Dobrý den,
můj letitý PC mi do nedávna běžel jak má, ale poslední týden nejdřív AVAST opakovaně po restartu hlásil nějakého trojana (nemůžu dohledat název), kterého údajně hodil do trezoru, posléze se začaly kousat webové prohlížeče a teď už se kouše celý PC... Zkoušel jsem i Spy Emergency, ale nic nenašel.
Děkuji za každou radu.
Nevím, jestli toto je ten správný report, nejsem velký odborník na PC (jméno a příjmení jsem změnil na xxxx yyyy):
Logfile of random's system information tool 1.09 (written by random/random)
Run by xxxx yyyy at 2012-08-09 16:29:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (35%) free of 76 GB
Total RAM: 1022 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:29:49, on 9.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\VRO200~1\Vyroci.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\winKeyLock\winKeyLock.exe
C:\Program Files\Tapety 2.12\Tapety.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxxx yyyy\Desktop\RSIT.exe
C:\Program Files\trend micro\xxxx yyyy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svátky a výročí] C:\PROGRA~1\VRO200~1\Vyroci.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tapety 2.12.lnk = C:\Program Files\Tapety 2.12\Tapety.exe
O4 - Startup: Zástupce - Kalendar.lnk = C:\Program Files\Liturgicky kalendar\Kalendar.exe
O4 - Global Startup: winKeyLock.lnk = C:\Program Files\winKeyLock\winKeyLock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8946114656
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam-km.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
--
End of file - 8477 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\xxxx yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default
prefs.js - "browser.startup.homepage" - "http://www.predpoved.unas.cz/aktual/index.html"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"ClickPotatoLite@ClickPotatoLite.com"=C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
npPDFXCviewNPPlugin.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\xxxx yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\extensions\
cs@dictionaries.addons.mozilla.org
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll [2011-08-17 734048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-13 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-13 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-13 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll [2011-09-30 194848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll [2011-08-17 734048]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-03-04 512000]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2011-10-07 544768]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Svátky a výročí"=C:\PROGRA~1\VRO200~1\Vyroci.exe [1999-11-25 1876992]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2012-07-20 12218904]
"Google Update"=C:\Documents and Settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-07 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2012-04-18 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2012-07-05 2433408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2009-06-26 757248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
C:\PROGRA~1\TEXTBR~1\Bin\TBMenu.exe [1998-02-19 23552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^xxxx yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
C:\PROGRA~1\NONOBL~1\vesmir.exe [2003-11-29 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^xxxx yyyy^Start Menu^Programs^Startup^Watch.lnk]
C:\WINDOWS\twain_32\A4CIS\WATCH.exe [1998-06-12 176640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2
"ehSched"=2
"ehRecvr"=2
"MSCamSvc"=2
"JavaQuickStarterService"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
winKeyLock.lnk - C:\Program Files\winKeyLock\winKeyLock.exe
C:\Documents and Settings\xxxx yyyy\Start Menu\Programs\Startup
Tapety 2.12.lnk - C:\Program Files\Tapety 2.12\Tapety.exe
Zástupce - Kalendar.lnk - C:\Program Files\Liturgicky kalendar\Kalendar.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"D:\Installation\Setupx.exe"="D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\yyyyovi\Hry\blobby\volley.exe"="C:\yyyyovi\Hry\blobby\volley.exe:*:Disabled:volley"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\Program Files\GigaByte\VGA Utility Manager\gvupdate.exe"="C:\Program Files\GigaByte\VGA Utility Manager\gvupdate.exe:*:Enabled:gvupdate"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\EasySetupAssistant\wr741n\EasySetupAssistant.exe"="D:\EasySetupAssistant\wr741n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe"="C:\Program Files\Canon\EOS Utility\WFTPairing\EOSUPNPSV.exe:LocalSubNet:Enabled:Canon EOS UPNP Detector"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======List of files/folders created in the last 1 month======
2012-08-09 16:29:28 ----D---- C:\Program Files\trend micro
2012-08-09 16:29:27 ----D---- C:\rsit
2012-08-07 23:22:26 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-07 23:22:25 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-07 23:22:22 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-07 23:22:21 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-07 23:22:21 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-08-07 23:22:20 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-07 23:22:20 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-07 23:22:19 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-07 23:21:33 ----A---- C:\WINDOWS\avastSS.scr
