Logfile of random's system information tool 1.09 (written by random/random)
Run by a at 2012-07-04 07:27:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 3318 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:28:00, on 4.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
C:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\a\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\a.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3123097578
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A3E} (SignActivX Control) - https://login.ingbusinessonline.pl/ing/ ... ivXIng.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ComarchCardServer - ComArch S.A. - C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Usbest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/a/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 10932 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-05-12 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll [2012-06-19 1811296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-05-12 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-05-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll [2012-06-19 1811296]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2009-09-03 61440]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-04-12 222776]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 1505144]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 1468256]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-06-19 939872]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
REALTEK 11n USB Wireless LAN Utility.lnk - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-07-04 07:27:51 ----D---- C:\rsit
2012-07-04 07:27:51 ----D---- C:\Program Files\trend micro
2012-07-04 07:09:01 ----SHD---- C:\RECYCLER
2012-07-04 07:07:43 ----D---- C:\Program Files\CCleaner
2012-07-03 18:14:20 ----A---- C:\ComboFix.txt
2012-07-03 17:34:10 ----A---- C:\WINDOWS\zip.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\SWSC.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\SWREG.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\sed.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\PEV.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\NIRCMD.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\MBR.exe
2012-07-03 17:34:10 ----A---- C:\WINDOWS\grep.exe
2012-07-03 17:33:48 ----D---- C:\Qoobox
2012-07-03 17:33:31 ----D---- C:\WINDOWS\erdnt
2012-07-01 10:58:15 ----D---- C:\Documents and Settings\a\Data aplikací\AVG2012
2012-07-01 10:56:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
2012-06-29 09:52:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2012-06-29 09:52:43 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2012-06-29 09:51:56 ----D---- C:\Program Files\iPod
2012-06-29 09:51:51 ----D---- C:\Program Files\iTunes
2012-06-19 15:17:10 ----D---- C:\Program Files\AVG Secure Search
======List of files/folders modified in the last 1 month======
2012-07-07 09:47:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
2012-07-06 09:49:18 ----SD---- C:\Documents and Settings\a\Data aplikací\Microsoft
2012-07-04 07:27:51 ----RD---- C:\Program Files
2012-07-04 07:27:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-04 07:14:27 ----D---- C:\Documents and Settings\a\Data aplikací\Skype
2012-07-04 07:14:19 ----D---- C:\WINDOWS
2012-07-04 07:14:19 ----A---- C:\WINDOWS\RTacDbg.txt
2012-07-04 07:13:26 ----D---- C:\WINDOWS\Temp
2012-07-04 07:11:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-04 07:09:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-07-04 07:09:29 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-07-04 07:09:10 ----D---- C:\WINDOWS\Debug
2012-07-04 07:09:02 ----D---- C:\WINDOWS\Minidump
2012-07-03 18:13:12 ----A---- C:\WINDOWS\system.ini
2012-07-03 18:11:37 ----D---- C:\WINDOWS\system32
2012-07-03 18:11:36 ----D---- C:\WINDOWS\system32\drivers
2012-07-03 18:11:36 ----D---- C:\WINDOWS\AppPatch
2012-07-03 18:11:25 ----D---- C:\Program Files\Common Files
2012-07-03 17:59:40 ----D---- C:\Config.Msi
2012-07-03 17:58:14 ----SHD---- C:\WINDOWS\Installer
2012-07-03 17:58:12 ----RD---- C:\Program Files\Skype
2012-07-03 17:57:37 ----D---- C:\Program Files\Google
2012-07-03 17:57:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2012-07-03 17:56:31 ----SD---- C:\WINDOWS\Tasks
2012-07-03 17:46:33 ----D---- C:\WINDOWS\system32\drivers\etc
2012-07-03 17:42:50 ----D---- C:\WINDOWS\system32\config
2012-07-03 17:41:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-07-03 17:34:07 ----D---- C:\WINDOWS\Prefetch
2012-07-01 11:13:34 ----D---- C:\WINDOWS\AutoLogin
2012-07-01 10:47:55 ----D---- C:\Program Files\AVG
2012-07-01 10:24:36 ----D---- C:\WINDOWS\FPSoftware
2012-06-29 10:29:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-29 09:55:55 ----D---- C:\Documents and Settings\a\Data aplikací\Apple Computer
2012-06-29 09:52:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-06-29 09:51:54 ----D---- C:\Program Files\Common Files\Apple
2012-06-29 09:51:31 ----D---- C:\Program Files\Apple Software Update
2012-06-29 09:42:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2012-06-24 08:14:51 ----A---- C:\WINDOWS\BRWMARK.INI
2012-06-24 08:14:51 ----A---- C:\WINDOWS\BRPP2KA.INI
2012-06-22 09:41:04 ----A---- C:\WINDOWS\OPLM.INI
2012-06-19 15:16:37 ----HD---- C:\WINDOWS\inf
