Prosím o kontrolu počítače. Na hardisku mi to hází vir Autorun.inf a počítač je celkově hodně zavirovaný a jede pomalu. Poraďte díky
Logfile of random's system information tool 1.09 (written by random/random)
Run by Radim - doma at 2012-01-26 20:30:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (10%) free of 38 GB
Total RAM: 511 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:39, on 26.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nokia\Nokia D211\D211CTL.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia D211\D211STRT.EXE
C:\Microsoft office 07\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Radim - doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Documents and Settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Radim - doma\Plocha\internet download\RSIT.exe
C:\Program Files\trend micro\Radim - doma.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [D211STRT.EXE] "C:\Program Files\Nokia\Nokia D211\D211STRT.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft office 07\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Radim - doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Lukas\icq\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Lukas\icq\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3642062267
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = procento.cz
O17 - HKLM\Software\..\Telephony: DomainName = procento.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = procento.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = procento.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = procento.cz
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = procento.cz
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = procento.cz
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Nokia D211 (D211CTL) - Nokia Corporation - C:\Program Files\Nokia\Nokia D211\D211CTL.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10713 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc93ee57ceef40.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2662092162-379015481-1934969926-1008Core1cca56fc623e70.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-09-26 106548]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-12-15 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-15 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-12-15 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2003-07-17 184412]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-13 335872]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-09-26 114741]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-07-15 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-07-15 618496]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-05-06 88267]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2004-12-14 98304]
"DataLayer"=C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [2006-03-22 851968]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"D211STRT.EXE"=C:\Program Files\Nokia\Nokia D211\D211STRT.EXE [2002-08-28 24576]
"GrooveMonitor"=C:\Microsoft office 07\Office12\GrooveMonitor.exe [2006-10-27 31016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\iTunes\iTunesHelper.exe [2010-12-13 421160]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RecordNow!"= []
"Google Update"=C:\Documents and Settings\Radim - doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PGPtray.lnk - C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Luki\CS source\Counter-Strike Source\hl2.exe"="C:\Luki\CS source\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Microsoft office 07\Office12\OUTLOOK.EXE"="C:\Microsoft office 07\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Microsoft office 07\Office12\GROOVE.EXE"="C:\Microsoft office 07\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Microsoft office 07\Office12\ONENOTE.EXE"="C:\Microsoft office 07\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Lukas\icq\ICQ6.5\ICQ.exe"="C:\Lukas\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\uTorrent\utorrent-1.8.2.upx.exe"="C:\uTorrent\utorrent-1.8.2.upx.exe:*:Enabled:µTorrent"
"C:\Lukas\uTorrent\uTorrent\utorrent.exe"="C:\Lukas\uTorrent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\iTunes\iTunes.exe"="C:\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MIDI1"=SYNCOR11.DLL
"vidc.LEAD"=LCODCCMP.DLL
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
======List of files/folders created in the last 1 month======
2012-01-26 20:30:23 ----D---- C:\Program Files\trend micro
2012-01-26 20:30:13 ----D---- C:\rsit
2012-01-25 16:55:46 ----D---- C:\CRACK
2012-01-25 12:39:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-25 12:34:32 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
======List of files/folders modified in the last 1 month======
2012-01-26 20:30:23 ----RD---- C:\Program Files
2012-01-26 20:19:44 ----D---- C:\WINDOWS\Temp
2012-01-26 20:18:58 ----SHD---- C:\WINDOWS\CSC
2012-01-26 20:18:54 ----D---- C:\WINDOWS
2012-01-26 15:59:08 ----A---- C:\WINDOWS\hpbafd.ini
2012-01-26 15:56:00 ----D---- C:\WINDOWS\system32
2012-01-25 18:23:28 ----SD---- C:\WINDOWS\Tasks
2012-01-25 16:52:00 ----D---- C:\Documents and Settings\Radim - doma\Data aplikací\uTorrent
2012-01-25 16:47:47 ----D---- C:\Lukas
2012-01-25 12:49:19 ----D---- C:\WINDOWS\system32\drivers
2012-01-25 12:43:26 ----SHD---- C:\WINDOWS\Installer
2012-01-25 12:42:58 ----SHD---- C:\Config.Msi
2012-01-25 12:42:27 ----HD---- C:\WINDOWS\inf
2012-01-25 12:40:50 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-25 12:39:24 ----D---- C:\Program Files\Eset
2012-01-25 12:34:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\System32\drivers\btkrnl.sys [2003-09-12 1258138]
R0 D211MC;Nokia D211 Management; C:\WINDOWS\System32\drivers\D211MC.sys [2002-08-28 33798]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2003-10-29 84640]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-07-30 17168]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-03-22 685816]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-03-13 43488]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 athsgt;athsgt; C:\WINDOWS\system32\DRIVERS\athsgt.sys [2009-12-15 164992]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 cpqdfw;Diagnostics Driver; \??\C:\WINDOWS\System32\drivers\cpqdfw.sys []
R2 cq_mem;Diagnostics Memory Driver; \??\C:\WINDOWS\System32\drivers\cq_mem.sys []
R2 cqcpu;Diagnostics CPU Driver; \??\C:\WINDOWS\System32\drivers\cqcpu.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 limsgt;limsgt; C:\WINDOWS\system32\DRIVERS\limsgt.sys [2009-12-15 12544]
R2 PGPdisk;PGPdisk; C:\WINDOWS\system32\drivers\PGPdisk.sys [2003-10-27 170944]
R2 PGPsdkDriver;PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [2003-10-27 26624]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-09-26 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-09-26 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-09-26 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-09-26 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-09-26 83572]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-09-26 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-09-26 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-09-26 98164]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-09-26 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-05-06 1170464]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 701952]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2003-09-12 30267]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2003-09-12 146716]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-09-12 52664]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2003-03-19 46976]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-07-15 270384]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2003-12-05 1987712]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver; C:\WINDOWS\System32\Drivers\WBSD.SYS [2003-03-20 26240]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
S3 a1gfg9uj;a1gfg9uj; C:\WINDOWS\system32\drivers\a1gfg9uj.sys []
S3 a4sjt179;a4sjt179; C:\WINDOWS\system32\drivers\a4sjt179.sys []
S3 BCM43XX;BCM 802.11b ovladač síťového adaptéru; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-12-04 286848]
S3 CE3;Xircom Ethernet Adapter 10/100 Service; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-10-24 27164]
S3 D211MDM;Nokia D211 GSM Modem Driver; C:\WINDOWS\system32\DRIVERS\D211MDM.sys [2002-08-28 35333]
S3 D211NIC;Nokia D211 radio card; C:\WINDOWS\system32\DRIVERS\D211NIC.sys [2002-08-28 54196]
S3 gv3;Ovladač procesoru Intel GV3; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-15 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-09-12 135168]
R2 D211CTL;Nokia D211; C:\Program Files\Nokia\Nokia D211\D211CTL.exe [2002-08-28 331854]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-12-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PGPsdkServ;PGPsdkService; C:\WINDOWS\system32\PGPsdkServ.exe [2003-10-27 65536]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Microsoft office 07\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu, díky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, díky
Díky moc tady je ten log z toho combofixu.
