I sword log.
Process:
System Idle Process
System
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\smss.exe
D:\IceSword122en\IceSword.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\program files\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\taskmgr.exe
Combofix log
ComboFix 12-11-08.01 - jajo pajo 09.11.2012 19:43:41.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.239.43 [GMT 1:00]
Running from: c:\documents and settings\jajo pajo\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\picn1020.dll
c:\windows\picn1120.dll
c:\windows\regedit.com
c:\windows\ST6UNST.000
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\DNLEng.dll
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-08 20:12 . 2012-11-08 20:40 -------- dc----w- C:\UsbFix
2012-11-07 17:59 . 2012-11-07 17:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-11-07 17:51 . 2012-11-07 17:51 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-11-07 17:51 . 2012-11-07 17:51 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-11-07 17:51 . 2012-11-07 17:51 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-11-07 17:51 . 2007-11-30 22:26 135680 ----a-w- c:\windows\system32\T.COM
2012-11-07 17:51 . 2007-11-30 22:26 146432 ----a-w- c:\windows\R.COM
2012-11-07 17:51 . 2012-11-07 17:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-11-07 17:51 . 2012-11-07 17:51 -------- dc----w- c:\documents and settings\All Users\Application Data\MicroWorld
2012-11-07 17:46 . 2012-11-07 17:46 2855 ----a-w- c:\windows\system32\mem.PIF
2012-11-07 17:44 . 2012-11-07 17:44 -------- d--h--w- c:\windows\PIF
2012-11-04 19:02 . 2012-11-05 08:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-11-04 18:48 . 2012-11-04 18:53 8192 ----a-w- c:\windows\system32\vxdblock.exe
2012-11-04 18:47 . 2012-11-04 18:58 -------- d-----w- c:\program files\Evolution Labs
2012-11-04 18:00 . 2012-11-04 18:28 -------- d-----w- c:\program files\FineRecovery
2012-11-02 21:22 . 2012-11-02 21:22 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\Serif
2012-11-02 19:58 . 2012-11-02 19:58 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-11-02 19:58 . 2012-11-02 19:58 26 ----a-w- c:\windows\dbrmdwb.bat
2012-11-02 19:58 . 2012-11-02 19:58 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-11-02 19:58 . 2012-11-02 19:58 2577888 ----a-w- c:\windows\dbplugin.ocx
2012-11-02 19:58 . 2012-11-02 19:58 1023456 ----a-w- c:\windows\dbplugin.exe
2012-11-02 19:58 . 2012-11-02 19:58 2433024 ----a-w- c:\windows\npdbplug.dll
2012-11-02 19:51 . 2012-11-02 20:06 -------- d-----w- c:\program files\DeskTopAuthor
2012-11-02 19:48 . 2012-11-02 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-02 17:14 . 2012-11-02 17:17 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\PhotoFiltre Studio X
2012-11-01 11:06 . 2012-11-01 11:06 -------- d-----w- c:\windows\Sun
2012-10-21 11:54 . 2012-10-21 11:54 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-21 11:53 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 18:14 . 2012-11-07 18:10 3660157 ----a-w- c:\windows\REGBK03.ZIP
2012-11-02 21:34 . 2012-06-03 18:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 21:34 . 2012-06-03 18:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 12:53 . 2012-09-14 12:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 12:53 . 2012-09-14 12:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 05:46 . 2012-09-14 05:43 3129338 ----a-w- c:\windows\REGBK02.ZIP
2012-09-09 12:18 . 2012-09-09 12:17 905216 ----a-w- C:\SRDownloader.exe
2012-10-27 07:35 . 2012-10-27 07:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRDownloader"="C:\SRDownloader.exe" [2012-09-09 905216]
"Gadwin PrintScreen"="d:\program files\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-24 113664]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Media Finder"="c:\program files\Media Finder\Media Finder.exe" /opentotray
"DriverMax"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"tgflkunwtunpilwq"=c:\windows\System32\regsvr32.exe /s "c:\windows\system32\zkldrkdwgxehho.dll"
"Magitime"=d:\program files\Magitime\magitime.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R3 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 19592]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:41 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 25480]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [31.5.2012 19:33 24706]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://1141/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q=
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-02 18:49; twitter.address.bar.search@firefox.twitter; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
FF - ExtSQL: 2012-11-02 18:54; searchy@searchy; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\searchy@searchy.xpi
FF - ExtSQL: 2012-11-03 17:30; autopager@mozilla.org; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-09 20:05
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-09 20:12:03
ComboFix-quarantined-files.txt 2012-11-09 19:11
.
