Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Niekto na mi hrozí internetovým útokom - prosba o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Nic se nedeje, pak napiste az budete chtit pokracovat
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Tak predsa len ešte niečo - zobrazil som si tie stránky acronis. Zaujímalo by ma, či existuje nejaká neplatená verzia. Asi nie, že? Nevadí, ten sw zakúpim, akurát potrebujem doporučiť, ktorý z tých balíčkov mi bude stačiť pre domáce použitie. Je to ten True Image Home 2012 za 1052 Kč? Môžem ho potom nainštalovať do viacerých počítačov, t.j. je to nejaká multilicencia? Mám doma 5 počítačov, v ktorých by som potreboval urobiť zálohu. Je to asi neuveriteľné, ale skutočne máme 5 počítačov pre domáce použitie.
Vlastne, už to vidím, dá sa to bezplatne vyskúšať, nákup multilicencie budem riešiť následne, na to je času dosť, ale určite to kúpim, do budúcna sa to určite hodí a ani to zas tak veľa nestojí...
Vlastne, už to vidím, dá sa to bezplatne vyskúšať, nákup multilicencie budem riešiť následne, na to je času dosť, ale určite to kúpim, do budúcna sa to určite hodí a ani to zas tak veľa nestojí...
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Tak tak, stahnete tu trial verzi
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
vyosek: Tak som sa k tomu konečne dostal, ospravedlňujem sa za zdržanie. Takže, mám zálohu diskov, vygeneroval som log z XPčkovej mašinky. Možno to nemá s ničím súvislosť, ale včera som sa nemohol do počítača prihlásiť - hlásilo to nesprávne heslo, to ale vylučujem. Nakoniec som to nejak obišiel a heslo znovu nastavil, to len aby som prípadne na nič dôležité nezabudol. Kopírujem sem ten log z RSIT, budem Vám vďačný, keď na to pozriete, díky, AL:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Alojz Lacko at 2011-12-17 18:31:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 2039 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:28, on 17. 12. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Alojz Lacko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://akcie-cz.kurzy.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1820516343
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
--
End of file - 12221 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Alojz Lacko Logon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{256B7D12-7213-415A-BFB0-78A3DE2AE28B}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-04-30 1215488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll [2011-11-06 1451336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-17 342192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2011-12-17 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-04-30 1215488]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll [2011-11-06 1451336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-17 342192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-05-08 2176000]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE [2004-04-09 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2011-11-06 218464]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-10-24 2415456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-06 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
======List of files/folders created in the last 1 month======
2011-12-17 18:31:41 ----D---- C:\Program Files\trend micro
2011-12-17 18:31:40 ----D---- C:\rsit
2011-12-17 17:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-17 17:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-17 17:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-17 17:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-17 17:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-17 17:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-17 17:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-16 23:47:11 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-10 16:20:37 ----A---- C:\WINDOWS\ModemLog_Nokia C5-00 USB Modem.txt
2011-12-10 16:12:08 ----D---- C:\WINDOWS\Minidump
2011-12-10 16:07:35 ----DC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-12-10 15:47:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-12-10 15:47:35 ----D---- C:\Documents and Settings\Alojz Lacko\Data aplikací\PC Suite
2011-12-10 15:44:57 ----D---- C:\Program Files\Common Files\Nokia
2011-12-10 15:44:08 ----D---- C:\Program Files\PC Connectivity Solution
2011-12-10 15:42:42 ----D---- C:\Program Files\Nokia
2011-12-10 15:42:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2011-12-10 09:26:21 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
======List of files/folders modified in the last 1 month======
2011-12-17 18:32:23 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2011-12-17 18:32:03 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-17 18:31:41 ----RD---- C:\Program Files
