Zdravím, prosím o kontrolu logu. PC vytuhne vždy na pár desitek sekund, do minuty se rozjede, pak opět vytuhne.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jan at 2012-06-19 14:33:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (19%) free of 29 GB
Total RAM: 2038 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:33:49, on 19.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies\Education Software\UCService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
C:\RSIT.exe
C:\Program Files\trend micro\Jan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1c9e2daa457128c) (gupdate1c9e2daa457128c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\Education Software\UCService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
--
End of file - 5908 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
SMART Notebook Download Utility - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2011-06-23 226160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-09 7311360]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-02 17530368]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-22 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-22 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-22 137752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2005-12-09 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools]
C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [2011-06-23 9800560]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-18 208896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SMART Technologies\Education Software\UCGui.exe"="C:\Program Files\SMART Technologies\Education Software\UCGui.exe:*:Enabled:SMART Universal Controller Interface"
"C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent"
"C:\Program Files\SMART Technologies\Education Software\UCService.exe"="C:\Program Files\SMART Technologies\Education Software\UCService.exe:*:Enabled:SMART Display Controller Service"
"C:\Program Files\SMART Technologies\Education Software\VantageService.exe"="C:\Program Files\SMART Technologies\Education Software\VantageService.exe:*:Enabled:SMART Vantage Service"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
======List of files/folders created in the last 1 month======
2012-06-19 14:23:08 ----D---- C:\Program Files\trend micro
2012-06-19 14:23:07 ----D---- C:\rsit
2012-06-19 14:18:24 ----A---- C:\RSIT.exe
2012-06-18 20:57:27 ----SHD---- C:\RECYCLER
2012-06-18 20:54:12 ----D---- C:\WINDOWS\temp
2012-06-18 20:54:08 ----A---- C:\ComboFix.txt
2012-06-18 20:30:20 ----A---- C:\WINDOWS\zip.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\SWSC.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\SWREG.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\sed.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\PEV.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\NIRCMD.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\MBR.exe
2012-06-18 20:30:20 ----A---- C:\WINDOWS\grep.exe
2012-06-18 20:29:41 ----D---- C:\Qoobox
2012-06-18 20:29:10 ----D---- C:\WINDOWS\erdnt
2012-06-18 16:04:10 ----D---- C:\Documents and Settings\Jan\Data aplikací\TeamViewer
2012-06-18 16:04:00 ----D---- C:\Program Files\TeamViewer
2012-06-14 18:39:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
======List of files/folders modified in the last 1 month======
2012-06-19 14:33:20 ----A---- C:\WINDOWS\Filzip.ini
2012-06-19 14:23:08 ----RD---- C:\Program Files
2012-06-19 14:10:58 ----D---- C:\WINDOWS\Prefetch
2012-06-19 14:06:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-19 14:03:22 ----RD---- C:\Program Files\Skype
2012-06-19 14:03:22 ----D---- C:\Config.Msi
2012-06-19 14:03:20 ----SHD---- C:\WINDOWS\Installer
2012-06-19 14:02:38 ----D---- C:\Documents and Settings\Jan\Data aplikací\go
2012-06-19 14:00:39 ----D---- C:\WINDOWS\system32\drivers
2012-06-19 10:14:44 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-18 22:05:38 ----D---- C:\WINDOWS
2012-06-18 21:18:20 ----A---- C:\WINDOWS\wincmd.ini
2012-06-18 21:16:24 ----D---- C:\Program Files\Google
2012-06-18 20:57:29 ----D---- C:\Documents and Settings\Jan\Data aplikací\Skype
2012-06-18 20:50:17 ----A---- C:\WINDOWS\system.ini
2012-06-18 20:49:59 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-18 20:49:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-18 20:49:06 ----D---- C:\WINDOWS\system32