Pre-Run: 2 252 460 032 bytes free
Post-Run: 2 123 325 440 voľných bajtov
.
- - End Of File - - B14D622F8423B50F742C3C9F838DD440
Hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:54:04, on 9.11.2012
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\program files\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
D:\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1141/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SRDownloader] C:\SRDownloader.exe /min
O4 - HKCU\..\Run: [Gadwin PrintScreen] "D:\program files\PrintScreen\PrintScreen.exe" /nosplash
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 3165 bytes
Rsit log
Logfile of random's system information tool 1.09 (written by random/random)
Run by jajo pajo at 2012-11-09 21:25:13
Systém Microsoft Windows XP Professional Service Pack 3, v.3264
System drive C: has 2 GB (28%) free of 8 GB
Total RAM: 239 MB (12% free)
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?sr ... 0.10005&q="
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=D:\program files\foxit\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Documents and Settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\searchplugins\
askcom.xml
sweetim.xml
twitter-.xml
vyhadvanie-vide-v-slube-youtube.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-24 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=3
"JavaQuickStarterService"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:LocalSubNet:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"midi1"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"MSVideo8"=
======List of files/folders created in the last 1 month======
2012-11-09 21:25:21 ----D---- C:\Program Files\trend micro
2012-11-09 21:25:13 ----DC---- C:\rsit
2012-11-09 21:02:34 ----D---- C:\Documents and Settings\jajo pajo\Application Data\EurekaLog
2012-11-09 20:18:52 ----SHDC---- C:\RECYCLER
2012-11-09 20:12:12 ----D---- C:\WINDOWS\temp
2012-11-09 20:12:06 ----AC---- C:\ComboFix.txt
2012-11-09 17:05:32 ----DC---- C:\Qoobox
2012-11-08 21:47:36 ----AC---- C:\Boot.bak
2012-11-08 21:47:16 ----RASHDC---- C:\cmdcons
2012-11-08 21:42:20 ----A---- C:\WINDOWS\SWREG.exe
2012-11-08 21:42:20 ----A---- C:\WINDOWS\PEV.exe
2012-11-08 21:42:20 ----A---- C:\WINDOWS\NIRCMD.exe
2012-11-08 21:42:20 ----A---- C:\WINDOWS\MBR.exe
2012-11-08 21:42:19 ----A---- C:\WINDOWS\zip.exe
2012-11-08 21:42:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-11-08 21:42:19 ----A---- C:\WINDOWS\SWSC.exe
2012-11-08 21:42:19 ----A---- C:\WINDOWS\sed.exe
2012-11-08 21:42:19 ----A---- C:\WINDOWS\grep.exe
2012-11-08 21:40:40 ----D---- C:\WINDOWS\erdnt
2012-11-08 21:12:47 ----AC---- C:\UsbFix.txt
2012-11-08 21:12:33 ----DC---- C:\UsbFix
2012-11-07 18:59:11 ----AD---- C:\WINDOWS\system32\runouce.exe
2012-11-07 18:51:59 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-11-07 18:51:58 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-11-07 18:51:54 ----A---- C:\WINDOWS\system32\eEmpty.exe
2012-11-07 18:51:43 ----A---- C:\WINDOWS\system32\T.COM
2012-11-07 18:51:42 ----A---- C:\WINDOWS\R.COM
2012-11-07 18:51:41 ----D---- C:\Program Files\Common Files\MicroWorld
2012-11-07 18:46:44 ----A---- C:\WINDOWS\system32\mem.PIF
2012-11-07 18:44:09 ----HD---- C:\WINDOWS\PIF
2012-11-04 20:02:11 ----D---- C:\WINDOWS\system32\appmgmt
2012-11-04 20:02:08 ----D---- C:\WINDOWS\SxsCaPendDel
2012-11-04 19:48:01 ----A---- C:\WINDOWS\system32\vxdblock.exe
2012-11-04 19:47:28 ----D---- C:\Program Files\Evolution Labs
2012-11-04 19:00:00 ----D---- C:\Program Files\FineRecovery
2012-11-04 18:40:50 ----A---- C:\WINDOWS\_delis32.ini
2012-11-02 22:22:52 ----D---- C:\Documents and Settings\jajo pajo\Application Data\Serif
2012-11-02 20:58:31 ----A---- C:\WINDOWS\dbrmdwb.exe
2012-11-02 20:58:31 ----A---- C:\WINDOWS\dbrmdwb.bat
2012-11-02 20:58:30 ----A---- C:\WINDOWS\eSellerateEngine.dll
2012-11-02 20:58:26 ----A---- C:\WINDOWS\dbplugin.exe