2011-12-17 18:30:56 ----D---- C:\WINDOWS\Temp
2011-12-17 18:26:48 ----D---- C:\Downloads
2011-12-17 17:17:34 ----D---- C:\WINDOWS\system32
2011-12-17 17:17:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-17 17:17:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-17 17:16:32 ----D---- C:\WINDOWS
2011-12-17 17:10:29 ----SHD---- C:\WINDOWS\Installer
2011-12-17 17:10:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-17 17:10:24 ----SHD---- C:\Config.Msi
2011-12-17 17:10:22 ----HD---- C:\WINDOWS\inf
2011-12-17 17:10:16 ----A---- C:\WINDOWS\imsins.BAK
2011-12-17 17:10:09 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-17 17:09:56 ----D---- C:\Program Files\Internet Explorer
2011-12-17 17:09:48 ----D---- C:\WINDOWS\ie8updates
2011-12-17 17:09:41 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-17 17:08:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-17 15:53:36 ----SD---- C:\Documents and Settings\Alojz Lacko\Data aplikací\Microsoft
2011-12-17 13:28:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-12-17 13:27:52 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-12-17 00:10:35 ----D---- C:\WINDOWS\Prefetch
2011-12-16 23:55:54 ----D---- C:\Documents and Settings\Alojz Lacko\Data aplikací\Spyware Terminator
2011-12-16 23:54:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-12-16 23:52:59 ----A---- C:\WINDOWS\ODBC.INI
2011-12-11 21:55:45 ----D---- C:\WINDOWS\system32\config
2011-12-11 21:55:27 ----D---- C:\WINDOWS\system32\wbem
2011-12-11 21:55:25 ----D---- C:\WINDOWS\Registration
2011-12-11 21:55:06 ----D---- C:\Program Files\Opera
2011-12-11 21:54:48 ----D---- C:\WINDOWS\system32\drivers
2011-12-11 20:58:15 ----D---- C:\WINDOWS\system32\Restore
2011-12-10 16:16:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-12-10 16:13:10 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-12-10 15:44:57 ----D---- C:\Program Files\Common Files
2011-12-10 15:44:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-10 15:18:11 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-24 13:16:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-11-29 144688]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-05-08 487424]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-06 246624]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-27 182768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Alojz Lacko at 2011-12-17 18:31:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 2039 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:28, on 17. 12. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Alojz Lacko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://akcie-cz.kurzy.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1820516343
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
--
End of file - 12221 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Alojz Lacko Logon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{256B7D12-7213-415A-BFB0-78A3DE2AE28B}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-04-30 1215488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll [2011-11-06 1451336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-17 342192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2011-12-17 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-04-30 1215488]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll [2011-11-06 1451336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-17 342192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-05-08 2176000]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE [2004-04-09 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2011-11-06 218464]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-10-24 2415456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-06 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
======List of files/folders created in the last 1 month======
2011-12-17 18:31:41 ----D---- C:\Program Files\trend micro
2011-12-17 18:31:40 ----D---- C:\rsit
2011-12-17 17:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-17 17:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-17 17:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-17 17:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-17 17:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-17 17:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-17 17:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-16 23:47:11 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-10 16:20:37 ----A---- C:\WINDOWS\ModemLog_Nokia C5-00 USB Modem.txt
2011-12-10 16:12:08 ----D---- C:\WINDOWS\Minidump
2011-12-10 16:07:35 ----DC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-12-10 15:47:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2011-12-10 15:47:35 ----D---- C:\Documents and Settings\Alojz Lacko\Data aplikací\PC Suite