2012-08-07 23:21:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-07 20:20:09 ----D---- C:\Documents and Settings\xxxx yyyy\Application Data\Spy Emergency
2012-08-07 20:20:05 ----A---- C:\WINDOWS\system32\drivers\spyemrg_guard.sys
2012-08-07 20:20:05 ----A---- C:\WINDOWS\system32\drivers\spyemrg_access.sys
2012-08-07 20:20:05 ----A---- C:\WINDOWS\system32\drivers\spyemrg.sys
2012-08-07 20:20:04 ----D---- C:\Documents and Settings\All Users\Application Data\NETGATE
2012-08-07 20:19:52 ----D---- C:\Program Files\NETGATE
2012-08-07 19:57:16 ----D---- C:\Documents and Settings\xxxx yyyy\Application Data\ElevatedDiagnostics
2012-08-07 19:56:04 ----D---- C:\WINDOWS\system32\windowspowershell
2012-08-07 19:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2012-08-05 20:09:54 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-05 18:47:37 ----D---- C:\Program Files\AVAST Software
2012-08-05 18:47:37 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-08-01 21:27:53 ----D---- C:\Documents and Settings\xxxx yyyy\Application Data\MozBackup
2012-07-24 23:18:01 ----D---- C:\WINDOWS\Minidump
2012-07-11 12:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 12:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 12:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 12:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 12:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
======List of files/folders modified in the last 1 month======
2012-08-09 16:29:28 ----D---- C:\Program Files
2012-08-09 16:29:21 ----D---- C:\WINDOWS\Prefetch
2012-08-09 15:57:21 ----D---- C:\WINDOWS\system32
2012-08-09 15:05:21 ----D---- C:\WINDOWS\Temp
2012-08-09 12:51:45 ----D---- C:\Program Files\Tapety 2.12
2012-08-09 11:04:33 ----A---- C:\WINDOWS\NeroDigital.ini
2012-08-09 10:38:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-09 06:53:38 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-09 06:50:22 ----D---- C:\WINDOWS\system32\drivers
2012-08-08 23:37:32 ----D---- C:\WINDOWS
2012-08-07 23:46:09 ----SD---- C:\WINDOWS\Tasks
2012-08-07 23:22:13 ----SHD---- C:\WINDOWS\Installer
2012-08-07 23:22:11 ----D---- C:\WINDOWS\WinSxS
2012-08-07 23:17:39 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-07 22:17:26 ----SH---- C:\boot.ini
2012-08-07 22:17:26 ----A---- C:\WINDOWS\win.ini
2012-08-07 22:17:26 ----A---- C:\WINDOWS\system.ini
2012-08-07 21:53:44 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-07 21:11:44 ----HD---- C:\WINDOWS\inf
2012-08-07 20:32:41 ----RSD---- C:\WINDOWS\assembly
2012-08-07 20:32:41 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-07 19:57:38 ----D---- C:\WINDOWS\AppPatch
2012-08-07 19:56:20 ----D---- C:\WINDOWS\system32\config
2012-08-06 17:20:34 ----D---- C:\WINDOWS\pss
2012-08-06 11:56:52 ----D---- C:\WINDOWS\Registration
2012-08-05 20:09:37 ----D---- C:\Program Files\Mozilla Firefox
2012-08-04 23:02:35 ----D---- C:\WINDOWS\Debug
2012-08-03 12:34:18 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-26 17:12:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-07-25 12:51:25 ----D---- C:\Documents and Settings\xxxx yyyy\Application Data\Skype
2012-07-24 16:45:23 ----D---- C:\Program Files\Google
2012-07-11 12:06:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-11 12:06:19 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 12:01:53 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-07-03 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys [2011-04-21 14168]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608]
R2 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
R2 MA1908Driver;MA1908Driver; \??\C:\WINDOWS\system32\drivers\ma1908.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rt2870;TP-LINK Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2010-05-21 827488]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys [2011-04-21 16216]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2009-06-26 1956352]
R3 xcpip;TCP/IP Protocol Driver; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;IPSEC driver; C:\WINDOWS\system32\drivers\xpsec.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2011-04-01 48128]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2011-04-01 48128]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2012-07-04 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2012-07-04 25200]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys [2011-04-21 20056]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zcz5k4u9_.sys;zcz5k4u9_.sys; \??\C:\WINDOWS\system32\drivers\zcz5k4u9_.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-02-23 2420400]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-28 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-28 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S4 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-13 153376]
S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kouše se celý PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kouše se celý PC
Zdravím!
Poprosím o log ComboFix.