2012-06-18 20:46:07 ----D---- C:\WINDOWS\AppPatch
2012-06-18 20:46:01 ----D---- C:\Program Files\Common Files
2012-05-20 09:37:22 ----D---- C:\MyWorks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-03-16 99840]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2006-07-24 36528]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-12-05 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2007-03-20 16384]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\drivers\HidUsb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-18 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-04 5045760]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-05 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Jan\LOCALS~1\Temp\catchme.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-09 3536768]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-07 44768]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2011-07-13 1761136]
R2 SMART Display Controller;SMART Display Controller; C:\Program Files\SMART Technologies\Education Software\UCService.exe [2011-07-13 311664]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9e2daa457128c;Služba Google Update (gupdate1c9e2daa457128c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-09 131139]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
ComboFix 12-06-16.02 - Jan 18.06.2012 20:38:58.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1175 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jan\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Plocha\XPSecurityCenter.lnk
c:\documents and settings\Jan\Cookies\uwyt.com
c:\documents and settings\Jan\Cookies\uzizuxequ.inf
c:\documents and settings\Jan\WINDOWS
c:\program files\XPSecurityCenter
c:\program files\XPSecurityCenter\comp.dat
c:\program files\XPSecurityCenter\data\daily.cvd
c:\program files\XPSecurityCenter\htmlayout.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\XPSecurityCenter\pthreadVC2.dll
c:\program files\XPSecurityCenter\un.ico
c:\program files\XPSecurityCenter\unzip32.dll
c:\program files\XPSecurityCenter\XP_SecurityCenter.cfg
c:\windows\cadawupy.exe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-18 do 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 14:04 . 2012-06-18 14:04 -------- d-----w- c:\documents and settings\Jan\Data aplikací\TeamViewer
2012-06-18 14:04 . 2012-06-18 14:04 -------- d-----w- c:\program files\TeamViewer
2012-06-14 16:39 . 2012-06-14 16:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 16:39 . 2012-06-14 16:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 15:32 . 2008-09-04 15:32 13962 ----a-w- c:\program files\Common Files\ykuca.com
2008-09-04 15:32 . 2008-09-04 15:32 15923 ----a-w- c:\program files\Common Files\apofehum.bin
2004-03-11 11:27 . 2006-06-26 08:02 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"nwiz"="nwiz.exe" [2005-12-09 1519616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-22 137752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-12-09 19:06 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 15:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools]
2011-06-23 14:28 9800560 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.6.2011 17:14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.9.2008 20:27 337880]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.9.2008 20:27 20696]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [13.7.2011 22:14 311664]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [7.10.2008 18:33 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [7.10.2008 18:33 9856]
S2 gupdate1c9e2daa457128c;Služba Google Update (gupdate1c9e2daa457128c);c:\program files\Google\Update\GoogleUpdate.exe [1.6.2009 19:01 133104]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [18.6.2012 16:04 2666880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.9.2009 2:55 1684736]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [7.10.2008 18:33 17408]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.6.2009 19:01 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 17:01]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 17:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-InfoMapa Speciál - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-06-18 20:54:06
ComboFix-quarantined-files.txt 2012-06-18 18:54
.
Před spuštěním: 2 758 373 376
Po spuštění: 3 670 843 392
.
