - Service: SAPNSP_00 - Unknown owner - H:\SAP\NSP\SYS\exe\run\sapstartsrv.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: XServer - Unknown owner - H:\sapdb\programs\pgm\serv.exe (file missing)
--
End of file - 9755 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, linkfilter@kaspersky.ru:9.0.0.463, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.21, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, vtzilla@virustotal.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
AskSearch.js
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npFoxitReaderPlugin.dll
npLegitCheckPlugin.dll
C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\extensions\
fastdial@telega.phpnet(2).us
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
C:\Documents and Settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\searchplugins\
ask.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - D:\TRANSLATOR\WebIE.dll [2010-12-27 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-09-09 2276704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-07-26 2532680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-14 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-14 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\TRANSLATOR\WebIE.dll [2010-12-27 503808]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-07-26 2532680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo HDD Control Guard"=C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe [2010-11-01 4085080]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-09-10 2338656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"OEXPRESS"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-07-25 433360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
D:\Ostatné\Office 2010\Office14\BCSSync.exe /DelayServices []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
C:\Program Files\Lexmark 2600 Series\lxdnamon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2005-09-13 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin Hlinka^Start Menu^Programs^Startup^Lingea Update Center.lnk]
C:\PROGRA~1\COMMON~1\LINGEA~1\luc.exe [2010-04-11 275736]
C:\Documents and Settings\Martin Hlinka\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-14 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\KMSEmulator.exe"="C:\WINDOWS\KMSEmulator.exe:*:Enabled:KMSEmulator"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:Diagnostika AVG 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert Manager"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-10-17 19:10:56 ----D---- C:\Program Files\trend micro
2011-10-17 18:23:36 ----D---- C:\WINDOWS\LastGood
2011-10-16 20:15:52 ----D---- C:\WINDOWS\system32\NtmsData
2011-10-16 14:36:48 ----HD---- C:\$AVG
2011-10-16 14:31:55 ----D---- C:\Documents and Settings\Martin Hlinka\Application Data\AVG10
2011-10-16 14:31:18 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2011-10-16 14:30:51 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-10-16 14:27:40 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-10-16 14:27:40 ----D---- C:\Documents and Settings\All Users\Application Data\AVG10
2011-10-16 14:22:47 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2011-10-16 14:15:28 ----A---- C:\WINDOWS\AutoKMS.tmp
2011-10-15 09:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-14 21:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-14 21:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-14 20:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2586448$
2011-09-25 16:00:58 ----A---- C:\WINDOWS\AutoKMS.ini
2011-09-25 15:57:56 ----A---- C:\WINDOWS\system32\muweb.dll
2011-09-25 15:57:55 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-09-25 15:02:20 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-09-25 15:02:13 ----D---- C:\Program Files\Common Files\DESIGNER
2011-09-25 15:00:43 ----D---- C:\Program Files\Microsoft.NET
2011-09-25 15:00:43 ----D---- C:\Program Files\Microsoft Sync Framework
2011-09-25 15:00:43 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-09-25 14:49:29 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-09-25 14:46:52 ----D---- C:\Program Files\Microsoft Analysis Services
2011-09-25 12:56:36 ----D---- C:\Program Files\Common Files\ODBC
2011-09-20 19:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-09-20 19:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
======List of files/folders modified in the last 1 month======
2011-10-17 19:11:05 ----D---- C:\WINDOWS\Prefetch
2011-10-17 19:10:56 ----RD---- C:\Program Files
2011-10-17 18:56:40 ----D---- C:\WINDOWS\system32
2011-10-17 18:53:17 ----D---- C:\WINDOWS\Temp
2011-10-17 18:27:02 ----SHD---- C:\WINDOWS\Installer