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kouše se celý PC
Vše proběhlo OK:
ComboFix 12-08-09.01 - Michal yyyy 09.08.2012 20:08:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.414 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal yyyy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_ctypes.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_elementtree.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_hashlib.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_socket.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_ssl.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\pyexpat.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\pysqlite2._sqlite.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\python26.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\pythoncom26.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\PyWinTypes26.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\select.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\unicodedata.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32api.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32com.shell.shell.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32crypt.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32event.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32file.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32inet.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32pdh.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32process.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\windows._cacheinvalidation.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._controls_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._core_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._gdi_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._html2.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._misc_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._windows_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._wizard.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxbase293u_net_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxbase293u_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_adv_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_core_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_html_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau_update.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\documents and settings\Michal yyyy\Application Data\AD ON Multimedia
c:\documents and settings\Michal yyyy\Application Data\ClickPotatoLite
c:\documents and settings\Michal yyyy\Application Data\Dealio
c:\documents and settings\Michal yyyy\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Michal yyyy\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Michal yyyy\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_ctypes.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_elementtree.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_hashlib.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_socket.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_ssl.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\pyexpat.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\pysqlite2._sqlite.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\python26.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\pythoncom26.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\PyWinTypes26.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\select.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\unicodedata.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32api.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32com.shell.shell.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32crypt.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32event.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32file.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32inet.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32pdh.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32process.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\windows._cacheinvalidation.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._controls_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._core_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._gdi_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._html2.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._misc_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._windows_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._wizard.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxbase293u_net_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxbase293u_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_adv_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_core_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_html_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_webview_vc.dll
c:\documents and settings\Michal yyyy\WINDOWS
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.6\config.ini
c:\program files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\IsUn0405.exe
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:49 . 1998-07-09 14:45 28160 ----a-w- c:\windows\UnRgS3E10.exe
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- c:\program files\trend micro
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- C:\rsit
2012-08-07 21:22 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 21:22 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-07 21:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-07 21:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-07 21:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 21:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-07 21:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-07 21:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-07 21:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 21:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-07 18:23 . 2012-08-07 18:23 -------- d-----w- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Identities
2012-08-07 18:20 . 2012-08-09 14:10 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\Spy Emergency
2012-08-07 18:20 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2012-08-07 18:20 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2012-08-07 18:20 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2012-08-07 18:20 . 2012-08-07 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGATE
2012-08-07 18:19 . 2012-08-07 18:19 -------- d-----w- c:\program files\NETGATE
2012-08-07 17:57 . 2012-08-07 17:57 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\ElevatedDiagnostics
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\program files\AVAST Software
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-01 19:27 . 2012-08-01 19:27 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\MozBackup
2012-07-27 11:50 . 2012-07-27 11:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 18:19 . 2011-10-07 16:39 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-08-09 17:17 . 2011-11-11 04:57 5112 ----a-w- c:\windows\GPCIDrv.sys
2012-08-03 10:34 . 2012-04-05 04:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 10:34 . 2011-10-22 05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 03:57 . 2012-07-04 03:57 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-04 03:57 . 2012-07-04 03:57 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-04 03:57 . 2012-07-04 03:57 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-13 16:10 . 2010-07-12 19:03 737280 ----a-w- c:\windows\iun6002.exe
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-12 14:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-12 14:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-12 14:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-12 14:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-12 14:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-12 14:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-12 14:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-12 14:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-12 16:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-12 16:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-07-12 16:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-14 00:15 . 2012-08-05 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\progra~1\VRO200~1\Vyroci.exe" [1999-11-25 1876992]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2011-10-07 544768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\
Tapety 2.12.lnk - c:\program files\Tapety 2.12\Tapety.exe [2004-10-17 211456]
Zástupce - Kalendar.lnk - c:\program files\Liturgicky kalendar\Kalendar.exe [2010-7-13 3357184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
winKeyLock.lnk - c:\program files\winKeyLock\winKeyLock.exe [2004-3-22 744448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2012-07-05 08:01 2433408 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 15:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\yyyyovi\\Hry\\blobby\\volley.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.8.2012 23:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.8.2012 23:22 353688]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [7.8.2012 20:20 14168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.8.2012 23:22 21256]
R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [3.10.2010 9:38 22528]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [7.8.2012 20:20 2420400]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.11.2011 6:57 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [7.10.2011 18:39 17962]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 6:07 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.7.2012 5:57 12400]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5.8.2012 20:09 113120]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [3.7.2012 21:52 155320]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [7.8.2012 20:20 20056]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [7.8.2012 20:20 16216]
S3 zcz5k4u9_.sys;zcz5k4u9_.sys;\??\c:\windows\system32\drivers\zcz5k4u9_.sys --> c:\windows\system32\drivers\zcz5k4u9_.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:34]
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-07 16:21]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-28 15:28]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-28 15:28]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-07 16:56]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-07 16:56]
.