2011-12-10 15:44:57 ----D---- C:\Program Files\Common Files\Nokia
2011-12-10 15:44:08 ----D---- C:\Program Files\PC Connectivity Solution
2011-12-10 15:42:42 ----D---- C:\Program Files\Nokia
2011-12-10 15:42:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2011-12-10 09:26:21 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
======List of files/folders modified in the last 1 month======
2011-12-17 18:32:23 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2011-12-17 18:32:03 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-17 18:31:41 ----RD---- C:\Program Files
2011-12-17 18:30:56 ----D---- C:\WINDOWS\Temp
2011-12-17 18:26:48 ----D---- C:\Downloads
2011-12-17 17:17:34 ----D---- C:\WINDOWS\system32
2011-12-17 17:17:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-17 17:17:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-17 17:16:32 ----D---- C:\WINDOWS
2011-12-17 17:10:29 ----SHD---- C:\WINDOWS\Installer
2011-12-17 17:10:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-17 17:10:24 ----SHD---- C:\Config.Msi
2011-12-17 17:10:22 ----HD---- C:\WINDOWS\inf
2011-12-17 17:10:16 ----A---- C:\WINDOWS\imsins.BAK
2011-12-17 17:10:09 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-17 17:09:56 ----D---- C:\Program Files\Internet Explorer
2011-12-17 17:09:48 ----D---- C:\WINDOWS\ie8updates
2011-12-17 17:09:41 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-17 17:08:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-17 15:53:36 ----SD---- C:\Documents and Settings\Alojz Lacko\Data aplikací\Microsoft
2011-12-17 13:28:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-12-17 13:27:52 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-12-17 00:10:35 ----D---- C:\WINDOWS\Prefetch
2011-12-16 23:55:54 ----D---- C:\Documents and Settings\Alojz Lacko\Data aplikací\Spyware Terminator
2011-12-16 23:54:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-12-16 23:52:59 ----A---- C:\WINDOWS\ODBC.INI
2011-12-11 21:55:45 ----D---- C:\WINDOWS\system32\config
2011-12-11 21:55:27 ----D---- C:\WINDOWS\system32\wbem
2011-12-11 21:55:25 ----D---- C:\WINDOWS\Registration
2011-12-11 21:55:06 ----D---- C:\Program Files\Opera
2011-12-11 21:54:48 ----D---- C:\WINDOWS\system32\drivers
2011-12-11 20:58:15 ----D---- C:\WINDOWS\system32\Restore
2011-12-10 16:16:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-12-10 16:13:10 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-12-10 15:44:57 ----D---- C:\Program Files\Common Files
2011-12-10 15:44:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-10 15:18:11 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-24 13:16:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-11-29 144688]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-05-08 487424]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-06 246624]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-27 182768]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Pekny vecer preji
Odinstalujte Ask.com
Pustte tam AVPTool dle tohoto navodu http://viry.cz/forum/viewtopic.php?f=29&t=58179
Odinstalujte Ask.com Pustte tam AVPTool dle tohoto navodu http://viry.cz/forum/viewtopic.php?f=29&t=58179"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Dobrý večer. Ask.com odinštalovaný. Pri použití AVPTool som sa snažil dodržať návod, takže pred jeho spustením som použil CleanUp! na odstránenie temp files a vymazanie cache. Ďalej som podľa pokynov v návode vypol Obnovenie systému. Snáď som tým nič neskazil. AVPTool by mal dobehnúť behom hodiny, následne sem dám ten log. Zatiaľ ďakujem.
hm, tak ten AVPTool sa zastavil na 27%, už vyše hodiny sa snaží prekúsať cez nejaký *.js súbor,zatiaľ neúspešne, odhad dokončenia scanu narástol na 5 hodín, takže hneď to asi nebude...
tak zatiaľ stále rovnaký status, po ďalších 2 hodinách stále nie je schopný prejsť cez uvedený súbor - nechám to bežať do rána, uvidím, možno to dobehne, prípadne mi dáte ďalšie inštrukcie... (teraz je 3:38)
hm, tak ten AVPTool sa zastavil na 27%, už vyše hodiny sa snaží prekúsať cez nejaký *.js súbor,zatiaľ neúspešne, odhad dokončenia scanu narástol na 5 hodín, takže hneď to asi nebude...
tak zatiaľ stále rovnaký status, po ďalších 2 hodinách stále nie je schopný prejsť cez uvedený súbor - nechám to bežať do rána, uvidím, možno to dobehne, prípadne mi dáte ďalšie inštrukcie... (teraz je 3:38)
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Pokud se tedy AVP Toolu nechce, tak tam pustte CureIt http://viry.cz/forum/viewtopic.php?f=29&t=47721
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
vyosek, teraz som sa k tomu dostal. Ten AVPTool nakoniec nedobehol. Tak skúsim ten druhý nástroj. Môžu prípadne oba bežať simultánne? A mám prípadne infikované súbory rovno zmazať?