2011-10-17 18:26:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-17 18:23:44 ----HD---- C:\WINDOWS\inf
2011-10-17 18:23:44 ----D---- C:\WINDOWS\system32\drivers
2011-10-17 18:23:36 ----D---- C:\WINDOWS
2011-10-17 18:13:33 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-16 22:13:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-16 20:19:55 ----SHD---- C:\System Volume Information
2011-10-16 20:19:55 ----D---- C:\WINDOWS\system32\Restore
2011-10-16 14:25:10 ----D---- C:\Program Files\AVG
2011-10-16 14:24:40 ----D---- C:\WINDOWS\WinSxS
2011-10-16 14:12:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2011-10-15 15:10:48 ----D---- C:\Program Files\Windows Media Player
2011-10-15 09:35:50 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-15 09:32:18 ----RSD---- C:\WINDOWS\assembly
2011-10-15 09:25:39 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-15 09:14:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-15 09:13:49 ----D---- C:\WINDOWS\Debug
2011-10-14 21:01:14 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-14 21:00:07 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-14 18:35:45 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-11 20:00:10 ----D---- C:\Program Files\Mozilla Firefox
2011-10-03 19:14:50 ----A---- C:\WINDOWS\wincmd.ini
2011-09-26 20:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\oleacc.dll
2011-09-26 11:41:14 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2011-09-25 15:53:10 ----D---- C:\Documents and Settings
2011-09-25 15:28:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-25 15:27:06 ----D---- C:\WINDOWS\SHELLNEW
2011-09-25 15:24:24 ----A---- C:\WINDOWS\win.ini
2011-09-25 15:24:11 ----D---- C:\Program Files\Common Files\System
2011-09-25 15:05:57 ----RSD---- C:\WINDOWS\Fonts
2011-09-25 15:02:13 ----D---- C:\Program Files\Common Files
2011-09-25 15:00:48 ----D---- C:\Program Files\Microsoft Office
2011-09-25 15:00:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-09-25 12:00:28 ----D---- C:\Program Files\Setup Files
2011-09-25 12:00:20 ----HD---- C:\Program Files\InstallShield Installation Information
2011-09-25 12:00:18 ----D---- C:\Program Files\FileSubmit
2011-09-25 12:00:18 ----D---- C:\Program Files\DivX
2011-09-25 12:00:17 ----D---- C:\Program Files\Common Files\Lingea Shared
2011-09-25 12:00:17 ----D---- C:\Program Files\Common Files\InterVideo
2011-09-25 12:00:17 ----D---- C:\Program Files\Common Files\Adobe
2011-09-25 11:56:58 ----D---- C:\Program Files\InterVideo
2011-09-24 18:21:43 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-22 20:18:19 ----D---- C:\Documents and Settings\Martin Hlinka\Application Data\NAVIGON Fresh
2011-09-22 19:58:28 ----D---- C:\Documents and Settings\All Users\Application Data\boost_interprocess
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2010-02-15 43840]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VMC322;Vimicro Camera Service VMC322; C:\WINDOWS\System32\Drivers\VMC322.sys [2008-07-02 232320]
R3 vvftC322;Vimicro Camera Filter Service VMC322; C:\WINDOWS\system32\drivers\vvftC322.sys [2008-07-10 476544]
S3 AdfuUd;%USB\VID_10D6&PID_1160.DeviceDesc%; C:\WINDOWS\System32\Drivers\AdfuUd.sys []
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-08-20 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-08-20 25512]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-25 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S2 SAP DBTech-NSP;MAXDB: NSP; H:\sapdb\NSP\db\pgm\kernel.exe []
S2 SAPNSP_00;SAPNSP_00; H:\SAP\NSP\SYS\exe\run\sapstartsrv.exe pf=H:\SAP\NSP\SYS\profile\START_DVEBMGS00_klingoln []
S2 XServer;XServer; H:\sapdb\programs\pgm\serv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SAP DBTech-.M770423 (slow);MAXDB: .M770423 (slow); H:\sapdb\NSP\db\pgm\slowknl.exe []
S3 SAP DBTech-.M770423;MAXDB: .M770423; H:\sapdb\NSP\db\pgm\kernel.exe []
S3 SAP DBTech-NSP (slow);MAXDB: NSP (slow); H:\sapdb\NSP\db\pgm\slowknl.exe []
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivna kontrola
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Preventivna kontrola
Klingoln
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivna kontrola
Pravděpodobně máte rootkit. Poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivna kontrola
Prikladam log z combofixu:
ComboFix 11-10-17.02 - Martin Hlinka 17.10.2011 20:01:38.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1371 [GMT 2:00]
Running from: c:\documents and settings\Martin Hlinka\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin Hlinka\Application Data\chrtmp
c:\program files\filesubmit
c:\program files\filesubmit\183255\183255\EOS.logonxp
c:\program files\filesubmit\183257\183257\Installation.txt