2012-08-09 c:\windows\Tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.predpoved.unas.cz/aktual/index.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1176)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2012-08-09 20:30:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-09 18:30
.
Před spuštěním: 27 820 167 168 bytes free
Po spuštění: 28 265 746 432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F07AD28A8883581543A19C927BD189B8
ComboFix 12-08-09.01 - Michal yyyy 09.08.2012 20:08:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.414 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal yyyy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_ctypes.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_elementtree.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_hashlib.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_socket.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\_ssl.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\pyexpat.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\pysqlite2._sqlite.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\python26.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\pythoncom26.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\PyWinTypes26.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\select.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\unicodedata.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32api.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32com.shell.shell.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32crypt.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32event.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32file.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32inet.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32pdh.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\win32process.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\windows._cacheinvalidation.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._controls_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._core_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._gdi_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._html2.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._misc_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._windows_.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wx._wizard.pyd
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxbase293u_net_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxbase293u_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_adv_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_core_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_html_vc.dll
c:\docume~1\MICHAL~1\LOCALS~1\Temp\_MEI17122\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau_update.dat
c:\documents and settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\documents and settings\Michal yyyy\Application Data\AD ON Multimedia
c:\documents and settings\Michal yyyy\Application Data\ClickPotatoLite
c:\documents and settings\Michal yyyy\Application Data\Dealio
c:\documents and settings\Michal yyyy\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Michal yyyy\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Michal yyyy\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_ctypes.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_elementtree.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_hashlib.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_socket.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\_ssl.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\pyexpat.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\pysqlite2._sqlite.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\python26.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\pythoncom26.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\PyWinTypes26.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\select.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\unicodedata.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32api.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32com.shell.shell.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32crypt.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32event.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32file.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32inet.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32pdh.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\win32process.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\windows._cacheinvalidation.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._controls_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._core_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._gdi_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._html2.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._misc_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._windows_.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wx._wizard.pyd
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxbase293u_net_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxbase293u_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_adv_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_core_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_html_vc.dll
c:\documents and settings\Michal yyyy\Local Settings\Temp\_MEI17122\wxmsw293u_webview_vc.dll
c:\documents and settings\Michal yyyy\WINDOWS
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.6\config.ini
c:\program files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\IsUn0405.exe
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:49 . 1998-07-09 14:45 28160 ----a-w- c:\windows\UnRgS3E10.exe
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- c:\program files\trend micro
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- C:\rsit
2012-08-07 21:22 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 21:22 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-07 21:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-07 21:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-07 21:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 21:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-07 21:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-07 21:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-07 21:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 21:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-07 18:23 . 2012-08-07 18:23 -------- d-----w- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Identities
2012-08-07 18:20 . 2012-08-09 14:10 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\Spy Emergency
2012-08-07 18:20 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2012-08-07 18:20 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2012-08-07 18:20 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2012-08-07 18:20 . 2012-08-07 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGATE
2012-08-07 18:19 . 2012-08-07 18:19 -------- d-----w- c:\program files\NETGATE
2012-08-07 17:57 . 2012-08-07 17:57 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\ElevatedDiagnostics
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\program files\AVAST Software
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-01 19:27 . 2012-08-01 19:27 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\MozBackup
2012-07-27 11:50 . 2012-07-27 11:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 18:19 . 2011-10-07 16:39 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-08-09 17:17 . 2011-11-11 04:57 5112 ----a-w- c:\windows\GPCIDrv.sys
2012-08-03 10:34 . 2012-04-05 04:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 10:34 . 2011-10-22 05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 03:57 . 2012-07-04 03:57 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-04 03:57 . 2012-07-04 03:57 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-04 03:57 . 2012-07-04 03:57 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-13 16:10 . 2010-07-12 19:03 737280 ----a-w- c:\windows\iun6002.exe
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-12 14:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-12 14:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-12 14:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-12 14:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-12 14:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-12 14:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-12 14:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-12 14:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-12 16:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-12 16:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-07-12 16:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-14 00:15 . 2012-08-05 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\progra~1\VRO200~1\Vyroci.exe" [1999-11-25 1876992]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2011-10-07 544768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\
Tapety 2.12.lnk - c:\program files\Tapety 2.12\Tapety.exe [2004-10-17 211456]
Zástupce - Kalendar.lnk - c:\program files\Liturgicky kalendar\Kalendar.exe [2010-7-13 3357184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
winKeyLock.lnk - c:\program files\winKeyLock\winKeyLock.exe [2004-3-22 744448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2012-07-05 08:01 2433408 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 15:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\yyyyovi\\Hry\\blobby\\volley.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.8.2012 23:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.8.2012 23:22 353688]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [7.8.2012 20:20 14168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.8.2012 23:22 21256]
R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [3.10.2010 9:38 22528]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [7.8.2012 20:20 2420400]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.11.2011 6:57 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [7.10.2011 18:39 17962]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 6:07 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.7.2012 5:57 12400]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5.8.2012 20:09 113120]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [3.7.2012 21:52 155320]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [7.8.2012 20:20 20056]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [7.8.2012 20:20 16216]
S3 zcz5k4u9_.sys;zcz5k4u9_.sys;\??\c:\windows\system32\drivers\zcz5k4u9_.sys --> c:\windows\system32\drivers\zcz5k4u9_.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:34]
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-07 16:21]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-28 15:28]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-28 15:28]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-07 16:56]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-07 16:56]
.