Dík
ComboFix 12-01-26.03 - Radim - doma 26.01.2012 22:16:26.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.153 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim - doma\Plocha\internet download\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-26 do 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 19:30 . 2012-01-26 19:32 -------- d-----w- c:\program files\trend micro
2012-01-26 19:30 . 2012-01-26 19:33 -------- d-----w- C:\rsit
2012-01-25 15:55 . 2011-11-24 11:55 -------- d-----w- C:\CRACK
2012-01-25 11:48 . 2012-01-25 11:48 -------- d-----w- c:\documents and settings\Radim - doma\Local Settings\Data aplikací\ESET
2012-01-25 11:47 . 2012-01-25 11:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-25 11:39 . 2012-01-25 11:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-25 11:34 . 2012-01-25 11:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 19:22 . 2007-12-13 07:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-15 19:22 . 2011-12-15 19:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-26 114741]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 88267]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"D211STRT.EXE"="c:\program files\Nokia\Nokia D211\D211STRT.EXE" [2002-08-28 24576]
"GrooveMonitor"="c:\microsoft office 07\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2010-12-13 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-12 503869]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
PGPtray.lnk - c:\program files\PGP Corporation\PGP for Windows XP\PGPtray.exe [2004-12-22 331776]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Microsoft office 07\\Office12\\OUTLOOK.EXE"=
"c:\\Microsoft office 07\\Office12\\GROOVE.EXE"=
"c:\\Microsoft office 07\\Office12\\ONENOTE.EXE"=
"c:\\Lukas\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\utorrent-1.8.2.upx.exe"=
"c:\\Lukas\\uTorrent\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7224:TCP"= 7224:TCP:avfjlwpr
.
R0 D211MC;Nokia D211 Management;c:\windows\system32\drivers\D211MC.SYS [28.8.2002 6:53 33798]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.6.2007 14:12 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [15.12.2009 22:44 164992]
R2 D211CTL;Nokia D211;c:\program files\Nokia\Nokia D211\D211CTL.exe [28.8.2002 6:52 331854]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [15.12.2009 22:44 12544]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [22.12.2004 17:02 65536]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [18.12.2004 0:42 26240]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2011 17:41 136176]
S3 D211MDM;Nokia D211 GSM Modem Driver;c:\windows\system32\drivers\D211MDM.SYS [28.8.2002 6:53 35333]
S3 D211NIC;Nokia D211 radio card;c:\windows\system32\drivers\D211NIC.SYS [28.8.2002 6:53 54196]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2011 17:41 136176]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?uO?UF???Uu???G?????????!?o??????u?A??U?AguO?Uu?G???aaAa?o???????gO?G??O????????????????????????????????_???????????????????????????????????"???????????????^???????~˝????????????????????????????????????????????????????????????????????`???'????????????????Ż?????????^??`?'?????'??'ˇ˙??????????????˝'????Ż???^??`??????????????????????????????????????????_????????????????????????^????~???????????????????????????????????????????`???????;??????????????????????;??????????;?;;??????????????????????????????????????????????????ß??????????????????????????
????????????
.
Obsah adresáře 'Naplánované úlohy'
.
2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc93ee57ceef40.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\micros~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.21.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RecordNow! - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 22:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ?deB???????????????B? ??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\PGPhk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\PCSuite\Services\NclBTHandler.exe
c:\documents and settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-01-26 22:47:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-26 21:46
.
Před spuštěním: 4 513 148 928
Po spuštění: 4 877 676 544
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 361E1890ED571DDB8A51DDCF8651DA39
Dík
ComboFix 12-01-26.03 - Radim - doma 26.01.2012 22:16:26.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.153 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim - doma\Plocha\internet download\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-26 do 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 19:30 . 2012-01-26 19:32 -------- d-----w- c:\program files\trend micro
2012-01-26 19:30 . 2012-01-26 19:33 -------- d-----w- C:\rsit
2012-01-25 15:55 . 2011-11-24 11:55 -------- d-----w- C:\CRACK
2012-01-25 11:48 . 2012-01-25 11:48 -------- d-----w- c:\documents and settings\Radim - doma\Local Settings\Data aplikací\ESET
2012-01-25 11:47 . 2012-01-25 11:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-25 11:39 . 2012-01-25 11:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-25 11:34 . 2012-01-25 11:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 19:22 . 2007-12-13 07:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-15 19:22 . 2011-12-15 19:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-26 114741]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 88267]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"D211STRT.EXE"="c:\program files\Nokia\Nokia D211\D211STRT.EXE" [2002-08-28 24576]
"GrooveMonitor"="c:\microsoft office 07\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2010-12-13 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-12 503869]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
PGPtray.lnk - c:\program files\PGP Corporation\PGP for Windows XP\PGPtray.exe [2004-12-22 331776]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Microsoft office 07\\Office12\\OUTLOOK.EXE"=
"c:\\Microsoft office 07\\Office12\\GROOVE.EXE"=
"c:\\Microsoft office 07\\Office12\\ONENOTE.EXE"=
"c:\\Lukas\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\utorrent-1.8.2.upx.exe"=
"c:\\Lukas\\uTorrent\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7224:TCP"= 7224:TCP:avfjlwpr
.
R0 D211MC;Nokia D211 Management;c:\windows\system32\drivers\D211MC.SYS [28.8.2002 6:53 33798]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.6.2007 14:12 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [15.12.2009 22:44 164992]
R2 D211CTL;Nokia D211;c:\program files\Nokia\Nokia D211\D211CTL.exe [28.8.2002 6:52 331854]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [15.12.2009 22:44 12544]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [22.12.2004 17:02 65536]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [18.12.2004 0:42 26240]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2011 17:41 136176]
S3 D211MDM;Nokia D211 GSM Modem Driver;c:\windows\system32\drivers\D211MDM.SYS [28.8.2002 6:53 35333]
S3 D211NIC;Nokia D211 radio card;c:\windows\system32\drivers\D211NIC.SYS [28.8.2002 6:53 54196]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2011 17:41 136176]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
?uO?UF???Uu???G?????????!?o??????u?A??U?AguO?Uu?G???aaAa?o???????gO?G??O????????????????????????????????_???????????????????????????????????"???????????????^???????~˝????????????????????????????????????????????????????????????????????`???'????????????????Ż?????????^??`?'?????'??'ˇ˙??????????????˝'????Ż???^??`??????????????????????????????????????????_????????????????????????^????~???????????????????????????????????????????`???????;??????????????????????;??????????;?;;??????????????????????????????????????????????????ß??????????????????????????
????????????
.
Obsah adresáře 'Naplánované úlohy'
.
2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc93ee57ceef40.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 12:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\micros~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.21.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RecordNow! - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 22:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ?deB???????????????B? ??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\PGPhk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\PCSuite\Services\NclBTHandler.exe
c:\documents and settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\documents and settings\Radim - doma\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-01-26 22:47:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-26 21:46
.
Před spuštěním: 4 513 148 928
Po spuštění: 4 877 676 544
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 361E1890ED571DDB8A51DDCF8651DA39
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\Google\Update
Collect::
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc93ee57ceef40.job
Driver::
gupdate
gupdatem
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7224:TCP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, díky
Díky moc tady posílám ten log co mi ten combofix znova vyhodil.