c:\program files\filesubmit\183257\183257\NightShades.Theme
c:\program files\filesubmit\183257\183257\NightShades\Font\Dungeon.TTF
c:\program files\filesubmit\183257\183257\NightShades\Icons\BIN Empty.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\BIN Full.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Control Panel.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Internet Explorer.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\My Computer.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\My Documents.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\My Network.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Permission.txt
c:\program files\filesubmit\183257\183257\NightShades\Icons\Printers.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Thumbs.db
c:\program files\filesubmit\183257\183257\NightShades\NightShades.msstyles
c:\program files\filesubmit\183257\183257\NightShades\Screenshots\NS_Large.jpg
c:\program files\filesubmit\183257\183257\NightShades\Screenshots\NS_Small.jpg
c:\program files\filesubmit\183257\183257\NightShades\Shell\NormalColor\shellstyle.dll
c:\program files\filesubmit\183257\183257\NightShades\User Icon\NightShades User Icon.bmp
c:\program files\filesubmit\183257\183257\NightShades\User Icon\Thumbs.db
c:\program files\filesubmit\183257\183257\NightShades\Wallpaper\NightShades.jpg
c:\program files\filesubmit\183257\183257\NightShades\Wallpaper\Thumbs.db
c:\program files\filesubmit\183692\183692\Blue200906.logonvista
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 17:10 . 2011-10-17 17:11 -------- d-----w- c:\program files\trend micro
2011-10-16 18:15 . 2011-10-16 18:16 -------- d-----w- c:\windows\system32\NtmsData
2011-10-16 12:36 . 2011-10-16 12:36 -------- d-----w- C:\$AVG
2011-10-16 12:31 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\Martin Hlinka\Application Data\AVG10
2011-10-16 12:31 . 2011-10-16 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-16 12:30 . 2011-10-17 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-10-16 12:27 . 2011-10-17 16:18 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-16 12:27 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-10-16 12:22 . 2011-10-16 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-16 12:15 . 2011-10-16 12:15 0 ----a-w- c:\windows\AutoKMS.tmp
2011-10-15 13:12 . 2011-10-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-10-15 13:11 . 2011-10-15 13:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2011-09-25 13:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-25 13:57 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-25 13:53 . 2011-09-25 13:53 -------- d-----w- c:\documents and settings\TEMP.KLINGOLN
2011-09-25 13:02 . 2011-09-25 13:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft.NET
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-25 12:49 . 2011-09-25 12:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-25 12:46 . 2011-09-25 12:46 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 17:56 . 2011-05-25 05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-08-20 19:47 . 2011-08-20 19:47 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-20 19:47 . 2011-08-20 19:47 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-08-20 19:47 . 2011-08-20 19:47 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-01-31 17:37 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-10-11 17:59 . 2011-05-08 09:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-11-01 4085080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2011-3-26 275736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martin Hlinka^Start Menu^Programs^Startup^Lingea Update Center.lnk]
path=c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\Lingea Update Center.lnk
backup=c:\windows\pss\Lingea Update Center.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-08-15 07:34 57344 -c--a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 -c--a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5.4.2011 0:59 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.3.2011 19:03 218688]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9.3.2011 19:24 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14.4.2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 27216]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [15.2.2010 19:46 43840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.12.2009 16:17 27632]
S2 SAP DBTech-NSP;MAXDB: NSP;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S2 SAPNSP_00;SAPNSP_00;"h:\sap\NSP\SYS\exe\run\sapstartsrv.exe" pf="h:\sap\NSP\SYS\profile\START_DVEBMGS00_klingoln" --> h:\sap\NSP\SYS\exe\run\sapstartsrv.exe [?]