2012-08-09 c:\windows\Tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.predpoved.unas.cz/aktual/index.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1176)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2012-08-09 20:30:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-09 18:30
.
Před spuštěním: 27 820 167 168 bytes free
Po spuštění: 28 265 746 432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F07AD28A8883581543A19C927BD189B8
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kouše se celý PC
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhnte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\system32\drivers\zcz5k4u9_.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
Driver::
zcz5k4u9_
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"3389:TCP"=-
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kouše se celý PC
Lepší to je, PC je rychlejší, prohlížeč FF jede celkem OK, ale youtube na Chrome se ve full zoomu seká, dřív ne. Pokračování když tak zítra...
ComboFix 12-08-09.01 - Michal yyyy 09.08.2012 21:21:52.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.484 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal yyyy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal yyyy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:49 . 1998-07-09 14:45 28160 ----a-w- c:\windows\UnRgS3E10.exe
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- c:\program files\trend micro
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- C:\rsit
2012-08-07 21:22 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 21:22 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-07 21:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-07 21:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-07 21:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 21:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-07 21:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-07 21:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-07 21:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 21:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-07 18:23 . 2012-08-07 18:23 -------- d-----w- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Identities
2012-08-07 18:20 . 2012-08-09 14:10 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\Spy Emergency
2012-08-07 18:20 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2012-08-07 18:20 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2012-08-07 18:20 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2012-08-07 18:20 . 2012-08-07 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGATE
2012-08-07 18:19 . 2012-08-07 18:19 -------- d-----w- c:\program files\NETGATE
2012-08-07 17:57 . 2012-08-07 17:57 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\ElevatedDiagnostics
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\program files\AVAST Software
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-01 19:27 . 2012-08-01 19:27 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\MozBackup
2012-07-27 11:50 . 2012-07-27 11:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 19:31 . 2011-10-07 16:39 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-08-09 18:22 . 2011-11-11 04:57 5112 ----a-w- c:\windows\GPCIDrv.sys
2012-08-03 10:34 . 2012-04-05 04:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 10:34 . 2011-10-22 05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 03:57 . 2012-07-04 03:57 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-04 03:57 . 2012-07-04 03:57 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-04 03:57 . 2012-07-04 03:57 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-12 14:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-12 14:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-12 14:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-12 14:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-12 14:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-12 14:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-12 14:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-12 14:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-12 16:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-12 16:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-07-12 16:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-14 00:15 . 2012-08-05 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\progra~1\VRO200~1\Vyroci.exe" [1999-11-25 1876992]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2011-10-07 544768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\
Tapety 2.12.lnk - c:\program files\Tapety 2.12\Tapety.exe [2004-10-17 211456]
Zástupce - Kalendar.lnk - c:\program files\Liturgicky kalendar\Kalendar.exe [2010-7-13 3357184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
winKeyLock.lnk - c:\program files\winKeyLock\winKeyLock.exe [2004-3-22 744448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2012-07-05 08:01 2433408 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 15:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\yyyyovi\\Hry\\blobby\\volley.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.8.2012 23:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.8.2012 23:22 353688]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [7.8.2012 20:20 14168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.8.2012 23:22 21256]
R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [3.10.2010 9:38 22528]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.11.2011 6:57 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [7.10.2011 18:39 17962]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [7.8.2012 20:20 16216]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 6:07 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.7.2012 5:57 12400]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5.8.2012 20:09 113120]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [7.8.2012 20:20 20056]
S3 zcz5k4u9_.sys;zcz5k4u9_.sys;\??\c:\windows\system32\drivers\zcz5k4u9_.sys --> c:\windows\system32\drivers\zcz5k4u9_.sys [?]