ComboFix 12-01-26.03 - Radim - doma 27.01.2012 20:31:15.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.248 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim - doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim - doma\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc93ee57ceef40.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.79\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.79\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.79\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.79\goopdate.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.79\psmachine.dll
c:\program files\Google\Update\1.3.21.79\psuser.dll
c:\program files\Google\Update\Download\{2FCDD53A-4CD3-490F-BCFA-99AB80484921}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-27 do 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 15:18 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-01-26 19:30 . 2012-01-26 19:32 -------- d-----w- c:\program files\trend micro
2012-01-26 19:30 . 2012-01-26 19:33 -------- d-----w- C:\rsit
2012-01-25 15:55 . 2011-11-24 11:55 -------- d-----w- C:\CRACK
2012-01-25 11:48 . 2012-01-25 11:48 -------- d-----w- c:\documents and settings\Radim - doma\Local Settings\Data aplikací\ESET
2012-01-25 11:47 . 2012-01-25 11:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-25 11:39 . 2012-01-25 11:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-25 11:34 . 2012-01-25 11:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 19:22 . 2007-12-13 07:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-15 19:22 . 2011-12-15 19:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_21.35.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-27 19:48 . 2012-01-27 19:48 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
+ 2004-12-21 14:22 . 2008-11-07 17:55 26144 c:\windows\system32\spupdsvc.exe
+ 2009-07-14 09:35 . 2009-07-14 09:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2011-01-23 22:34 . 2010-04-19 18:29 18432 c:\windows\system32\drivers\netaapl.sys
+ 2012-01-27 15:38 . 2003-12-05 16:49 344064 c:\windows\system32\ReinstallBackups\0020\DriverFiles\w22NCPA.dll
+ 2007-02-12 18:40 . 2007-02-12 18:40 557056 c:\windows\system32\Netw2c32.dll
+ 2009-07-14 09:35 . 2009-07-14 09:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2011-01-23 22:34 . 2010-04-19 18:29 1461992 c:\windows\system32\wdfcoinstaller01009.dll
+ 2012-01-27 15:38 . 2003-12-05 16:49 1987712 c:\windows\system32\ReinstallBackups\0020\DriverFiles\w22n51.sys
+ 2007-02-12 18:41 . 2007-02-12 18:41 2732032 c:\windows\system32\Netw2r32.dll
+ 2007-07-25 23:44 . 2007-07-25 23:44 2210048 c:\windows\system32\drivers\w29n51.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-26 114741]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 88267]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"D211STRT.EXE"="c:\program files\Nokia\Nokia D211\D211STRT.EXE" [2002-08-28 24576]
"GrooveMonitor"="c:\microsoft office 07\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2010-12-13 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-12 503869]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
PGPtray.lnk - c:\program files\PGP Corporation\PGP for Windows XP\PGPtray.exe [2004-12-22 331776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Microsoft office 07\\Office12\\OUTLOOK.EXE"=
"c:\\Microsoft office 07\\Office12\\GROOVE.EXE"=
"c:\\Microsoft office 07\\Office12\\ONENOTE.EXE"=
"c:\\Lukas\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\utorrent-1.8.2.upx.exe"=
"c:\\Lukas\\uTorrent\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
.
R0 D211MC;Nokia D211 Management;c:\windows\system32\drivers\D211MC.SYS [28.8.2002 6:53 33798]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.6.2007 14:12 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [15.12.2009 22:44 164992]
R2 D211CTL;Nokia D211;c:\program files\Nokia\Nokia D211\D211CTL.exe [28.8.2002 6:52 331854]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [15.12.2009 22:44 12544]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [22.12.2004 17:02 65536]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [18.12.2004 0:42 26240]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\RADIM-~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\RADIM-~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 D211MDM;Nokia D211 GSM Modem Driver;c:\windows\system32\drivers\D211MDM.SYS [28.8.2002 6:53 35333]
S3 D211NIC;Nokia D211 radio card;c:\windows\system32\drivers\D211NIC.SYS [28.8.2002 6:53 54196]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [23.1.2011 23:34 18432]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\micros~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.168.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h?4??????? ?deB???????????????B? ??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1128)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\AGRSMMSG.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\PCSuite\Services\NclBTHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-01-27 20:57:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-27 19:57
ComboFix2.txt 2012-01-26 21:47
.
Před spuštěním: 4 839 489 536
Po spuštění: 4 811 649 024
.
- - End Of File - - 13F04B6ED5CFE04FFEC1F6A43AAFD4B0
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 12-01-26.03 - Radim - doma 27.01.2012 20:31:15.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.248 [GMT 1:00]
Spuštěný z: c:\documents and settings\Radim - doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim - doma\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc93ee57ceef40.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.79\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.79\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.79\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.79\goopdate.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.79\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.79\psmachine.dll
c:\program files\Google\Update\1.3.21.79\psuser.dll
c:\program files\Google\Update\Download\{2FCDD53A-4CD3-490F-BCFA-99AB80484921}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.79\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-27 do 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2012-01-27 15:18 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-01-26 19:30 . 2012-01-26 19:32 -------- d-----w- c:\program files\trend micro
2012-01-26 19:30 . 2012-01-26 19:33 -------- d-----w- C:\rsit
2012-01-25 15:55 . 2011-11-24 11:55 -------- d-----w- C:\CRACK
2012-01-25 11:48 . 2012-01-25 11:48 -------- d-----w- c:\documents and settings\Radim - doma\Local Settings\Data aplikací\ESET
2012-01-25 11:47 . 2012-01-25 11:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-25 11:39 . 2012-01-25 11:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-01-25 11:34 . 2012-01-25 11:34 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 19:22 . 2007-12-13 07:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-15 19:22 . 2011-12-15 19:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_21.35.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-27 19:48 . 2012-01-27 19:48 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
+ 2004-12-21 14:22 . 2008-11-07 17:55 26144 c:\windows\system32\spupdsvc.exe
+ 2009-07-14 09:35 . 2009-07-14 09:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2011-01-23 22:34 . 2010-04-19 18:29 18432 c:\windows\system32\drivers\netaapl.sys
+ 2012-01-27 15:38 . 2003-12-05 16:49 344064 c:\windows\system32\ReinstallBackups\0020\DriverFiles\w22NCPA.dll
+ 2007-02-12 18:40 . 2007-02-12 18:40 557056 c:\windows\system32\Netw2c32.dll
+ 2009-07-14 09:35 . 2009-07-14 09:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2011-01-23 22:34 . 2010-04-19 18:29 1461992 c:\windows\system32\wdfcoinstaller01009.dll
+ 2012-01-27 15:38 . 2003-12-05 16:49 1987712 c:\windows\system32\ReinstallBackups\0020\DriverFiles\w22n51.sys
+ 2007-02-12 18:41 . 2007-02-12 18:41 2732032 c:\windows\system32\Netw2r32.dll
+ 2007-07-25 23:44 . 2007-07-25 23:44 2210048 c:\windows\system32\drivers\w29n51.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-09-26 114741]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 88267]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-03-22 851968]
"D211STRT.EXE"="c:\program files\Nokia\Nokia D211\D211STRT.EXE" [2002-08-28 24576]
"GrooveMonitor"="c:\microsoft office 07\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2010-12-13 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-12 503869]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
PGPtray.lnk - c:\program files\PGP Corporation\PGP for Windows XP\PGPtray.exe [2004-12-22 331776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Microsoft office 07\\Office12\\OUTLOOK.EXE"=
"c:\\Microsoft office 07\\Office12\\GROOVE.EXE"=
"c:\\Microsoft office 07\\Office12\\ONENOTE.EXE"=
"c:\\Lukas\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\utorrent-1.8.2.upx.exe"=
"c:\\Lukas\\uTorrent\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\iTunes\\iTunes.exe"=
.
R0 D211MC;Nokia D211 Management;c:\windows\system32\drivers\D211MC.SYS [28.8.2002 6:53 33798]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.6.2007 14:12 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [15.12.2009 22:44 164992]
R2 D211CTL;Nokia D211;c:\program files\Nokia\Nokia D211\D211CTL.exe [28.8.2002 6:52 331854]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [15.12.2009 22:44 12544]
R2 PGPsdkServ;PGPsdkService;c:\windows\system32\PGPsdkServ.exe [22.12.2004 17:02 65536]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [18.12.2004 0:42 26240]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\RADIM-~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\RADIM-~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 D211MDM;Nokia D211 GSM Modem Driver;c:\windows\system32\drivers\D211MDM.SYS [28.8.2002 6:53 35333]
S3 D211NIC;Nokia D211 radio card;c:\windows\system32\drivers\D211NIC.SYS [28.8.2002 6:53 54196]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [23.1.2011 23:34 18432]
.
Obsah adresáře 'Naplánované úlohy'
.
2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\micros~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.168.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h?4??????? ?deB???????????????B? ??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1128)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\AGRSMMSG.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\PCSuite\Services\NclBTHandler.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-01-27 20:57:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-27 19:57
ComboFix2.txt 2012-01-26 21:47
.