S2 XServer;XServer;h:\sapdb\programs\pgm\serv.exe --> h:\sapdb\programs\pgm\serv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [16.10.2011 14:30 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [26.2.2011 14:30 406016]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.8.2011 21:47 13224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [24.12.2009 16:06 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [24.12.2009 16:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [24.12.2009 16:06 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [24.12.2009 16:06 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [24.12.2009 16:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [24.12.2009 16:06 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [24.12.2009 16:06 109736]
S3 SAP DBTech-.M770423 (slow);MAXDB: .M770423 (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 SAP DBTech-.M770423;MAXDB: .M770423;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S3 SAP DBTech-NSP (slow);MAXDB: NSP (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [14.7.2011 20:23 155344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [21.11.2009 13:48 23600]
S3 VMC322;Vimicro Camera Service VMC322;c:\windows\system32\drivers\VMC322.sys [1.2.2009 13:02 232320]
S3 vvftC322;Vimicro Camera Filter Service VMC322;c:\windows\system32\drivers\vvftC322.sys [1.2.2009 13:02 476544]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.5.2009 11:51 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\ostatn~1\OFFICE~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\translator\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-BCSSync - d:\ostatné\Office 2010\Office14\BCSSync.exe
MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe
MSConfigStartUp-lxdnmon - c:\program files\Lexmark 2600 Series\lxdnmon.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1956)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-10-17 20:14:16
ComboFix-quarantined-files.txt 2011-10-17 18:14
.
Pre-Run: 2 933 829 632 bytes free
Post-Run: 2 954 141 696 voľných bajtov
.
- - End Of File - - AD6880A46A80DB4283881D08BE4529F4
ComboFix 11-10-17.02 - Martin Hlinka 17.10.2011 20:01:38.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1371 [GMT 2:00]
Running from: c:\documents and settings\Martin Hlinka\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin Hlinka\Application Data\chrtmp
c:\program files\filesubmit
c:\program files\filesubmit\183255\183255\EOS.logonxp
c:\program files\filesubmit\183257\183257\Installation.txt
c:\program files\filesubmit\183257\183257\NightShades.Theme
c:\program files\filesubmit\183257\183257\NightShades\Font\Dungeon.TTF
c:\program files\filesubmit\183257\183257\NightShades\Icons\BIN Empty.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\BIN Full.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Control Panel.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Internet Explorer.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\My Computer.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\My Documents.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\My Network.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Permission.txt
c:\program files\filesubmit\183257\183257\NightShades\Icons\Printers.ico
c:\program files\filesubmit\183257\183257\NightShades\Icons\Thumbs.db
c:\program files\filesubmit\183257\183257\NightShades\NightShades.msstyles
c:\program files\filesubmit\183257\183257\NightShades\Screenshots\NS_Large.jpg
c:\program files\filesubmit\183257\183257\NightShades\Screenshots\NS_Small.jpg
c:\program files\filesubmit\183257\183257\NightShades\Shell\NormalColor\shellstyle.dll
c:\program files\filesubmit\183257\183257\NightShades\User Icon\NightShades User Icon.bmp
c:\program files\filesubmit\183257\183257\NightShades\User Icon\Thumbs.db
c:\program files\filesubmit\183257\183257\NightShades\Wallpaper\NightShades.jpg
c:\program files\filesubmit\183257\183257\NightShades\Wallpaper\Thumbs.db
c:\program files\filesubmit\183692\183692\Blue200906.logonvista
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 17:10 . 2011-10-17 17:11 -------- d-----w- c:\program files\trend micro
2011-10-16 18:15 . 2011-10-16 18:16 -------- d-----w- c:\windows\system32\NtmsData
2011-10-16 12:36 . 2011-10-16 12:36 -------- d-----w- C:\$AVG
2011-10-16 12:31 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\Martin Hlinka\Application Data\AVG10
2011-10-16 12:31 . 2011-10-16 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-16 12:30 . 2011-10-17 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-10-16 12:27 . 2011-10-17 16:18 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-16 12:27 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-10-16 12:22 . 2011-10-16 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-16 12:15 . 2011-10-16 12:15 0 ----a-w- c:\windows\AutoKMS.tmp
2011-10-15 13:12 . 2011-10-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-10-15 13:11 . 2011-10-15 13:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2011-09-25 13:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-25 13:57 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-25 13:53 . 2011-09-25 13:53 -------- d-----w- c:\documents and settings\TEMP.KLINGOLN
2011-09-25 13:02 . 2011-09-25 13:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft.NET
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-25 12:49 . 2011-09-25 12:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-25 12:46 . 2011-09-25 12:46 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 17:56 . 2011-05-25 05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-08-20 19:47 . 2011-08-20 19:47 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-20 19:47 . 2011-08-20 19:47 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-08-20 19:47 . 2011-08-20 19:47 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-01-31 17:37 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-10-11 17:59 . 2011-05-08 09:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-11-01 4085080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2011-3-26 275736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martin Hlinka^Start Menu^Programs^Startup^Lingea Update Center.lnk]
path=c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\Lingea Update Center.lnk
backup=c:\windows\pss\Lingea Update Center.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-08-15 07:34 57344 -c--a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 -c--a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5.4.2011 0:59 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.3.2011 19:03 218688]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9.3.2011 19:24 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14.4.2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 27216]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [15.2.2010 19:46 43840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.12.2009 16:17 27632]
S2 SAP DBTech-NSP;MAXDB: NSP;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S2 SAPNSP_00;SAPNSP_00;"h:\sap\NSP\SYS\exe\run\sapstartsrv.exe" pf="h:\sap\NSP\SYS\profile\START_DVEBMGS00_klingoln" --> h:\sap\NSP\SYS\exe\run\sapstartsrv.exe [?]