UnknownUnknown xcpip;xcpip; [x]
UnknownUnknown xpsec;xpsec; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:34]
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-07 16:21]
.
2012-08-09 c:\windows\Tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.predpoved.unas.cz/aktual/index.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 21:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2012-08-09 21:42:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-09 19:42
.
Před spuštěním: 28 213 444 608 bytes free
Po spuštění: Volných bajtů: 28 195 012 608
.
- - End Of File - - AE0C52C3EF00AA9EFF7B71558401EA53
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 12-08-09.01 - Michal yyyy 09.08.2012 21:21:52.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.484 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal yyyy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal yyyy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1292428093-725345543-1003UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:49 . 1998-07-09 14:45 28160 ----a-w- c:\windows\UnRgS3E10.exe
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- c:\program files\trend micro
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- C:\rsit
2012-08-07 21:22 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 21:22 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-07 21:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-07 21:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-07 21:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 21:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-07 21:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-07 21:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-07 21:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 21:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-07 18:23 . 2012-08-07 18:23 -------- d-----w- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Identities
2012-08-07 18:20 . 2012-08-09 14:10 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\Spy Emergency
2012-08-07 18:20 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2012-08-07 18:20 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2012-08-07 18:20 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2012-08-07 18:20 . 2012-08-07 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGATE
2012-08-07 18:19 . 2012-08-07 18:19 -------- d-----w- c:\program files\NETGATE
2012-08-07 17:57 . 2012-08-07 17:57 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\ElevatedDiagnostics
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\program files\AVAST Software
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-01 19:27 . 2012-08-01 19:27 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\MozBackup
2012-07-27 11:50 . 2012-07-27 11:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 19:31 . 2011-10-07 16:39 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-08-09 18:22 . 2011-11-11 04:57 5112 ----a-w- c:\windows\GPCIDrv.sys
2012-08-03 10:34 . 2012-04-05 04:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 10:34 . 2011-10-22 05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 03:57 . 2012-07-04 03:57 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-04 03:57 . 2012-07-04 03:57 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-04 03:57 . 2012-07-04 03:57 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-12 14:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-12 14:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-12 14:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-12 14:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-12 14:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-12 14:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-12 14:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-12 14:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-12 16:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-12 16:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-07-12 16:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-14 00:15 . 2012-08-05 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\progra~1\VRO200~1\Vyroci.exe" [1999-11-25 1876992]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2011-10-07 544768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\
Tapety 2.12.lnk - c:\program files\Tapety 2.12\Tapety.exe [2004-10-17 211456]
Zástupce - Kalendar.lnk - c:\program files\Liturgicky kalendar\Kalendar.exe [2010-7-13 3357184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
winKeyLock.lnk - c:\program files\winKeyLock\winKeyLock.exe [2004-3-22 744448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2012-07-05 08:01 2433408 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 15:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\yyyyovi\\Hry\\blobby\\volley.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.8.2012 23:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.8.2012 23:22 353688]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [7.8.2012 20:20 14168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.8.2012 23:22 21256]
R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [3.10.2010 9:38 22528]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.11.2011 6:57 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [7.10.2011 18:39 17962]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [7.8.2012 20:20 16216]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 6:07 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.7.2012 5:57 12400]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5.8.2012 20:09 113120]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [7.8.2012 20:20 20056]
S3 zcz5k4u9_.sys;zcz5k4u9_.sys;\??\c:\windows\system32\drivers\zcz5k4u9_.sys --> c:\windows\system32\drivers\zcz5k4u9_.sys [?]
UnknownUnknown xcpip;xcpip; [x]
UnknownUnknown xpsec;xpsec; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:34]
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-07 16:21]
.
2012-08-09 c:\windows\Tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.predpoved.unas.cz/aktual/index.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 21:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2012-08-09 21:42:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-09 19:42
.
Před spuštěním: 28 213 444 608 bytes free
Po spuštění: Volných bajtů: 28 195 012 608
.