Před spuštěním: 4 839 489 536
Po spuštění: 4 811 649 024
.
- - End Of File - - 13F04B6ED5CFE04FFEC1F6A43AAFD4B0
Nahr nˇ probŘhlo ŁspŘçnŘ
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, díky
Dík moc snad už to bude lepší. A můžu tě ještě poprosit o kontrolu tady tohohle počítače. Na něm se mi taky vyskytl již zmiňovaný Autorun.inf
Logfile of random's system information tool 1.09 (written by random/random)
Run by Lukas at 2012-01-28 21:08:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (5%) free of 64 GB
Total RAM: 1007 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:54, on 28.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\7SP_Files\Styler\Styler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Alkohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Plocha\Internet download\RSIT.exe
C:\Program Files\trend micro\Lukas.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobe acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time Player\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Alkohol 120%\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AeroShake.lnk = C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe
O4 - Startup: Refresh Icon Cache.lnk = C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe
O4 - Startup: Styler toolbar.lnk = C:\WINDOWS\7SP_Files\Styler\Styler.exe
O4 - Startup: ViSplore.lnk = C:\WINDOWS\7SP_Files\ViSplore\ViSplore OneStep.exe
O4 - Startup: VisualTaskTips.lnk = C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
O4 - Startup: YzShadow.lnk = C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\MISROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Icq 7,5\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Icq 7,5\ICQ7.5\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MISROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWS\
--
End of file - 16024 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1020180247-2749402951-187203193-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1020180247-2749402951-187203193-1006UA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\pd22o885.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911, avg@igeared:7.007.026.001, DTToolbar@toolbarnet.com:1.1.1.0014, plugin2@gameplaylabs.com:2.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, plugin3@gameplaylabs.com:3.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, ClickPotatoLite@ClickPotatoLite.com:10.0.0.0, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=109130&ba ... e6b158c&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Adobe acrobat reader\Reader\AIR\nppdf32.dll
C:\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
C:\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
nsIQTScriptablePlugin.xpt
C:\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Mozilla Firefox\searchplugins\
avg-secure-search.xml
babylon.xml
google.xml
googledesktop.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\pd22o885.default\extensions\
DTToolbar@toolbarnet.com
plugin2@gameplaylabs.com
plugin3@gameplaylabs.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{20a82645-c095-46ed-80e3-08825760534b}
{ecdee021-0d17-467f-a1ff-c7a115230949}
{ecdee021-0d17-467f-a1ff-c7a115230949}-trash
C:\Documents and Settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\pd22o885.default\searchplugins\
conduit.xml
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-05-18 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\prxtbfre2.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-05-18 520192]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\prxtbfre2.dll [2011-05-09 176936]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-05-23 344064]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-04-13 331552]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
"LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-16 45056]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2006-05-12 1138688]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-31 761856]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-04-24 888832]
"GrooveMonitor"=C:\Microsoft Office 2007\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-09-30 30192]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-04 16250880]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-10-13 606208]
"3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2009-06-11 503808]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"Adobe Reader Speed Launcher"=C:\Adobe acrobat reader\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]
"QuickTime Task"=C:\Quick Time Player\qttask.exe [2011-07-05 421888]
"NPSStartup"= []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"iTunesHelper"=C:\iTunes\iTunesHelper.exe [2012-01-16 421736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WEBTRAN"= []
"AlcoholAutomount"=C:\Alkohol 120%\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Alkohol 120%\Alcohol 120\axcmd.exe [2010-05-27 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Quick Time Player\QTTask.exe [2011-07-05 421888]
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění
AeroShake.lnk - C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe
Refresh Icon Cache.lnk - C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe
Styler toolbar.lnk - C:\WINDOWS\7SP_Files\Styler\Styler.exe
ViSplore.lnk - C:\WINDOWS\7SP_Files\ViSplore\ViSplore OneStep.exe
VisualTaskTips.lnk - C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
YzShadow.lnk - C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\uTorrent\utorrent-1.9-alpha-14470.upx.exe"="C:\uTorrent\utorrent-1.9-alpha-14470.upx.exe:*:Enabled:µTorrent"
"C:\uTorrent\uTorrent\utorrent.exe"="C:\uTorrent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Mozilla Firefox\firefox.exe"="C:\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\ICQ 6,5\ICQ6.5\ICQ.exe"="C:\ICQ 6,5\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"M:\Hry\Metin2\metin2.bin"="M:\Hry\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Microsoft Office 2007\Office12\OUTLOOK.EXE"="C:\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Microsoft Office 2007\Office12\GROOVE.EXE"="C:\Microsoft Office 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Qip\QIP\qip.exe"="C:\Qip\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"
"C:\Logitech touchmouse\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="C:\Logitech touchmouse\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"M:\Hry\Fifa 11\Game\fifa.exe"="M:\Hry\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11"
"M:\Hry\Warcraft III\Warcraft III.exe"="M:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Garena\Garena.exe"="C:\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Lukas\Local Settings\temp\tmp-JHkJHklh\receiver.exe"="C:\Documents and Settings\Lukas\Local Settings\temp\tmp-JHkJHklh\receiver.exe:*:Enabled:receiver"
"C:\Documents and Settings\Lukas\Plocha\facebook-pic00005267.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Qip\QIP 2010\qip.exe"="C:\Qip\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Icq 7,5\ICQ7.5\ICQ.exe"="C:\Icq 7,5\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Samsung New PC Studio\npsasvr.exe"="C:\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Samsung New PC Studio\npsvsvr.exe"="C:\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\iTunes\iTunes.exe"="C:\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ExpressFiles\ExpressFiles.exe"="C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:ExpressFiles"
"C:\Program Files\ExpressFiles\ExpressDL.exe"="C:\Program Files\ExpressFiles\ExpressDL.exe:*:Enabled:ExpressFilesDL"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Icq 7,5\ICQ7.5\ICQ.exe"="C:\Icq 7,5\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.divxa32"=msaud32_divx.acm
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xvid"=xvidvfw.dll
======List of files/folders created in the last 1 month======
2012-01-28 21:08:44 ----D---- C:\Program Files\trend micro
2012-01-28 21:08:43 ----D---- C:\rsit
2012-01-27 22:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-27 22:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-27 22:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-01-27 22:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-27 22:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-27 22:11:25 ----D---- C:\Documents and Settings\Lukas\Data aplikací\BabylonToolbar
2012-01-27 13:51:45 ----D---- C:\Program Files\BabylonToolbar
2012-01-27 13:51:45 ----A---- C:\user.js
2012-01-27 13:51:26 ----D---- C:\Documents and Settings\Lukas\Data aplikací\Babylon
2012-01-27 13:51:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2012-01-27 13:51:24 ----D---- C:\Program Files\ExpressFiles
2012-01-27 13:45:24 ----D---- C:\Program Files\ESET