S2 XServer;XServer;h:\sapdb\programs\pgm\serv.exe --> h:\sapdb\programs\pgm\serv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [16.10.2011 14:30 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [26.2.2011 14:30 406016]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.8.2011 21:47 13224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [24.12.2009 16:06 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [24.12.2009 16:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [24.12.2009 16:06 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [24.12.2009 16:06 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [24.12.2009 16:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [24.12.2009 16:06 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [24.12.2009 16:06 109736]
S3 SAP DBTech-.M770423 (slow);MAXDB: .M770423 (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 SAP DBTech-.M770423;MAXDB: .M770423;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S3 SAP DBTech-NSP (slow);MAXDB: NSP (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [14.7.2011 20:23 155344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [21.11.2009 13:48 23600]
S3 VMC322;Vimicro Camera Service VMC322;c:\windows\system32\drivers\VMC322.sys [1.2.2009 13:02 232320]
S3 vvftC322;Vimicro Camera Filter Service VMC322;c:\windows\system32\drivers\vvftC322.sys [1.2.2009 13:02 476544]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.5.2009 11:51 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\ostatn~1\OFFICE~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\translator\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-BCSSync - d:\ostatné\Office 2010\Office14\BCSSync.exe
MSConfigStartUp-lxdnamon - c:\program files\Lexmark 2600 Series\lxdnamon.exe
MSConfigStartUp-lxdnmon - c:\program files\Lexmark 2600 Series\lxdnmon.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1956)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-10-17 20:14:16
ComboFix-quarantined-files.txt 2011-10-17 18:14
.
Pre-Run: 2 933 829 632 bytes free
Post-Run: 2 954 141 696 voľných bajtov
.
- - End Of File - - AD6880A46A80DB4283881D08BE4529F4
Klingoln
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivna kontrola
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\mbr.sys
Driver::
mbr
Firefox::
FF - ProfilePath - c:\documents and settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - prefs.js: network.proxy.type - 0
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivna kontrola
Ahoj,
tu je dalsi log z combofixu:
ComboFix 11-10-18.02 - Martin Hlinka 18.10.2011 19:39:12.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1359 [GMT 2:00]
Running from: c:\documents and settings\Martin Hlinka\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Hlinka\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-17 17:10 . 2011-10-17 17:11 -------- d-----w- c:\program files\trend micro
2011-10-16 18:15 . 2011-10-16 18:16 -------- d-----w- c:\windows\system32\NtmsData
2011-10-16 12:36 . 2011-10-16 12:36 -------- d-----w- C:\$AVG
2011-10-16 12:31 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\Martin Hlinka\Application Data\AVG10
2011-10-16 12:31 . 2011-10-16 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-16 12:30 . 2011-10-17 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-10-16 12:27 . 2011-10-18 17:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-16 12:27 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-10-16 12:22 . 2011-10-16 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-16 12:15 . 2011-10-16 12:15 0 ----a-w- c:\windows\AutoKMS.tmp
2011-10-15 13:12 . 2011-10-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-10-15 13:11 . 2011-10-15 13:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2011-09-25 13:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-25 13:57 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-25 13:53 . 2011-09-25 13:53 -------- d-----w- c:\documents and settings\TEMP.KLINGOLN
2011-09-25 13:02 . 2011-09-25 13:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft.NET