- - End Of File - - AE0C52C3EF00AA9EFF7B71558401EA53
Nahr nˇ probŘhlo ŁspŘçnŘ
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kouše se celý PC
Zkuste spustit ještě jednou se skriptem:
KillAll::
FCopy::
c:\windows\$NtServicePackUninstall$\atapi.sys | c:\windows\system32\drivers\atapi.sys
File::
c:\windows\system32\drivers\zcz5k4u9_.sys
Driver::
zcz5k4u9_.sys
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kouše se celý PC
Zdá se mi to stejné, tedy rozhodně lepší než včera ráno, ale stále o něco horší než nastaly první problémy. PC jede slušně, prohlížeče se čas od času seknou. Ale i tak moc děkuji!
ComboFix 12-08-09.01 - Michal yyyy 10.08.2012 5:25.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.486 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal yyyy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal yyyy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\system32\drivers\zcz5k4u9_.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZCZ5K4U9_.SYS
-------\Service_xcpip
-------\Service_xpsec
-------\Service_zcz5k4u9_.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-10 do 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:49 . 1998-07-09 14:45 28160 ----a-w- c:\windows\UnRgS3E10.exe
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- c:\program files\trend micro
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- C:\rsit
2012-08-07 21:22 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 21:22 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-07 21:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-07 21:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-07 21:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 21:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-07 21:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-07 21:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-07 21:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 21:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-07 18:23 . 2012-08-07 18:23 -------- d-----w- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Identities
2012-08-07 18:20 . 2012-08-09 14:10 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\Spy Emergency
2012-08-07 18:20 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2012-08-07 18:20 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2012-08-07 18:20 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2012-08-07 18:20 . 2012-08-07 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGATE
2012-08-07 18:19 . 2012-08-07 18:19 -------- d-----w- c:\program files\NETGATE
2012-08-07 17:57 . 2012-08-07 17:57 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\ElevatedDiagnostics
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\program files\AVAST Software
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-01 19:27 . 2012-08-01 19:27 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\MozBackup
2012-07-27 11:50 . 2012-07-27 11:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 03:39 . 2011-10-07 16:39 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-08-10 03:20 . 2011-11-11 04:57 5112 ----a-w- c:\windows\GPCIDrv.sys
2012-08-03 10:34 . 2012-04-05 04:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 10:34 . 2011-10-22 05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 03:57 . 2012-07-04 03:57 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-04 03:57 . 2012-07-04 03:57 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-04 03:57 . 2012-07-04 03:57 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-12 14:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-12 14:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-12 14:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-12 14:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-12 14:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-12 14:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-12 14:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-12 14:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-12 16:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-12 16:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-07-12 16:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-14 00:15 . 2012-08-05 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_18.19.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\Temp\Perflib_Perfdata_840.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\progra~1\VRO200~1\Vyroci.exe" [1999-11-25 1876992]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2011-10-07 544768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\
Tapety 2.12.lnk - c:\program files\Tapety 2.12\Tapety.exe [2004-10-17 211456]
Zástupce - Kalendar.lnk - c:\program files\Liturgicky kalendar\Kalendar.exe [2010-7-13 3357184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
winKeyLock.lnk - c:\program files\winKeyLock\winKeyLock.exe [2004-3-22 744448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2012-07-05 08:01 2433408 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 15:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\yyyyovi\\Hry\\blobby\\volley.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.8.2012 23:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.8.2012 23:22 353688]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [7.8.2012 20:20 14168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.8.2012 23:22 21256]
R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [3.10.2010 9:38 22528]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [7.8.2012 20:20 2420400]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.11.2011 6:57 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [7.10.2011 18:39 17962]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 6:07 250056]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MICHAL~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MICHAL~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.7.2012 5:57 12400]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5.8.2012 20:09 113120]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [3.7.2012 21:52 155320]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [7.8.2012 20:20 20056]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [7.8.2012 20:20 16216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:34]
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-07 16:21]
.
2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.predpoved.unas.cz/aktual/index.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 05:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2012-08-10 05:48:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-10 03:48
.
Před spuštěním: 27 982 364 672 bytes free
Po spuštění: Volných bajtů: 28 008 992 768
.