2012-11-02 20:58:18 ----A---- C:\WINDOWS\npdbplug.dll
2012-11-02 20:51:12 ----D---- C:\Program Files\DeskTopAuthor
2012-11-02 20:48:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-11-02 18:14:02 ----D---- C:\Documents and Settings\jajo pajo\Application Data\PhotoFiltre Studio X
2012-11-02 15:19:58 ----RSD---- C:\WINDOWS\assembly
2012-11-02 15:17:08 ----D---- C:\WINDOWS\Microsoft.NET
2012-11-01 12:06:03 ----D---- C:\WINDOWS\Sun
2012-10-27 08:32:50 ----D---- C:\Program Files\Mozilla Firefox
2012-10-21 12:54:13 ----A---- C:\WINDOWS\system32\TempWmicBatchFile.bat
2012-10-21 12:53:45 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-10-21 12:53:45 ----A---- C:\WINDOWS\system32\javaw.exe
2012-10-21 12:53:45 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 month======
2012-11-09 21:25:21 ----RD---- C:\Program Files
2012-11-09 21:25:07 ----D---- C:\WINDOWS\Prefetch
2012-11-09 21:18:16 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-09 21:09:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-09 21:05:26 ----RASHC---- C:\boot.ini
2012-11-09 21:05:26 ----AC---- C:\WINDOWS\system.ini
2012-11-09 21:05:26 ----A---- C:\WINDOWS\win.ini
2012-11-09 20:50:50 ----D---- C:\WINDOWS\system32\drivers
2012-11-09 20:12:12 ----D---- C:\WINDOWS
2012-11-09 20:09:48 ----SD---- C:\WINDOWS\Tasks
2012-11-09 20:04:51 ----D---- C:\WINDOWS\system32\drivers\etc
2012-11-09 20:03:01 ----D---- C:\WINDOWS\system32
2012-11-09 20:02:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-09 19:55:26 ----D---- C:\WINDOWS\AppPatch
2012-11-09 19:55:17 ----D---- C:\Program Files\Common Files
2012-11-08 21:43:35 ----SHD---- C:\System Volume Information
2012-11-08 21:43:35 ----D---- C:\WINDOWS\system32\Restore
2012-11-07 19:26:18 ----D---- C:\Documents and Settings\jajo pajo\Application Data\Mozilla
2012-11-04 20:04:14 ----SHD---- C:\WINDOWS\Installer
2012-11-04 20:04:13 ----DC---- C:\Config.Msi
2012-11-04 20:03:20 ----HD---- C:\Program Files\InstallShield Installation Information
2012-11-04 20:02:09 ----D---- C:\WINDOWS\WinSxS
2012-11-03 19:58:19 ----D---- C:\Documents and Settings\jajo pajo\Application Data\Thunderbird
2012-11-02 22:35:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-11-02 22:34:44 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-11-02 22:20:37 ----RSD---- C:\WINDOWS\Fonts
2012-11-02 18:14:34 ----D---- C:\Documents and Settings\jajo pajo\Application Data\Identities
2012-11-02 15:46:57 ----DC---- C:\do windowsu
2012-11-02 15:33:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-02 15:17:59 ----HD---- C:\WINDOWS\inf
2012-11-02 15:17:25 ----D---- C:\WINDOWS\system32\mui
2012-11-02 13:01:05 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-10-31 22:35:21 ----DC---- C:\Nový priečinok
2012-10-21 12:53:44 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2007-11-30 40960]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R3 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2009-09-24 29192]
R3 FlarionDTM;Flarion DTM Network Interface; C:\WINDOWS\system32\DRIVERS\FlrnDTM.sys [2005-05-26 24706]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 SiS300i;SiS300i; C:\WINDOWS\System32\DRIVERS\sis300ip.sys [2001-08-17 101760]
R3 SiS7018;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys [2001-08-17 297728]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-11-30 15104]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-11-30 14592]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2009-06-17 33800]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2009-06-17 14088]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2010-02-25 36616]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