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-25 12:49 . 2011-09-25 12:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-25 12:46 . 2011-09-25 12:46 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 17:56 . 2011-05-25 05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-08-20 19:47 . 2011-08-20 19:47 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-20 19:47 . 2011-08-20 19:47 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-08-20 19:47 . 2011-08-20 19:47 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-01-31 17:37 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-10-11 17:59 . 2011-05-08 09:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_18.09.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-18 17:48 . 2011-10-18 17:48 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2011-10-18 17:49 . 2011-10-18 17:49 245760 c:\windows\ERDNT\AutoBackup\18.10.2011\Users\00000002\UsrClass.dat
+ 2011-10-18 17:49 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\18.10.2011\ERDNT.EXE
+ 2011-10-18 17:49 . 2011-10-18 17:49 10698752 c:\windows\ERDNT\AutoBackup\18.10.2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-11-01 4085080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2011-3-26 275736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martin Hlinka^Start Menu^Programs^Startup^Lingea Update Center.lnk]
path=c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\Lingea Update Center.lnk
backup=c:\windows\pss\Lingea Update Center.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-08-15 07:34 57344 -c--a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 -c--a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5.4.2011 0:59 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.3.2011 19:03 218688]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9.3.2011 19:24 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14.4.2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 27216]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [15.2.2010 19:46 43840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.12.2009 16:17 27632]
S2 SAP DBTech-NSP;MAXDB: NSP;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S2 SAPNSP_00;SAPNSP_00;"h:\sap\NSP\SYS\exe\run\sapstartsrv.exe" pf="h:\sap\NSP\SYS\profile\START_DVEBMGS00_klingoln" --> h:\sap\NSP\SYS\exe\run\sapstartsrv.exe [?]
S2 XServer;XServer;h:\sapdb\programs\pgm\serv.exe --> h:\sapdb\programs\pgm\serv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [16.10.2011 14:30 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [26.2.2011 14:30 406016]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.8.2011 21:47 13224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [24.12.2009 16:06 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [24.12.2009 16:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [24.12.2009 16:06 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [24.12.2009 16:06 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [24.12.2009 16:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [24.12.2009 16:06 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [24.12.2009 16:06 109736]
S3 SAP DBTech-.M770423 (slow);MAXDB: .M770423 (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 SAP DBTech-.M770423;MAXDB: .M770423;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S3 SAP DBTech-NSP (slow);MAXDB: NSP (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [14.7.2011 20:23 155344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [21.11.2009 13:48 23600]
S3 VMC322;Vimicro Camera Service VMC322;c:\windows\system32\drivers\VMC322.sys [1.2.2009 13:02 232320]
S3 vvftC322;Vimicro Camera Filter Service VMC322;c:\windows\system32\drivers\vvftC322.sys [1.2.2009 13:02 476544]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.5.2009 11:51 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\ostatn~1\OFFICE~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\translator\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2532)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1051\GrooveIntlResource.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-10-18 19:55:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 17:55
ComboFix2.txt 2011-10-17 18:14
.
Pre-Run: 2 906 120 192 bytes free
Post-Run: 2 876 149 760 voľných bajtov
.