2012-01-27 13:45:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-27 13:33:26 ----D---- C:\ESET Nod 32
2012-01-23 20:53:14 ----D---- C:\Program Files\iPod
2012-01-15 23:29:02 ----A---- C:\WINDOWS\imsins.BAK
2012-01-15 23:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-15 14:49:23 ----D---- C:\WINDOWS\system32\cache
======List of files/folders modified in the last 1 month======
2012-01-28 21:08:46 ----D---- C:\WINDOWS\Prefetch
2012-01-28 21:08:44 ----SD---- C:\Program Files
2012-01-28 20:54:11 ----D---- C:\WINDOWS\temp
2012-01-28 16:41:08 ----D---- C:\WINDOWS
2012-01-28 16:40:16 ----D---- C:\WINDOWS\SMINST
2012-01-28 16:40:03 ----D---- C:\WINDOWS\system32
2012-01-27 22:41:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-27 22:37:16 ----D---- C:\Documents and Settings\Lukas\Data aplikací\uTorrent
2012-01-27 22:26:45 ----SHD---- C:\WINDOWS\Installer
2012-01-27 22:26:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-01-27 22:25:58 ----HD---- C:\WINDOWS\inf
2012-01-27 22:25:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-27 22:23:16 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-27 22:22:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-27 22:12:17 ----D---- C:\Program Files\free-downloads.net
2012-01-27 14:24:24 ----D---- C:\Mozilla Firefox
2012-01-27 13:47:46 ----D---- C:\WINDOWS\system32\drivers
2012-01-27 13:42:42 ----D---- C:\AVG free 9
2012-01-23 20:54:19 ----D---- C:\iTunes
2012-01-23 20:53:12 ----D---- C:\Program Files\Common Files\Apple
2012-01-23 20:48:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-01-15 23:29:15 ----D---- C:\WINDOWS\Debug
2012-01-15 23:29:08 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-15 23:28:19 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-12 17:22:27 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-12 17:22:25 ----RSD---- C:\WINDOWS\assembly
2012-01-11 23:03:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-11 23:03:06 ----D---- C:\WINDOWS\WinSxS
2012-01-04 21:14:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-01-04 21:14:26 ----D---- C:\Program Files\Norton Security Scan
2012-01-04 21:14:20 ----SD---- C:\WINDOWS\Tasks
2012-01-04 21:14:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-01-02 11:36:38 ----D---- C:\Samsung New PC Studio
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2006-07-06 246784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-07-14 436792]
R0 tffsport;M-Systems DiskOnChip 2000; C:\WINDOWS\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Ultra ISO\UltraISO\drivers\ISODrive.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-12-06 44416]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-04 4306944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2004-07-26 316192]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 a7i8ujod;a7i8ujod; C:\WINDOWS\system32\drivers\a7i8ujod.sys []
S3 awgbqdjn;awgbqdjn; C:\WINDOWS\system32\drivers\awgbqdjn.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 VirtDisk;XSS Virtual Disk Driver; \??\c:\windows\sminst\VirtDisk.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-04-13 540448]
R2 StarWindServiceAE;StarWind AE Service; C:\Alkohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 binlbjxkn;idncetc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
S2 PCA;PC Angel; C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe []
S2 uzbnxynuu;Update Network; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-09-30 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Microsoft Office 2007\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Lukas at 2012-01-28 21:08:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (5%) free of 64 GB
Total RAM: 1007 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:54, on 28.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\7SP_Files\Styler\Styler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Alkohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lukas\Plocha\Internet download\RSIT.exe
C:\Program Files\trend micro\Lukas.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Adobe acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Quick Time Player\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Alkohol 120%\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AeroShake.lnk = C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe
O4 - Startup: Refresh Icon Cache.lnk = C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe
O4 - Startup: Styler toolbar.lnk = C:\WINDOWS\7SP_Files\Styler\Styler.exe
O4 - Startup: ViSplore.lnk = C:\WINDOWS\7SP_Files\ViSplore\ViSplore OneStep.exe
O4 - Startup: VisualTaskTips.lnk = C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
O4 - Startup: YzShadow.lnk = C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\MISROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Icq 7,5\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Icq 7,5\ICQ7.5\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MISROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Microsoft Office 2007\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWS\
--
End of file - 16024 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1020180247-2749402951-187203193-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1020180247-2749402951-187203193-1006UA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\pd22o885.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911, avg@igeared:7.007.026.001, DTToolbar@toolbarnet.com:1.1.1.0014, plugin2@gameplaylabs.com:2.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, plugin3@gameplaylabs.com:3.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, ClickPotatoLite@ClickPotatoLite.com:10.0.0.0, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=109130&ba ... e6b158c&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Adobe acrobat reader\Reader\AIR\nppdf32.dll
C:\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
C:\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
nsIQTScriptablePlugin.xpt
C:\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Mozilla Firefox\searchplugins\
avg-secure-search.xml
babylon.xml
google.xml
googledesktop.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\pd22o885.default\extensions\
DTToolbar@toolbarnet.com
plugin2@gameplaylabs.com
plugin3@gameplaylabs.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{20a82645-c095-46ed-80e3-08825760534b}
{ecdee021-0d17-467f-a1ff-c7a115230949}
{ecdee021-0d17-467f-a1ff-c7a115230949}-trash
C:\Documents and Settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\pd22o885.default\searchplugins\
conduit.xml
daemon-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-05-18 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\prxtbfre2.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-05-18 520192]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\prxtbfre2.dll [2011-05-09 176936]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-05-23 344064]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-04-13 331552]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]
"LayoutM"=C:\WINDOWS\KLayMgr.exe [2004-08-16 45056]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2006-05-12 1138688]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-31 761856]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-04-24 888832]
"GrooveMonitor"=C:\Microsoft Office 2007\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-09-30 30192]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-04 16250880]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-10-13 606208]
"3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2009-06-11 503808]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"Adobe Reader Speed Launcher"=C:\Adobe acrobat reader\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]
"QuickTime Task"=C:\Quick Time Player\qttask.exe [2011-07-05 421888]
"NPSStartup"= []
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"iTunesHelper"=C:\iTunes\iTunesHelper.exe [2012-01-16 421736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WEBTRAN"= []
"AlcoholAutomount"=C:\Alkohol 120%\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Alkohol 120%\Alcohol 120\axcmd.exe [2010-05-27 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Quick Time Player\QTTask.exe [2011-07-05 421888]
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění
AeroShake.lnk - C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe
Refresh Icon Cache.lnk - C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe
Styler toolbar.lnk - C:\WINDOWS\7SP_Files\Styler\Styler.exe
ViSplore.lnk - C:\WINDOWS\7SP_Files\ViSplore\ViSplore OneStep.exe
VisualTaskTips.lnk - C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
YzShadow.lnk - C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\uTorrent\utorrent-1.9-alpha-14470.upx.exe"="C:\uTorrent\utorrent-1.9-alpha-14470.upx.exe:*:Enabled:µTorrent"