S3 catchme;catchme; \??\C:\DOCUME~1\JAJOPA~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-11-30 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-11-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-11-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-11-30 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-11-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-11-30 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2009-06-17 14856]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2009-06-17 32392]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-11-30 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-31 115168]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-24 161768]
S4 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
-----------------EOF-----------------
Rsit info
info.txt logfile of random's system information tool 1.09 2012-11-09 21:26:13
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Advanced Performance Platform Revenuestreaming.-->C:\WINDOWS\system32\chcftacxyz.exe /u="C:\WINDOWS\system32\zkldrkdwgxehho.dll" /d="chcftacxyz"
Artweaver-->"C:\Program Files\Artweaver 0.4\unins000.exe"
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
BlueSoleil 6.4.305.0-->MsiExec.exe /X{3F0BC93F-DB14-4CBE-9E58-3861330782C0}
BurnAware Professional 5.0-->"D:\program files\BurnAware Professional\unins000.exe"
CCleaner-->"D:\program files\c cleaner\uninst.exe"
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DeskTopAuthor-->MsiExec.exe /I{C27B94AA-60AB-4B50-9D63-0928CDC889C3}
DriverMax 4-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
E.M. Total Video Player 1.31-->"D:\program files\Total Video Player\unins000.exe"
Foxit Reader 5.1-->"D:\program files\foxit\Foxit Reader\unins000.exe"
Free WMA to MP3 Converter 1.16-->"D:\program files\Free WMA to MP3 Converter\unins000.exe"
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF}
Lexmark 1200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
Light Image Resizer 4.0.4.3-->"D:\program files\Image Resizer 4\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Firefox 16.0.2 (x86 cs)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
Multimedia Net Modem USB Driver-->C:\PROGRA~1\MULTIM~1\UNWISE.EXE C:\PROGRA~1\MULTIM~1\INSTALL.LOG
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
OpenOffice.org 3.2-->MsiExec.exe /I{28B94253-5729-4C30-8DE4-F2A0A63149B0}
PC Connectivity Solution-->MsiExec.exe /I{83258E90-1F76-4E13-9F60-A0F8ED41E76F}
Picture Resize Genius 3.0-->"D:\program files\Picture Resize Genius\unins000.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
UsbFix By El Desaparecido-->C:\UsbFix\Un-UsbFix.exe
VVV (Virtual Volumes View) version 1.2-->"D:\program files\VVV (Virtual Volumes View)\unins000.exe"
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XnView 1.99.1-->"D:\program files\XnView\unins000.exe"
======Security center information======
AV: Avira Desktop
======System event log======
Computer Name: KYCKA-4JWVFDQD8
Event Code: 7036
Message: Služba IMAPI CD-Burning COM Service vstúpila do stavu Zastavené.
Record Number: 7954
Source Name: Service Control Manager
Time Written: 20121007172828.000000+120
Event Type: informácie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 7036
Message: Služba Remote Access Connection Manager vstúpila do stavu Spustené.
Record Number: 7953
Source Name: Service Control Manager
Time Written: 20121007172824.000000+120
Event Type: informácie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 825
Message: The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.
Record Number: 7952
Source Name: Rasman
Time Written: 20121007172824.000000+120
Event Type: upozornenie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 10016
Message: Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera COM s identifikátorom CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
. Toto povolenie zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.
Record Number: 7951
Source Name: DCOM
Time Written: 20121007172824.000000+120
Event Type: chyba
User: NT AUTHORITY\SYSTEM
Computer Name: KYCKA-4JWVFDQD8
Event Code: 7036
Message: Služba Computer Browser vstúpila do stavu Zastavené.