- - End Of File - - 5C989E14F126EC8F3E64B2D14758D8C6
tu je dalsi log z combofixu:
ComboFix 11-10-18.02 - Martin Hlinka 18.10.2011 19:39:12.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1359 [GMT 2:00]
Running from: c:\documents and settings\Martin Hlinka\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Hlinka\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-17 17:10 . 2011-10-17 17:11 -------- d-----w- c:\program files\trend micro
2011-10-16 18:15 . 2011-10-16 18:16 -------- d-----w- c:\windows\system32\NtmsData
2011-10-16 12:36 . 2011-10-16 12:36 -------- d-----w- C:\$AVG
2011-10-16 12:31 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\Martin Hlinka\Application Data\AVG10
2011-10-16 12:31 . 2011-10-16 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-16 12:30 . 2011-10-17 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-10-16 12:27 . 2011-10-18 17:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-16 12:27 . 2011-10-16 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-10-16 12:22 . 2011-10-16 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-16 12:15 . 2011-10-16 12:15 0 ----a-w- c:\windows\AutoKMS.tmp
2011-10-15 13:12 . 2011-10-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2011-10-15 13:11 . 2011-10-15 13:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2011-09-25 13:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-25 13:57 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-25 13:53 . 2011-09-25 13:53 -------- d-----w- c:\documents and settings\TEMP.KLINGOLN
2011-09-25 13:02 . 2011-09-25 13:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft.NET
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-25 13:00 . 2011-09-25 13:00 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-25 12:49 . 2011-09-25 12:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-25 12:46 . 2011-09-25 12:46 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 17:56 . 2011-05-25 05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2007-10-09 11:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-08-20 19:47 . 2011-08-20 19:47 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-20 19:47 . 2011-08-20 19:47 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-08-20 19:47 . 2011-08-20 19:47 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-01-31 17:37 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-10-11 17:59 . 2011-05-08 09:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_18.09.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-18 17:48 . 2011-10-18 17:48 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2011-10-18 17:49 . 2011-10-18 17:49 245760 c:\windows\ERDNT\AutoBackup\18.10.2011\Users\00000002\UsrClass.dat
+ 2011-10-18 17:49 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\18.10.2011\ERDNT.EXE
+ 2011-10-18 17:49 . 2011-10-18 17:49 10698752 c:\windows\ERDNT\AutoBackup\18.10.2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-11-01 4085080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2011-3-26 275736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martin Hlinka^Start Menu^Programs^Startup^Lingea Update Center.lnk]
path=c:\documents and settings\Martin Hlinka\Start Menu\Programs\Startup\Lingea Update Center.lnk
backup=c:\windows\pss\Lingea Update Center.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-08-15 07:34 57344 -c--a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 -c--a-w- c:\program files\TGTSoft\StyleXP\StyleXP.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5.4.2011 0:59 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [27.3.2011 19:03 218688]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [9.3.2011 19:24 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14.4.2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 27216]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [15.2.2010 19:46 43840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.12.2009 16:17 27632]
S2 SAP DBTech-NSP;MAXDB: NSP;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S2 SAPNSP_00;SAPNSP_00;"h:\sap\NSP\SYS\exe\run\sapstartsrv.exe" pf="h:\sap\NSP\SYS\profile\START_DVEBMGS00_klingoln" --> h:\sap\NSP\SYS\exe\run\sapstartsrv.exe [?]
S2 XServer;XServer;h:\sapdb\programs\pgm\serv.exe --> h:\sapdb\programs\pgm\serv.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [16.10.2011 14:30 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 4:33 30432]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [26.2.2011 14:30 406016]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.8.2011 21:47 13224]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [24.12.2009 16:06 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [24.12.2009 16:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [24.12.2009 16:06 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [24.12.2009 16:06 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [24.12.2009 16:06 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [24.12.2009 16:06 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [24.12.2009 16:06 109736]
S3 SAP DBTech-.M770423 (slow);MAXDB: .M770423 (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 SAP DBTech-.M770423;MAXDB: .M770423;h:\sapdb\NSP\db\pgm\kernel.exe --> h:\sapdb\NSP\db\pgm\kernel.exe [?]
S3 SAP DBTech-NSP (slow);MAXDB: NSP (slow);h:\sapdb\NSP\db\pgm\slowknl.exe --> h:\sapdb\NSP\db\pgm\slowknl.exe [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [14.7.2011 20:23 155344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [21.11.2009 13:48 23600]
S3 VMC322;Vimicro Camera Service VMC322;c:\windows\system32\drivers\VMC322.sys [1.2.2009 13:02 232320]
S3 vvftC322;Vimicro Camera Filter Service VMC322;c:\windows\system32\drivers\vvftC322.sys [1.2.2009 13:02 476544]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.5.2009 11:51 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\ostatn~1\OFFICE~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\translator\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\translator\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Martin Hlinka\Application Data\Mozilla\Firefox\Profiles\muelh6vd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2532)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1051\GrooveIntlResource.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-10-18 19:55:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 17:55
ComboFix2.txt 2011-10-17 18:14
.
Pre-Run: 2 906 120 192 bytes free
Post-Run: 2 876 149 760 voľných bajtov
.
- - End Of File - - 5C989E14F126EC8F3E64B2D14758D8C6
Klingoln
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivna kontrola
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivna kontrola
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?