"C:\uTorrent\uTorrent\utorrent.exe"="C:\uTorrent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Mozilla Firefox\firefox.exe"="C:\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\ICQ 6,5\ICQ6.5\ICQ.exe"="C:\ICQ 6,5\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"M:\Hry\Metin2\metin2.bin"="M:\Hry\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Microsoft Office 2007\Office12\OUTLOOK.EXE"="C:\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Microsoft Office 2007\Office12\GROOVE.EXE"="C:\Microsoft Office 2007\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Microsoft Office 2007\Office12\ONENOTE.EXE"="C:\Microsoft Office 2007\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Qip\QIP\qip.exe"="C:\Qip\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"
"C:\Logitech touchmouse\Logitech Touch Mouse Server\iTouch-Server-Win.exe"="C:\Logitech touchmouse\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech"
"M:\Hry\Fifa 11\Game\fifa.exe"="M:\Hry\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11"
"M:\Hry\Warcraft III\Warcraft III.exe"="M:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Garena\Garena.exe"="C:\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Lukas\Local Settings\temp\tmp-JHkJHklh\receiver.exe"="C:\Documents and Settings\Lukas\Local Settings\temp\tmp-JHkJHklh\receiver.exe:*:Enabled:receiver"
"C:\Documents and Settings\Lukas\Plocha\facebook-pic00005267.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Qip\QIP 2010\qip.exe"="C:\Qip\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Icq 7,5\ICQ7.5\ICQ.exe"="C:\Icq 7,5\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Samsung New PC Studio\npsasvr.exe"="C:\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Samsung New PC Studio\npsvsvr.exe"="C:\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\iTunes\iTunes.exe"="C:\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ExpressFiles\ExpressFiles.exe"="C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:ExpressFiles"
"C:\Program Files\ExpressFiles\ExpressDL.exe"="C:\Program Files\ExpressFiles\ExpressDL.exe:*:Enabled:ExpressFilesDL"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Icq 7,5\ICQ7.5\ICQ.exe"="C:\Icq 7,5\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.divxa32"=msaud32_divx.acm
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.xvid"=xvidvfw.dll
======List of files/folders created in the last 1 month======
2012-01-28 21:08:44 ----D---- C:\Program Files\trend micro
2012-01-28 21:08:43 ----D---- C:\rsit
2012-01-27 22:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-27 22:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-01-27 22:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-01-27 22:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-01-27 22:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-01-27 22:11:25 ----D---- C:\Documents and Settings\Lukas\Data aplikací\BabylonToolbar
2012-01-27 13:51:45 ----D---- C:\Program Files\BabylonToolbar
2012-01-27 13:51:45 ----A---- C:\user.js
2012-01-27 13:51:26 ----D---- C:\Documents and Settings\Lukas\Data aplikací\Babylon
2012-01-27 13:51:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2012-01-27 13:51:24 ----D---- C:\Program Files\ExpressFiles
2012-01-27 13:45:24 ----D---- C:\Program Files\ESET
2012-01-27 13:45:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-27 13:33:26 ----D---- C:\ESET Nod 32
2012-01-23 20:53:14 ----D---- C:\Program Files\iPod
2012-01-15 23:29:02 ----A---- C:\WINDOWS\imsins.BAK
2012-01-15 23:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-01-15 14:49:23 ----D---- C:\WINDOWS\system32\cache
======List of files/folders modified in the last 1 month======
2012-01-28 21:08:46 ----D---- C:\WINDOWS\Prefetch
2012-01-28 21:08:44 ----SD---- C:\Program Files
2012-01-28 20:54:11 ----D---- C:\WINDOWS\temp
2012-01-28 16:41:08 ----D---- C:\WINDOWS
2012-01-28 16:40:16 ----D---- C:\WINDOWS\SMINST
2012-01-28 16:40:03 ----D---- C:\WINDOWS\system32
2012-01-27 22:41:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-27 22:37:16 ----D---- C:\Documents and Settings\Lukas\Data aplikací\uTorrent
2012-01-27 22:26:45 ----SHD---- C:\WINDOWS\Installer
2012-01-27 22:26:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-01-27 22:25:58 ----HD---- C:\WINDOWS\inf
2012-01-27 22:25:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-01-27 22:23:16 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-27 22:22:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-27 22:12:17 ----D---- C:\Program Files\free-downloads.net
2012-01-27 14:24:24 ----D---- C:\Mozilla Firefox
2012-01-27 13:47:46 ----D---- C:\WINDOWS\system32\drivers
2012-01-27 13:42:42 ----D---- C:\AVG free 9
2012-01-23 20:54:19 ----D---- C:\iTunes
2012-01-23 20:53:12 ----D---- C:\Program Files\Common Files\Apple
2012-01-23 20:48:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-01-15 23:29:15 ----D---- C:\WINDOWS\Debug
2012-01-15 23:29:08 ----A---- C:\WINDOWS\system32\MRT.exe
2012-01-15 23:28:19 ----D---- C:\WINDOWS\system32\CatRoot
2012-01-12 17:22:27 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-12 17:22:25 ----RSD---- C:\WINDOWS\assembly
2012-01-11 23:03:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-11 23:03:06 ----D---- C:\WINDOWS\WinSxS
2012-01-04 21:14:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-01-04 21:14:26 ----D---- C:\Program Files\Norton Security Scan
2012-01-04 21:14:20 ----SD---- C:\WINDOWS\Tasks
2012-01-04 21:14:20 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-01-02 11:36:38 ----D---- C:\Samsung New PC Studio
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2006-07-06 246784]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-07-14 436792]
R0 tffsport;M-Systems DiskOnChip 2000; C:\WINDOWS\system32\DRIVERS\tffsport.sys [2008-04-13 149376]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Ultra ISO\UltraISO\drivers\ISODrive.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-12-06 44416]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-04 4306944]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2004-07-26 316192]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 a7i8ujod;a7i8ujod; C:\WINDOWS\system32\drivers\a7i8ujod.sys []
S3 awgbqdjn;awgbqdjn; C:\WINDOWS\system32\drivers\awgbqdjn.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Garena\plugins\UI\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 VirtDisk;XSS Virtual Disk Driver; \??\c:\windows\sminst\VirtDisk.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-04-13 540448]
R2 StarWindServiceAE;StarWind AE Service; C:\Alkohol 120%\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 binlbjxkn;idncetc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
S2 PCA;PC Angel; C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe []
S2 uzbnxynuu;Update Network; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-09-30 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Microsoft Office 2007\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, díky
Ahoj mám problém. Jakmile spustím combofix tak se mi normálně rozjede udělá celý test, restartuje se počítač a při restartu se mi zobrazí modrá obrazovka s tímto:
Byly zjištěny potíže a systém WINDOWS byl ukončen, aby nedošlo k poškození počítače.
BAD_POOL_HEADER
teď nějaké blbosti a pak na konci:
technické informace:
STOP: 0x00000019 (0x00000020; 0x855d0000; 0x855d0418; 0x1a830000)
zjišťování výpisu fyzické paměti RAM
výpis fyzické paměti RAM na disk: a tady to nabíhá až do stovky kde to zkončí a počítač znova naběhne ale nemůžu najít nikde ten log k tomu combofixu
PRosím o radu
díky moc
Byly zjištěny potíže a systém WINDOWS byl ukončen, aby nedošlo k poškození počítače.
BAD_POOL_HEADER
teď nějaké blbosti a pak na konci:
technické informace:
STOP: 0x00000019 (0x00000020; 0x855d0000; 0x855d0418; 0x1a830000)
zjišťování výpisu fyzické paměti RAM
výpis fyzické paměti RAM na disk: a tady to nabíhá až do stovky kde to zkončí a počítač znova naběhne ale nemůžu najít nikde ten log k tomu combofixu
PRosím o radu
díky moc
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Zkuste spustit CF v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, díky
A jak se prosím dostanu do nouzového režimu protože při spuštění windows mi to dává pouze na výběr jestli normálně windows a nebo recovery, ale nouzový režim tam nikde není.
Díky moc
Díky moc
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Těsně před ukončením úvodních postů tiskněte F8. Objeví se menu, v němž se budete pohybovat kurzorovými šipkami. Zvolíte "Stav nouze" a stisknete >Enter<.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, díky
Omlouvám se byl jsem teď mimo ČR. Tady posílám ten log z toho combofixu. Prosím o kontrolu.