Zatiaľ tam beží opäť len AVPTool - po opätovnom spustení sa už dostal cez kritické miesto, na ktorom pri prvom pokuse vykysol, takže asi nechám dobehnúť toto a toho Curelta by som pustil až následne...
Zatiaľ tam beží opäť len AVPTool - po opätovnom spustení sa už dostal cez kritické miesto, na ktorom pri prvom pokuse vykysol, takže asi nechám dobehnúť toto a toho Curelta by som pustil až následne...
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
At bezi jen jeden, bud AVPtool nebo CureIt...pripadne muzete uz i na druhem PC pustit jeden z tech nastroju
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
O.k., zas to vykyslo, už to vyzeralo nádejne, tak ešte strpenie, prosím. Mimochodom, na tom druhom stroji nemám vytvoriť predtým ten log z RSIT, než tam pustím jeden z tých ďalších nástrojov?
Tak AVPTool nakoniec dobehol - Tu je ten log z AVPTool:
Status: Deleted (events: 1)
18. 12. 2011 14:13:23 Deleted Trojan program Trojan.Win32.Qhost.mcf C:\WINDOWS\system32\drivers\etc\hosts.20090508-230737.backup High
Tak AVPTool nakoniec dobehol - Tu je ten log z AVPTool:
Status: Deleted (events: 1)
18. 12. 2011 14:13:23 Deleted Trojan program Trojan.Win32.Qhost.mcf C:\WINDOWS\system32\drivers\etc\hosts.20090508-230737.backup High
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
RSIT udelat muzete, neni pred temito skeny nutny, pokud jej sem budete davat, udelejte na nej druhe\nove tema a do predmetu dejte "pro sudanec-vyosek", at vime oc se jedna Toto tema nechame tedy pro tento stroj Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost 2 a potvrte enterem
- Utilita provede svou cinnost a da log - ten sem vlozte
- Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
O.k. na druhý stroj založím nové vlákno a vytvorím log z AVPTool.
Tuná prikladám logy z RogueKillera:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alojz Lacko [Admin rights]
Mode: Remove -- Date : 12/18/2011 15:36:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] _uninst_84722564.lnk : C:\Documents and Settings\Alojz Lacko\Local Settings\Temp\_uninst_84722564.bat -> DELETED
[SUSP PATH] _uninst_95120711.lnk : C:\Documents and Settings\Alojz Lacko\Local Settings\Temp\_uninst_95120711.bat -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30B52)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E48 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34552)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A309C8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30A68)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33A3E)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34A2A)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A348F0)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F816)
SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A347FE)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33DAA)
SSDT[230] : NtSetInformationToken @ 0x805FA7B4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33154)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30E38)
SSDT[210] : NtSecureConnectPort @ 0x805A3D64 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31B0E)
SSDT[207] : NtSaveKey @ 0x80625BCC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2EEAE)
SSDT[206] : NtResumeThread @ 0x805D49BA -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34BC8)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F28E)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A338B4)
SSDT[195] : NtReplyWaitReceivePort @ 0x805A64B4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A326F2)
SSDT[194] : NtReplyPort @ 0x805A54EC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3282C)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2EF16)
SSDT[192] : NtRenameKey @ 0x80623B12 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FC2C)
SSDT[180] : NtQueueApcThread @ 0x805D1276 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33FA0)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F99C)
SSDT[167] : NtQuerySection @ 0x805B85E0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A346AE)
SSDT[161] : NtQueryMultipleValueKey @ 0x8062323E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FD72)
SSDT[160] : NtQueryKey @ 0x80625810 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3013A)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A307BE)
SSDT[126] : NtOpenSemaphore @ 0x80615148 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A324C8)
SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3410E)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A308CC)
SSDT[120] : NtOpenMutant @ 0x80617776 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32288)
SSDT[119] : NtOpenKey @ 0x806254CE -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F6C0)
SSDT[116] : NtOpenFile @ 0x8057A1A6 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31016)
SSDT[114] : NtOpenEvent @ 0x8060F04E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A323A8)
SSDT[111] : NtNotifyChangeKey @ 0x806262DE -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A301CE)
SSDT[108] : NtMapViewOfSection @ 0x805B203A -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34374)
SSDT[99] : NtLoadKey2 @ 0x80625F20 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F4EE)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F4DC)
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33C0C)
SSDT[84] : NtFsControlFile @ 0x805792A2 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31500)
SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A300A2)
SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3000A)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34D26)
SSDT[66] : NtDeviceIoControlFile @ 0x8057926E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A316F2)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FEBE)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FB0A)
SSDT[57] : NtDebugActiveProcess @ 0x80643B30 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33B1A)
SSDT[56] : NtCreateWaitablePort @ 0x805A5110 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32162)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30C1C)
SSDT[51] : NtCreateSemaphore @ 0x8061504E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32432)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30426)
SSDT[46] : NtCreatePort @ 0x805A50EC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A320CC)
SSDT[44] : NtCreateNamedPipeFile @ 0x805790E2 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3027E)
SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A321F8)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F500)
SSDT[37] : NtCreateFile @ 0x805790A8 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31270)
SSDT[35] : NtCreateEvent @ 0x8060EF4E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32312)
SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31DC8)
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30F94)
SSDT[11] : NtAdjustPrivilegesToken @ 0x805EC464 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30690)
S_SSDT[552] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40CE8)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40C90)
S_SSDT[529] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A41698)
S_SSDT[502] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40EEE)
S_SSDT[491] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40FD2)
S_SSDT[476] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40E36)
S_SSDT[475] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40DE2)
S_SSDT[460] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40E8E)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40D96)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A4104A)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40D4A)
S_SSDT[378] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40F3C)
S_SSDT[312] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A412C6)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A417E6)
S_SSDT[292] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A41182)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A4125E)
S_SSDT[227] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A411EE)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A41118)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] d99fece12c06553909625b476a0929e2
[BSP] d9388c8bcc9e25b184c9e524d561f4a5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 31794 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 62097840 | Size: 48229 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alojz Lacko [Admin rights]
Mode: HOSTSFix -- Date : 12/18/2011 15:37:26
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alojz Lacko [Admin rights]
Mode: ProxyFix -- Date : 12/18/2011 15:37:55
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Tuná prikladám logy z RogueKillera:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alojz Lacko [Admin rights]
Mode: Remove -- Date : 12/18/2011 15:36:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] _uninst_84722564.lnk : C:\Documents and Settings\Alojz Lacko\Local Settings\Temp\_uninst_84722564.bat -> DELETED
[SUSP PATH] _uninst_95120711.lnk : C:\Documents and Settings\Alojz Lacko\Local Settings\Temp\_uninst_95120711.bat -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30B52)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E48 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34552)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A309C8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30A68)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33A3E)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34A2A)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A348F0)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F816)
SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A347FE)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33DAA)
SSDT[230] : NtSetInformationToken @ 0x805FA7B4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33154)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30E38)
SSDT[210] : NtSecureConnectPort @ 0x805A3D64 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31B0E)
SSDT[207] : NtSaveKey @ 0x80625BCC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2EEAE)
SSDT[206] : NtResumeThread @ 0x805D49BA -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34BC8)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F28E)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A338B4)
SSDT[195] : NtReplyWaitReceivePort @ 0x805A64B4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A326F2)
SSDT[194] : NtReplyPort @ 0x805A54EC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3282C)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2EF16)
SSDT[192] : NtRenameKey @ 0x80623B12 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FC2C)