2012-06-19 15:16:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-19 15:14:48 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-03 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-05-11 21361]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-11-05 27744]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys [2010-07-13 894696]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 catchme;catchme; \??\C:\DOCUME~1\a\LOCALS~1\Temp\catchme.sys []
S3 cxbu0wdm;CardMan 6121; C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2009-06-24 114304]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2006-02-26 21376]
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-06-05 87424]
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2009-06-27 20480]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2009-06-30 17408]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2009-06-25 11520]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys []
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-11-03 14736]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ComarchCardServer;ComarchCardServer; C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe [2009-06-05 143455]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-05-12 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
R2 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2010-01-27 45056]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-07-07 918880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-22 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Jsem sledován? Prosím kontrolu logu. Děkuji
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Jsem sledován? Prosím kontrolu logu. Děkuji
Zdravím 
Kdopak Vám poradil combofix?
Poprosím o tento log
C:\ComboFix.txt
Kdopak Vám poradil combofix?
Poprosím o tento log
C:\ComboFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Jsem sledován? Prosím kontrolu logu. Děkuji
Combofix mi nikdy neprovedl nic zlého a několikrát pomohl se srabu.
ComboFix 12-07-02.01 - a 03.07.2012 18:07:47.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3318.2706 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-03 do 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-01 08:58 . 2012-07-01 08:58 -------- d-----w- c:\documents and settings\a\Data aplikací\AVG2012
2012-07-01 08:56 . 2012-07-01 09:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2012-06-29 07:52 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-29 07:52 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-29 07:51 . 2012-06-29 07:51 -------- d-----w- c:\program files\iPod
2012-06-29 07:51 . 2012-06-29 07:52 -------- d-----w- c:\program files\iTunes
2012-06-29 07:51 . 2012-06-29 07:51 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2012-06-19 13:17 . 2012-06-19 13:17 -------- d-----w- c:\program files\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 13:14 . 2012-05-12 06:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 13:14 . 2011-08-03 07:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-12 06:56 . 2010-04-16 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-12 06:56 . 2009-09-17 23:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-23 22:55 . 2011-03-23 22:55 4143544 ----a-w- c:\program files\GarminMapUpdater_v2.5.17.exe
2010-05-04 15:25 . 2010-05-04 15:25 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-02-18 14:42 . 2010-02-18 14:42 32494896 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-12-10 18:42 . 2009-12-10 18:42 1859264 ----a-w- c:\program files\langpack.exe
2009-11-22 18:54 . 2009-11-22 18:54 10053112 ----a-w- c:\program files\picasa3-setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_15.47.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-03 15:59 . 2012-07-03 15:59 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-19 13:17 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-06-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-04-12 222776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-19 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2011-5-11 991232]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-12-1 802816]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 4:32 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2010 19:27 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 7:54 295248]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 ComarchCardServer;ComarchCardServer;c:\program files\Comarch\ComarchSmartCard\CardServer.exe [5.6.2009 13:07 143455]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [7.7.2012 9:47 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 17:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 16720]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [11.5.2011 10:22 894696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.2.2010 21:16 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12.5.2012 8:53 257224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.9.2009 19:05 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11.5.2011 9:58 167264]
S3 cxbu0wdm;CardMan 6121;c:\windows\system32\drivers\cxbu0wdm.sys [24.6.2009 11:16 114304]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [16.9.2009 15:47 21376]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [3.10.2010 18:37 87424]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [11.5.2011 10:40 20480]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [11.5.2011 10:40 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [11.5.2011 10:40 11520]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.2.2010 21:16 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 13:14]
.