Díky moc
ComboFix 12-02-13.01 - Administrator 14.02.2012 18:53:10.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1007.648 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Lukas\WINDOWS
C:\WINDOWS\explorer.backup
C:\WINDOWS\pkunzip.pif
C:\WINDOWS\pkzip.pif
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\272512937d9e61a4.fb
C:\WINDOWS\system32\Cache\287204568329e189.fb
C:\WINDOWS\system32\Cache\28bc8f716fd76a47.fb
C:\WINDOWS\system32\Cache\2c53092c95605355.fb
C:\WINDOWS\system32\Cache\3917078cb68ec657.fb
C:\WINDOWS\system32\Cache\590ba23ce359fd0c.fb
C:\WINDOWS\system32\Cache\610289e025a3ee9a.fb
C:\WINDOWS\system32\Cache\651c5d3cdbfb8bd1.fb
C:\WINDOWS\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\WINDOWS\system32\Cache\a8556537add6dfc5.fb
C:\WINDOWS\system32\Cache\a8b645445e4d7503.fb
C:\WINDOWS\system32\Cache\ad10a52aff5e038d.fb
C:\WINDOWS\system32\Cache\c4d28dca2e7648be.fb
C:\WINDOWS\system32\Cache\d201ef9910cd39de.fb
C:\WINDOWS\system32\Cache\d2e94710a5708128.fb
C:\WINDOWS\system32\Cache\d79b9dfe81484ec4.fb
C:\WINDOWS\system32\Cache\e0de16f883bea794.fb
C:\WINDOWS\system32\config\default.bak1
C:\WINDOWS\system32\config\SAM.bak1
C:\WINDOWS\system32\config\SECURITY.bak1
C:\WINDOWS\system32\config\software.bak1
C:\WINDOWS\system32\config\system.bak1
C:\WINDOWS\system32\SET24.tmp
C:\WINDOWS\system32\SET25.tmp
C:\WINDOWS\system32\SET27.tmp
C:\WINDOWS\system32\SET28.tmp
C:\WINDOWS\system32\SET2FC.tmp
C:\WINDOWS\system32\SET300.tmp
C:\WINDOWS\system32\SET301.tmp
C:\WINDOWS\system32\SET308.tmp
C:\WINDOWS\XSxS
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))
2012-01-28 20:08:44 . 2012-01-28 20:08:54 -------- d-----w- C:\Program Files\trend micro
2012-01-28 20:08:43 . 2012-01-28 20:08:58 -------- d-----w- C:\rsit
2012-01-27 13:01:41 . 2012-01-27 13:01:41 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-27 12:51:45 . 2012-01-27 12:51:47 237 ----a-w- C:\user.js
2012-01-27 12:51:45 . 2012-01-27 12:51:45 -------- d-----w- C:\Program Files\BabylonToolbar
2012-01-27 12:51:28 . 2012-01-27 12:51:28 -------- d-----w- C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Babylon
2012-01-27 12:51:26 . 2012-01-27 12:51:26 -------- d-----w- C:\Documents and Settings\Lukas\Data aplikací\Babylon
2012-01-27 12:51:26 . 2012-01-27 12:51:26 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Babylon
2012-01-27 12:51:24 . 2012-01-27 12:56:34 -------- d-----w- C:\Program Files\ExpressFiles
2012-01-27 12:45:24 . 2012-01-27 12:45:24 -------- d-----w- C:\Program Files\ESET
2012-01-27 12:45:23 . 2012-01-27 12:45:23 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-27 12:33:26 . 2012-01-27 12:34:04 -------- d-----w- C:\ESET Nod 32
2012-01-23 19:53:14 . 2012-01-23 19:53:14 -------- d-----w- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-11-25 21:57:27 . 2004-08-18 12:00:00 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-11-23 14:40:43 . 2004-08-18 12:00:00 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-21 17:46:04 . 2011-11-21 17:46:04 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12:48 . 2004-08-18 12:00:00 60416 ----a-w- C:\WINDOWS\system32\packager.exe
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\prxtbfre2.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2011-05-09 09:49:38 176936 ----a-w- C:\Program Files\free-downloads.net\prxtbfre2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\prxtbfre2.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\prxtbfre2.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WEBTRAN"="" [BU]
"AlcoholAutomount"="C:\Alkohol 120%\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 11:03:08 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-23 20:05:00 344064]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-04-13 08:44:18 331552]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01:08 525824]
"LayoutM"="KLayMgr.exe" [2004-08-16 19:46:40 45056]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 11:50:16 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 13:44:26 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-04-24 09:42:06 888832]
"GrooveMonitor"="C:\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-09-30 16:14:49 30192]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 17:26:06 16250880]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 10:41:27 606208]
"3170 Scan2PC"="C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 06:10:17 503808]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 21:32:54 61440]
"Adobe Reader Speed Launcher"="C:\Adobe acrobat reader\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 23:52:06 59240]
"QuickTime Task"="C:\Quick Time Player\qttask.exe" [2011-07-05 16:36:48 421888]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 22:25:58 59240]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"iTunesHelper"="C:\iTunes\iTunesHelper.exe" [2012-01-16 16:22:12 421736]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 11:03:02 3080264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\
AeroShake.lnk - C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe [2011-4-17 206065]
Refresh Icon Cache.lnk - C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe [2011-4-17 203139]
Styler toolbar.lnk - C:\WINDOWS\7SP_Files\Styler\Styler.exe [2011-4-17 307200]
ViSplore.lnk - C:\WINDOWS\7SP_Files\ViSplore\ViSplore OneStep.exe [N/A]
VisualTaskTips.lnk - C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe [2011-4-17 65536]
YzShadow.lnk - C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe [2011-4-17 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-05-27 00:31:04 31072 ----a-w- C:\Alkohol 120%\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36:48 421888 ----a-w- C:\Quick Time Player\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\uTorrent\\uTorrent\\utorrent.exe"=
"C:\\Mozilla Firefox\\firefox.exe"=
"M:\\Hry\\Metin2\\metin2.bin"=
"C:\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"C:\\Logitech touchmouse\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"M:\\Hry\\Fifa 11\\Game\\fifa.exe"=
"C:\\Garena\\Garena.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Qip\\QIP 2010\\qip.exe"=
"C:\\Icq 7,5\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\iTunes\\iTunes.exe"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [11.2.2009 21:18:46 436792]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\drivers\tffsport.sys [18.8.2004 13:00:00 149376]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [4.8.2011 9:20:36 118104]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [4.8.2011 9:20:38 103112]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03:30 974944]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [15.9.2011 16:43:33 233472]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [11.2.2009 18:48:11 540448]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15.9.2011 16:43:33 36608]
S2 binlbjxkn;idncetc;C:\WINDOWS\system32\svchost.exe -k netsvcs [18.8.2004 13:00:00 14336]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14.11.2011 21:08:30 136176]
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys --> C:\WINDOWS\system32\Drivers\SSPORT.sys [?]