SSDT[180] : NtQueueApcThread @ 0x805D1276 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33FA0)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F99C)
SSDT[167] : NtQuerySection @ 0x805B85E0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A346AE)
SSDT[161] : NtQueryMultipleValueKey @ 0x8062323E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FD72)
SSDT[160] : NtQueryKey @ 0x80625810 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3013A)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A307BE)
SSDT[126] : NtOpenSemaphore @ 0x80615148 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A324C8)
SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3410E)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A308CC)
SSDT[120] : NtOpenMutant @ 0x80617776 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32288)
SSDT[119] : NtOpenKey @ 0x806254CE -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F6C0)
SSDT[116] : NtOpenFile @ 0x8057A1A6 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31016)
SSDT[114] : NtOpenEvent @ 0x8060F04E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A323A8)
SSDT[111] : NtNotifyChangeKey @ 0x806262DE -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A301CE)
SSDT[108] : NtMapViewOfSection @ 0x805B203A -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34374)
SSDT[99] : NtLoadKey2 @ 0x80625F20 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F4EE)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F4DC)
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33C0C)
SSDT[84] : NtFsControlFile @ 0x805792A2 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31500)
SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A300A2)
SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3000A)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A34D26)
SSDT[66] : NtDeviceIoControlFile @ 0x8057926E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A316F2)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FEBE)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2FB0A)
SSDT[57] : NtDebugActiveProcess @ 0x80643B30 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A33B1A)
SSDT[56] : NtCreateWaitablePort @ 0x805A5110 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32162)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30C1C)
SSDT[51] : NtCreateSemaphore @ 0x8061504E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32432)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30426)
SSDT[46] : NtCreatePort @ 0x805A50EC -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A320CC)
SSDT[44] : NtCreateNamedPipeFile @ 0x805790E2 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A3027E)
SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A321F8)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A2F500)
SSDT[37] : NtCreateFile @ 0x805790A8 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31270)
SSDT[35] : NtCreateEvent @ 0x8060EF4E -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A32312)
SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A31DC8)
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30F94)
SSDT[11] : NtAdjustPrivilegesToken @ 0x805EC464 -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A30690)
S_SSDT[552] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40CE8)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40C90)
S_SSDT[529] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A41698)
S_SSDT[502] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40EEE)
S_SSDT[491] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40FD2)
S_SSDT[476] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40E36)
S_SSDT[475] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40DE2)
S_SSDT[460] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40E8E)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40D96)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A4104A)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40D4A)
S_SSDT[378] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A40F3C)
S_SSDT[312] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A412C6)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A417E6)
S_SSDT[292] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A41182)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A4125E)
S_SSDT[227] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A411EE)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\4990654drv.sys @ 0xA6A41118)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] d99fece12c06553909625b476a0929e2
[BSP] d9388c8bcc9e25b184c9e524d561f4a5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 31794 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 62097840 | Size: 48229 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alojz Lacko [Admin rights]
Mode: HOSTSFix -- Date : 12/18/2011 15:37:26
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alojz Lacko [Admin rights]
Mode: ProxyFix -- Date : 12/18/2011 15:37:55
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Jeste na tomto stroji spustte gmer - navod najdete v mem podpise
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Dobrý večer, prikladám logy z GMER. Bohužiaľ, IE sa neustále zasekáva, tak musím často notebook reštartovávať, aby som mohol pokračovať, tým sa to celé predlžuje, len dúfam, že ten GMER dobehol v poriadku, keď mi umožnil uloženie logu...