- - End Of File - - DAA5C4EAF9E1E9386D8B608F6000BEBC
info.txt logfile of random's system information tool 1.09 2012-06-19 14:33:51
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex
Adobe Reader 6.0 CE-->MsiExec.exe /I{AC76BA86-7AD7-1029-7646-CE0000000001}
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x5
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DMIView-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\DMIView\Uninst.isu"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Filzip 3.04-->"C:\Program Files\Filzip\unins000.exe"
Fotolab Fotosvet 3-->"C:\Program Files\Fotolab\Fotolab Fotosvet 3\uninstall.exe"
Fotolab Fotosvet 4-->"C:\Program Files\Fotolab\Fotolab Fotosvet 3\uninstall.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
ioCentre-->C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\setup.exe -runfromtemp -l0x0005 -removeonly
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
OLYMPUS muvee theaterPack-->MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0005 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
SMART Common Platform-->MsiExec.exe /X{0E5DD7A3-BE29-430C-970B-C553F4A58C39}
SMART Czech Language Pack-->MsiExec.exe /X{65F93E53-1BF8-42CC-B34E-ADE8F38A5DDD}
SMART Notebook-->MsiExec.exe /X{ED0FF410-41B9-441F-B457-4AC81782E8BF}
SMART Product Drivers-->MsiExec.exe /X{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}
TeamViewer 7-->C:\Program Files\TeamViewer\Version7\uninstall.exe
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Total Video Player 1.0-->"C:\Program Files\Total Video Player\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zoner Media Explorer 6-->MsiExec.exe /X{766D51EF-3F9E-490F-8490-0F24910F18BC}
======Security center information======
AV: avast! Antivirus
======System event log======
Computer Name: HOME
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno
Record Number: 5
Source Name: Service Control Manager
Time Written: 20120612082607.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 4201
Message: Sytém zjistil, že síťový adaptér \DEVICE\TCPIP_{DDC81D51-FCF0-40A3-BE2E-847571EFE7B1} byl připojen k síti
a inicializoval normální činnost přes síťový adaptér.
Record Number: 4
Source Name: Tcpip
Time Written: 20120612082556.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 10
Message: Neprokázalo se, že by tato jednotka podporovala digitální přehrávání zvuku.
Record Number: 3
Source Name: redbook
Time Written: 20120612082556.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 2
Source Name: EventLog
Time Written: 20120612082553.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20120612082553.000000+120
Event Type: Informace
User:
=====Application event log=====
Computer Name: HOME
Event Code: 0
Message:
Record Number: 5
Source Name: SMART Display Controller
Time Written: 20120619075605.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 0
Message:
Record Number: 4
Source Name: SMART Display Controller
Time Written: 20120619075605.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 0
Message:
Record Number: 3
Source Name: SMART Display Controller
Time Written: 20120619075605.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 0
Message:
Record Number: 2
Source Name: hpqddsvc
Time Written: 20120619075553.000000+120
Event Type: Informace
User:
Computer Name: HOME
Event Code: 0
Message:
Record Number: 1
Source Name: gupdate1c9e2daa457128c
Time Written: 20120619075547.000000+120
Event Type: Informace
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu, pomalé
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu, pomalé
Také zdravím!
Jelikož jste včera provedl sken ComboFix, smazal jste všechny stopy, po případné nákaze. RSIT tedy nic neodhalí. Dejte log ComboFix. Měl by být v c:\combofix.txt.
Jelikož jste včera provedl sken ComboFix, smazal jste všechny stopy, po případné nákaze. RSIT tedy nic neodhalí. Dejte log ComboFix. Měl by být v c:\combofix.txt.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu, pomalé
ComboFix 12-06-16.02 - Jan 18.06.2012 20:38:58.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1175 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jan\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Plocha\XPSecurityCenter.lnk
c:\documents and settings\Jan\Cookies\uwyt.com
c:\documents and settings\Jan\Cookies\uzizuxequ.inf
c:\documents and settings\Jan\WINDOWS
c:\program files\XPSecurityCenter
c:\program files\XPSecurityCenter\comp.dat
c:\program files\XPSecurityCenter\data\daily.cvd
c:\program files\XPSecurityCenter\htmlayout.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\XPSecurityCenter\pthreadVC2.dll
c:\program files\XPSecurityCenter\un.ico
c:\program files\XPSecurityCenter\unzip32.dll
c:\program files\XPSecurityCenter\XP_SecurityCenter.cfg
c:\windows\cadawupy.exe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-18 do 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 14:04 . 2012-06-18 14:04 -------- d-----w- c:\documents and settings\Jan\Data aplikací\TeamViewer
2012-06-18 14:04 . 2012-06-18 14:04 -------- d-----w- c:\program files\TeamViewer
2012-06-14 16:39 . 2012-06-14 16:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 16:39 . 2012-06-14 16:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 15:32 . 2008-09-04 15:32 13962 ----a-w- c:\program files\Common Files\ykuca.com
2008-09-04 15:32 . 2008-09-04 15:32 15923 ----a-w- c:\program files\Common Files\apofehum.bin
2004-03-11 11:27 . 2006-06-26 08:02 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"nwiz"="nwiz.exe" [2005-12-09 1519616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-22 137752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-12-09 19:06 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 15:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools]
2011-06-23 14:28 9800560 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.6.2011 17:14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.9.2008 20:27 337880]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.9.2008 20:27 20696]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [13.7.2011 22:14 311664]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [7.10.2008 18:33 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [7.10.2008 18:33 9856]
S2 gupdate1c9e2daa457128c;Služba Google Update (gupdate1c9e2daa457128c);c:\program files\Google\Update\GoogleUpdate.exe [1.6.2009 19:01 133104]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [18.6.2012 16:04 2666880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.9.2009 2:55 1684736]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [7.10.2008 18:33 17408]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.6.2009 19:01 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 17:01]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 17:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-InfoMapa Speciál - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-06-18 20:54:06
ComboFix-quarantined-files.txt 2012-06-18 18:54
.