S2 uzbnxynuu;Update Network;C:\WINDOWS\system32\svchost.exe -k netsvcs [18.8.2004 13:00:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\C:\Garena\plugins\UI\safedrv.sys --> C:\Garena\plugins\UI\safedrv.sys [?]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30.9.2009 17:14:49 30192]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [14.11.2011 21:08:30 136176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [15.9.2011 16:43:53 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [15.9.2011 16:43:53 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [15.9.2011 16:43:53 121856]
S3 VirtDisk;XSS Virtual Disk Driver;C:\WINDOWS\SMINST\virtdisk.sys [11.2.2009 20:58:02 57344]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
Obsah adresáře 'Naplánované úlohy'
2012-01-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2011-06-01 15:57:16]
2012-02-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 20:08:30 . 2011-11-14 20:07:59]
2012-02-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 20:08:30 . 2011-11-14 20:07:59]
------- Doplňkový sken -------
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - C:\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - C:\MISROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Icq 7,5\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.168.1
FF - ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\fei4vske.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-NPSStartup - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 19:01:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
Díky moc
ComboFix 12-02-13.01 - Administrator 14.02.2012 18:53:10.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1007.648 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Lukas\WINDOWS
C:\WINDOWS\explorer.backup
C:\WINDOWS\pkunzip.pif
C:\WINDOWS\pkzip.pif
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\272512937d9e61a4.fb
C:\WINDOWS\system32\Cache\287204568329e189.fb
C:\WINDOWS\system32\Cache\28bc8f716fd76a47.fb
C:\WINDOWS\system32\Cache\2c53092c95605355.fb
C:\WINDOWS\system32\Cache\3917078cb68ec657.fb
C:\WINDOWS\system32\Cache\590ba23ce359fd0c.fb
C:\WINDOWS\system32\Cache\610289e025a3ee9a.fb
C:\WINDOWS\system32\Cache\651c5d3cdbfb8bd1.fb
C:\WINDOWS\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\WINDOWS\system32\Cache\a8556537add6dfc5.fb
C:\WINDOWS\system32\Cache\a8b645445e4d7503.fb
C:\WINDOWS\system32\Cache\ad10a52aff5e038d.fb
C:\WINDOWS\system32\Cache\c4d28dca2e7648be.fb
C:\WINDOWS\system32\Cache\d201ef9910cd39de.fb
C:\WINDOWS\system32\Cache\d2e94710a5708128.fb
C:\WINDOWS\system32\Cache\d79b9dfe81484ec4.fb
C:\WINDOWS\system32\Cache\e0de16f883bea794.fb
C:\WINDOWS\system32\config\default.bak1
C:\WINDOWS\system32\config\SAM.bak1
C:\WINDOWS\system32\config\SECURITY.bak1
C:\WINDOWS\system32\config\software.bak1
C:\WINDOWS\system32\config\system.bak1
C:\WINDOWS\system32\SET24.tmp
C:\WINDOWS\system32\SET25.tmp
C:\WINDOWS\system32\SET27.tmp
C:\WINDOWS\system32\SET28.tmp
C:\WINDOWS\system32\SET2FC.tmp
C:\WINDOWS\system32\SET300.tmp
C:\WINDOWS\system32\SET301.tmp
C:\WINDOWS\system32\SET308.tmp
C:\WINDOWS\XSxS
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))
2012-01-28 20:08:44 . 2012-01-28 20:08:54 -------- d-----w- C:\Program Files\trend micro
2012-01-28 20:08:43 . 2012-01-28 20:08:58 -------- d-----w- C:\rsit
2012-01-27 13:01:41 . 2012-01-27 13:01:41 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
2012-01-27 12:51:45 . 2012-01-27 12:51:47 237 ----a-w- C:\user.js
2012-01-27 12:51:45 . 2012-01-27 12:51:45 -------- d-----w- C:\Program Files\BabylonToolbar
2012-01-27 12:51:28 . 2012-01-27 12:51:28 -------- d-----w- C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Babylon
2012-01-27 12:51:26 . 2012-01-27 12:51:26 -------- d-----w- C:\Documents and Settings\Lukas\Data aplikací\Babylon
2012-01-27 12:51:26 . 2012-01-27 12:51:26 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Babylon
2012-01-27 12:51:24 . 2012-01-27 12:56:34 -------- d-----w- C:\Program Files\ExpressFiles
2012-01-27 12:45:24 . 2012-01-27 12:45:24 -------- d-----w- C:\Program Files\ESET
2012-01-27 12:45:23 . 2012-01-27 12:45:23 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-01-27 12:33:26 . 2012-01-27 12:34:04 -------- d-----w- C:\ESET Nod 32
2012-01-23 19:53:14 . 2012-01-23 19:53:14 -------- d-----w- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-11-25 21:57:27 . 2004-08-18 12:00:00 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-11-23 14:40:43 . 2004-08-18 12:00:00 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-21 17:46:04 . 2011-11-21 17:46:04 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12:48 . 2004-08-18 12:00:00 60416 ----a-w- C:\WINDOWS\system32\packager.exe
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\prxtbfre2.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2011-05-09 09:49:38 176936 ----a-w- C:\Program Files\free-downloads.net\prxtbfre2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\prxtbfre2.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\prxtbfre2.dll" [2011-05-09 09:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WEBTRAN"="" [BU]
"AlcoholAutomount"="C:\Alkohol 120%\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 11:03:08 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-23 20:05:00 344064]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-04-13 08:44:18 331552]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01:08 525824]
"LayoutM"="KLayMgr.exe" [2004-08-16 19:46:40 45056]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 11:50:16 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 13:44:26 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-04-24 09:42:06 888832]
"GrooveMonitor"="C:\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-09-30 16:14:49 30192]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 17:26:06 16250880]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 10:41:27 606208]
"3170 Scan2PC"="C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 06:10:17 503808]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 21:32:54 61440]
"Adobe Reader Speed Launcher"="C:\Adobe acrobat reader\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 23:52:06 59240]
"QuickTime Task"="C:\Quick Time Player\qttask.exe" [2011-07-05 16:36:48 421888]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 22:25:58 59240]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"iTunesHelper"="C:\iTunes\iTunesHelper.exe" [2012-01-16 16:22:12 421736]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 11:03:02 3080264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\
AeroShake.lnk - C:\WINDOWS\7SP_Files\Aero Shake\AeroShake.exe [2011-4-17 206065]
Refresh Icon Cache.lnk - C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe [2011-4-17 203139]
Styler toolbar.lnk - C:\WINDOWS\7SP_Files\Styler\Styler.exe [2011-4-17 307200]
ViSplore.lnk - C:\WINDOWS\7SP_Files\ViSplore\ViSplore OneStep.exe [N/A]
VisualTaskTips.lnk - C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe [2011-4-17 65536]
YzShadow.lnk - C:\WINDOWS\7SP_Files\YzShadow\YzShadow.exe [2011-4-17 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-05-27 00:31:04 31072 ----a-w- C:\Alkohol 120%\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36:48 421888 ----a-w- C:\Quick Time Player\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\uTorrent\\uTorrent\\utorrent.exe"=
"C:\\Mozilla Firefox\\firefox.exe"=
"M:\\Hry\\Metin2\\metin2.bin"=
"C:\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"C:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"C:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"C:\\Logitech touchmouse\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"M:\\Hry\\Fifa 11\\Game\\fifa.exe"=
"C:\\Garena\\Garena.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\Qip\\QIP 2010\\qip.exe"=
"C:\\Icq 7,5\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\iTunes\\iTunes.exe"=
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [11.2.2009 21:18:46 436792]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\drivers\tffsport.sys [18.8.2004 13:00:00 149376]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [4.8.2011 9:20:36 118104]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [4.8.2011 9:20:38 103112]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03:30 974944]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [15.9.2011 16:43:33 233472]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [11.2.2009 18:48:11 540448]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15.9.2011 16:43:33 36608]
S2 binlbjxkn;idncetc;C:\WINDOWS\system32\svchost.exe -k netsvcs [18.8.2004 13:00:00 14336]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14.11.2011 21:08:30 136176]
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys --> C:\WINDOWS\system32\Drivers\SSPORT.sys [?]
S2 uzbnxynuu;Update Network;C:\WINDOWS\system32\svchost.exe -k netsvcs [18.8.2004 13:00:00 14336]
S3 GGSAFERDriver;GGSAFER Driver;\??\C:\Garena\plugins\UI\safedrv.sys --> C:\Garena\plugins\UI\safedrv.sys [?]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30.9.2009 17:14:49 30192]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [14.11.2011 21:08:30 136176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [15.9.2011 16:43:53 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [15.9.2011 16:43:53 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [15.9.2011 16:43:53 121856]
S3 VirtDisk;XSS Virtual Disk Driver;C:\WINDOWS\SMINST\virtdisk.sys [11.2.2009 20:58:02 57344]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
Obsah adresáře 'Naplánované úlohy'
2012-01-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2011-06-01 15:57:16]
2012-02-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 20:08:30 . 2011-11-14 20:07:59]
2012-02-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-14 20:08:30 . 2011-11-14 20:07:59]
------- Doplňkový sken -------
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - C:\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - C:\MISROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Icq 7,5\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.168.1
FF - ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\fei4vske.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-NPSStartup - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 19:01:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, díky
Ještě dočistíme. otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
C:\Program Files\BabylonToolbar
C:\Documents and Settings\Lukas\Local Settings\Data aplikací\Babylon
C:\Documents and Settings\Lukas\Data aplikací\Babylon
C:\Documents and Settings\All Users\Data aplikací\Babylon
C:\Program Files\Google\Update
Collect::
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\AeroShake.lnk
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\Refresh Icon Cache.lnk
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\Styler toolbar.lnk
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\ViSplore.lnk
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\VisualTaskTips.lnk
C:\Documents and Settings\Lukas\Nabídka Start\Programy\Po spuštění\YzShadow.lnk
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
Driver::
gupdate
gupdatem
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?