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-18 16:37:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
Running: gmer.exe; Driver: C:\DOCUME~1\ALOJZL~1\LOCALS~1\Temp\kxtdqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 17:15:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
Running: gmer.exe; Driver: C:\DOCUME~1\ALOJZL~1\LOCALS~1\Temp\kxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA44C988E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA44C90EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA44C8DCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA44CA938]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA44C8ED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA44C8FC2]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA44C9BBC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA44C93F4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9E47BF3C]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA44C9526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA44C8BFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA44C9B04]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9E47C080]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA44C970C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9E47C11C]
---- Kernel code sections - GMER 1.0.15 ----
? 40345850.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 02FA07E0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 02FA0B40 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 02FA0A50 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 02FA0960 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 02FA0CC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 02F9FAC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 02FA0DA0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 02F9FC20 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 415BDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 416B572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueExW 77DCD767 7 Bytes JMP 10150930 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 10150870 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueA 77DEC79E 5 Bytes JMP 101506F0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueW 77E26116 5 Bytes JMP 101507B0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 10150B00 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10150E60 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 10150D70 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 10150C80 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 10150FE0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1014FDE0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 101510C0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 1014FF40 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 03AB07E0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 03AB0B40 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 03AB0A50 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 03AB0960 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 03AB0CC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 03AAFAC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 03AB0DA0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 03AAFC20 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 415BDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 416B572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[2684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3936] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{E2C9C126-6BE3-DEC4-06BD-172D267BA53C}\fnlMgwkdlr@ bJPv\cnUXQm]BQGeL@SgK[ZtkHX
Reg HKLM\SOFTWARE\Classes\CLSID\{E2C9C126-6BE3-DEC4-06BD-172D267BA53C}\wweu@ XK\RQb`JuGXZjiMaer
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-18 16:37:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
Running: gmer.exe; Driver: C:\DOCUME~1\ALOJZL~1\LOCALS~1\Temp\kxtdqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 17:15:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST98823A rev.7.24
Running: gmer.exe; Driver: C:\DOCUME~1\ALOJZL~1\LOCALS~1\Temp\kxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA44C988E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA44C90EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA44C8DCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA44CA938]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA44C8ED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA44C8FC2]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA44C9BBC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA44C93F4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9E47BF3C]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA44C9526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA44C8BFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA44C9B04]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9E47C080]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA44C970C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9E47C11C]
---- Kernel code sections - GMER 1.0.15 ----
? 40345850.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 02FA07E0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 02FA0B40 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 02FA0A50 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 02FA0960 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 02FA0CC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 02F9FAC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 02FA0DA0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 02F9FC20 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 415BDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 416B572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueExW 77DCD767 7 Bytes JMP 10150930 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 10150870 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueA 77DEC79E 5 Bytes JMP 101506F0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] ADVAPI32.dll!RegSetValueW 77E26116 5 Bytes JMP 101507B0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 10150B00 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 10150E60 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 10150D70 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 10150C80 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 10150FE0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 1014FDE0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 101510C0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3680] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 1014FF40 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\BS_Player\tbBS_2.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 03AB07E0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 03AB0B40 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 415B9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 415AD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 415BDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4152467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 416B53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 416B52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 03AB0A50 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 03AB0960 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 03AB0CC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 416B51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 416B522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 416B542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 03AAFAC0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 416B528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 03AB0DA0 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 03AAFC20 C:\Documents and Settings\Alojz Lacko\Local Settings\Data aplikací\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 415BDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 416B572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[2684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3936] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{E2C9C126-6BE3-DEC4-06BD-172D267BA53C}\fnlMgwkdlr@ bJPv\cnUXQm]BQGeL@SgK[ZtkHX
Reg HKLM\SOFTWARE\Classes\CLSID\{E2C9C126-6BE3-DEC4-06BD-172D267BA53C}\wweu@ XK\RQb`JuGXZjiMaer
---- EOF - GMER 1.0.15 ----
Re: Niekto na mi hrozí internetovým útokom - prosba o pomoc
Nejake mrsky tam vidim, pustime tam nastroj ale zatim nevidno zadnou havet, kterou by se dal PC ovladat 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?