Před spuštěním: 2 758 373 376
Po spuštění: 3 670 843 392
.
- - End Of File - - DAA5C4EAF9E1E9386D8B608F6000BEBC
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1175 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jan\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Plocha\XPSecurityCenter.lnk
c:\documents and settings\Jan\Cookies\uwyt.com
c:\documents and settings\Jan\Cookies\uzizuxequ.inf
c:\documents and settings\Jan\WINDOWS
c:\program files\XPSecurityCenter
c:\program files\XPSecurityCenter\comp.dat
c:\program files\XPSecurityCenter\data\daily.cvd
c:\program files\XPSecurityCenter\htmlayout.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\XPSecurityCenter\pthreadVC2.dll
c:\program files\XPSecurityCenter\un.ico
c:\program files\XPSecurityCenter\unzip32.dll
c:\program files\XPSecurityCenter\XP_SecurityCenter.cfg
c:\windows\cadawupy.exe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-18 do 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 14:04 . 2012-06-18 14:04 -------- d-----w- c:\documents and settings\Jan\Data aplikací\TeamViewer
2012-06-18 14:04 . 2012-06-18 14:04 -------- d-----w- c:\program files\TeamViewer
2012-06-14 16:39 . 2012-06-14 16:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 16:39 . 2012-06-14 16:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 15:32 . 2008-09-04 15:32 13962 ----a-w- c:\program files\Common Files\ykuca.com
2008-09-04 15:32 . 2008-09-04 15:32 15923 ----a-w- c:\program files\Common Files\apofehum.bin
2004-03-11 11:27 . 2006-06-26 08:02 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"nwiz"="nwiz.exe" [2005-12-09 1519616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-22 137752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-12-09 19:06 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 15:35 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools]
2011-06-23 14:28 9800560 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.6.2011 17:14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.9.2008 20:27 337880]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 11:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 11:05 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.9.2008 20:27 20696]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [13.7.2011 22:14 311664]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [7.10.2008 18:33 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [7.10.2008 18:33 9856]
S2 gupdate1c9e2daa457128c;Služba Google Update (gupdate1c9e2daa457128c);c:\program files\Google\Update\GoogleUpdate.exe [1.6.2009 19:01 133104]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [18.6.2012 16:04 2666880]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.9.2009 2:55 1684736]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [7.10.2008 18:33 17408]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.6.2009 19:01 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 17:01]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 17:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-InfoMapa Speciál - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-06-18 20:54:06
ComboFix-quarantined-files.txt 2012-06-18 18:54
.
Před spuštěním: 2 758 373 376
Po spuštění: 3 670 843 392
.
- - End Of File - - DAA5C4EAF9E1E9386D8B608F6000BEBC
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu, pomalé
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\program files\Common Files\ykuca.com
c:\program files\Common Files\apofehum.bin
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?