- - End Of File - - 42E64C9A2913D40FDC37E9459A1EE040
ComboFix 12-08-09.01 - Michal yyyy 10.08.2012 5:25.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.486 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal yyyy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal yyyy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\system32\drivers\zcz5k4u9_.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZCZ5K4U9_.SYS
-------\Service_xcpip
-------\Service_xpsec
-------\Service_zcz5k4u9_.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-10 do 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-09 17:49 . 1998-07-09 14:45 28160 ----a-w- c:\windows\UnRgS3E10.exe
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- c:\program files\trend micro
2012-08-09 14:29 . 2012-08-09 14:29 -------- d-----w- C:\rsit
2012-08-07 21:22 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 21:22 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-07 21:22 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-07 21:22 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-07 21:22 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 21:22 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-07 21:22 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-07 21:22 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-07 21:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-07 21:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-07 18:23 . 2012-08-07 18:23 -------- d-----w- c:\documents and settings\Michal yyyy\Local Settings\Application Data\Identities
2012-08-07 18:20 . 2012-08-09 14:10 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\Spy Emergency
2012-08-07 18:20 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2012-08-07 18:20 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2012-08-07 18:20 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2012-08-07 18:20 . 2012-08-07 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGATE
2012-08-07 18:19 . 2012-08-07 18:19 -------- d-----w- c:\program files\NETGATE
2012-08-07 17:57 . 2012-08-07 17:57 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\ElevatedDiagnostics
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\program files\AVAST Software
2012-08-05 16:47 . 2012-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-01 19:27 . 2012-08-01 19:27 -------- d-----w- c:\documents and settings\Michal yyyy\Application Data\MozBackup
2012-07-27 11:50 . 2012-07-27 11:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 03:39 . 2011-10-07 16:39 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-08-10 03:20 . 2011-11-11 04:57 5112 ----a-w- c:\windows\GPCIDrv.sys
2012-08-03 10:34 . 2012-04-05 04:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 10:34 . 2011-10-22 05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 03:57 . 2012-07-04 03:57 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-04 03:57 . 2012-07-04 03:57 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-04 03:57 . 2012-07-04 03:57 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-13 13:19 . 2004-08-10 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-12 14:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-12 14:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-12 14:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-12 14:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-12 14:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-12 14:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-12 14:17 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-10 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-12 14:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-12 14:17 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-12 14:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-12 16:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-12 16:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-07-12 16:19 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-14 00:15 . 2012-08-05 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . F6584BD8E76EFE3FA37397D90F982265 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_18.19.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 c:\windows\Temp\Perflib_Perfdata_840.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\progra~1\VRO200~1\Vyroci.exe" [1999-11-25 1876992]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2011-10-07 544768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\
Tapety 2.12.lnk - c:\program files\Tapety 2.12\Tapety.exe [2004-10-17 211456]
Zástupce - Kalendar.lnk - c:\program files\Liturgicky kalendar\Kalendar.exe [2010-7-13 3357184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
winKeyLock.lnk - c:\program files\winKeyLock\winKeyLock.exe [2004-3-22 744448]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextBridge Instant Access OCR.lnk
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michal yyyy^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Michal yyyy\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2012-07-05 08:01 2433408 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 15:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\yyyyovi\\Hry\\blobby\\volley.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.8.2012 23:22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.8.2012 23:22 353688]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [7.8.2012 20:20 14168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.8.2012 23:22 21256]
R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [3.10.2010 9:38 22528]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [7.8.2012 20:20 2420400]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 16:42 6528]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.11.2011 6:57 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [7.10.2011 18:39 17962]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 6:07 250056]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\MICHAL~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\MICHAL~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4.7.2012 5:57 12400]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.6.2012 17:29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5.8.2012 20:09 113120]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [3.7.2012 21:52 155320]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [7.8.2012 20:20 20056]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [7.8.2012 20:20 16216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:34]
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-08-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-07 16:21]
.
2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{6CBF1AEE-01A4-4D35-9574-3981B4216B90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michal yyyy\Application Data\Mozilla\Firefox\Profiles\qvlp2gsh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.predpoved.unas.cz/aktual/index.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 05:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3780)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2012-08-10 05:48:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-10 03:48
.
Před spuštěním: 27 982 364 672 bytes free
Po spuštění: Volných bajtů: 28 008 992 768
.
- - End Of File - - 42E64C9A2913D40FDC37E9459A1EE040
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kouše se celý PC
Log je již OK. Zkuste ještě vyčistit CCleanerem: http://forum.viry.cz/viewtopic.php?f=46&t=7478 , příp.defragmentujte disk.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kouše se celý PC
Jak to tu vypadá? 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Kouše se celý PC
Dobrý den,
pro neaktivitu je toto téma uzamknuto.
Pokud ho budete chtít odemknout, kontaktujte mě na email nebo některého z mých kolegů.
Děkujeme za pochopení
pro neaktivitu je toto téma uzamknuto.
Pokud ho budete chtít odemknout, kontaktujte mě na email nebo některého z mých kolegů.
Děkujeme za pochopení
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?