2012-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:16]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... n=77ce7fb3
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A3E} - hxxps://login.ingbusinessonline.pl/ing/static/components/SignActivXIng.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 18:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-884357618-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%„%*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-823518204-884357618-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%„%*\OpenWithList]
@Class="Shell"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(352)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-07-03 18:14:19
ComboFix-quarantined-files.txt 2012-07-03 16:14
ComboFix2.txt 2012-07-03 15:51
.
Před spuštěním: Volných bajtů: 29 268 131 840
Po spuštění: Volných bajtů: 29 254 832 128
.
- - End Of File - - EB933E12BC5854E4B6056F705A31532D
ComboFix 12-07-02.01 - a 03.07.2012 18:07:47.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3318.2706 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-03 do 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-01 08:58 . 2012-07-01 08:58 -------- d-----w- c:\documents and settings\a\Data aplikací\AVG2012
2012-07-01 08:56 . 2012-07-01 09:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2012-06-29 07:52 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-29 07:52 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-29 07:51 . 2012-06-29 07:51 -------- d-----w- c:\program files\iPod
2012-06-29 07:51 . 2012-06-29 07:52 -------- d-----w- c:\program files\iTunes
2012-06-29 07:51 . 2012-06-29 07:51 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Apple Computer
2012-06-19 13:17 . 2012-06-19 13:17 -------- d-----w- c:\program files\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 13:14 . 2012-05-12 06:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 13:14 . 2011-08-03 07:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-12 06:56 . 2010-04-16 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-12 06:56 . 2009-09-17 23:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-23 22:55 . 2011-03-23 22:55 4143544 ----a-w- c:\program files\GarminMapUpdater_v2.5.17.exe
2010-05-04 15:25 . 2010-05-04 15:25 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-02-18 14:42 . 2010-02-18 14:42 32494896 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-12-10 18:42 . 2009-12-10 18:42 1859264 ----a-w- c:\program files\langpack.exe
2009-11-22 18:54 . 2009-11-22 18:54 10053112 ----a-w- c:\program files\picasa3-setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-03_15.47.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-03 15:59 . 2012-07-03 15:59 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-19 13:17 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-06-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-04-12 222776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-19 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2011-5-11 991232]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-12-1 802816]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 4:32 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2010 19:27 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 7:54 295248]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 84520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 6:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 ComarchCardServer;ComarchCardServer;c:\program files\Comarch\ComarchSmartCard\CardServer.exe [5.6.2009 13:07 143455]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [7.7.2012 9:47 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.3.2011 17:17 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 16720]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [11.5.2011 10:22 894696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.2.2010 21:16 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12.5.2012 8:53 257224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16.9.2009 19:05 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11.5.2011 9:58 167264]
S3 cxbu0wdm;CardMan 6121;c:\windows\system32\drivers\cxbu0wdm.sys [24.6.2009 11:16 114304]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [16.9.2009 15:47 21376]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [3.10.2010 18:37 87424]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [11.5.2011 10:40 20480]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [11.5.2011 10:40 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [11.5.2011 10:40 11520]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1.2.2010 21:16 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 13:14]
.
2012-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:16]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... n=77ce7fb3
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A3E} - hxxps://login.ingbusinessonline.pl/ing/static/components/SignActivXIng.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 18:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-884357618-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%„%*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-823518204-884357618-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*„%„%*\OpenWithList]
@Class="Shell"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(352)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-07-03 18:14:19
ComboFix-quarantined-files.txt 2012-07-03 16:14
ComboFix2.txt 2012-07-03 15:51
.
Před spuštěním: Volných bajtů: 29 268 131 840
Po spuštění: Volných bajtů: 29 254 832 128
.
- - End Of File - - EB933E12BC5854E4B6056F705A31532D
Re: Jsem sledován? Prosím kontrolu logu. Děkuji
To možná ano, ale několikrát měl bugy, kdy uživateli smazal důležité soubory a systém již nenabootoval. navíc nemaže vše, něco je potřeba domazat přes skript.
Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?