Record Number: 7950
Source Name: Service Control Manager
Time Written: 20121007172824.000000+120
Event Type: informácie
User:
=====Application event log=====
Computer Name: KYCKA-4JWVFDQD8
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby MSDTC (MSDTC).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 5
Source Name: LoadPerf
Time Written: 20120430175957.000000+120
Event Type: informácie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby TermService (Terminal Services).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 4
Source Name: LoadPerf
Time Written: 20120430175949.000000+120
Event Type: informácie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby RemoteAccess (Routing and Remote Access).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 3
Source Name: LoadPerf
Time Written: 20120430174443.000000+120
Event Type: informácie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby PSched (PSched).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 2
Source Name: LoadPerf
Time Written: 20120430174400.000000+120
Event Type: informácie
User:
Computer Name: KYCKA-4JWVFDQD8
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby RSVP (QoS RSVP).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 1
Source Name: LoadPerf
Time Written: 20120430174358.000000+120
Event Type: informácie
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\GTK\2.0\bin;D:\program files\blutut\Mobile
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 3, CentaurHauls
"PROCESSOR_REVISION"=0703
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"LANG"=cs
-----------------EOF-----------------
Hijackfree samospustane procesy
JménoUmísteníRootKey
DriverMaxHKEY_CURRENT_USER
Gadwin PrintScreen"D:\program files\PrintScreen\PrintScreen.exe"
/nosplashHKEY_CURRENT_USER
Magitimed:\program files\Magitime\magitime.exeHKEY_LOCAL_MACHINE
Media Finder"C:\Program Files\Media Finder\Media Finder.exe"
/opentotrayHKEY_CURRENT_USER
SRDownloaderC:\SRDownloader.exe /minHKEY_CURRENT_USER
SunJavaUpdateSched"C:\Program Files\Common Files\Java\Java
Update\jusched.exe"HKEY_LOCAL_MACHINE
tgflkunwtunpilwqC:\WINDOWS\System32\regsvr32.exe /s
"C:\WINDOWS\system32\zkldrkdwgxehho.dll"HKEY_LOCAL_MACHINE
Sluzby
JménoUmísteníStavSpuštení služby
.NET Runtime Optimization Service
v2.0.50727_X86C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeZastavenoUživatelsky
AFD Networking Support
EnvironmentC:\WINDOWS\System32\drivers\afd.sysSpuštenoSpustí si Windows
AlerterC:\WINDOWS\System32\svchost.exeZastavenoNespušteno
Application Layer Gateway
ServiceC:\WINDOWS\System32\alg.exeSpuštenoUživatelsky
Application ManagementC:\WINDOWS\system32\svchost.exeZastavenoUživatelsky
ASP.NET State
ServiceC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exeZastavenoUživatelsky
ATM ARP Client
ProtocolC:\WINDOWS\System32\DRIVERS\atmarpc.sysZastavenoUživatelsky
Audio Stub
DriverC:\WINDOWS\System32\DRIVERS\audstub.sysSpuštenoUživatelsky
Automatic UpdatesC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
BDA IPSinkC:\WINDOWS\System32\DRIVERS\StreamIP.sysZastavenoUživatelsky
BDA Slip De-FramerC:\WINDOWS\System32\DRIVERS\SLIP.sysZastavenoUživatelsky
BITSC:\WINDOWS\system32\svchost.exeZastavenoUživatelsky
Bluetooth Audio
ServiceC:\WINDOWS\System32\DRIVERS\blueletaudio.sysZastavenoUživatelsky
Bluetooth HID Bus
ServiceC:\WINDOWS\System32\Drivers\BtHidBus.sysSpuštenoUživatelsky
Bluetooth HID
EnumeratorC:\WINDOWS\System32\DRIVERS\vbtenum.sysZastavenoUživatelsky
Bluetooth HID Manager
ServiceC:\WINDOWS\System32\Drivers\BTHidMgr.sysZastavenoUživatelsky
Bluetooth PAN Bus
ServiceC:\WINDOWS\System32\Drivers\btnetBus.sysSpuštenoUživatelsky
Bluetooth PAN Network
AdapterC:\WINDOWS\System32\DRIVERS\btnetdrv.sysZastavenoUživatelsky
Bluetooth USB For Bluetooth
ServiceC:\WINDOWS\System32\Drivers\btcusb.sysZastavenoUživatelsky
Bluetooth VComm Manager
ServiceC:\WINDOWS\System32\Drivers\VcommMgr.sysZastavenoUživatelsky
CD-Burning Filter
DriverC:\WINDOWS\System32\DRIVERS\imapi.sysSpuštenoSpustí si Windows
CD-ROM DriverC:\WINDOWS\System32\DRIVERS\cdrom.sysSpuštenoSpustí si
Windows
ClipBookC:\WINDOWS\system32\clipsrv.exeZastavenoUživatelsky
Closed Caption
DecoderC:\WINDOWS\System32\DRIVERS\CCDECODE.sysZastavenoUživatelsky
COM+ Event SystemC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
COM+ System ApplicationC:\WINDOWS\system32\dllhost.exeZastavenoUživatelsky
Computer BrowserC:\WINDOWS\system32\svchost.exeZastavenoSamospuštení
CryptSvcC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
DCOM Server Process
LauncherC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
DHCP ClientC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Digital CD Audio Playback Filter
DriverC:\WINDOWS\System32\DRIVERS\redbook.sysSpuštenoSpustí si Windows
Direct ParallelC:\WINDOWS\System32\DRIVERS\raspti.sysSpuštenoUživatelsky
Direct Parallel Link
DriverC:\WINDOWS\System32\DRIVERS\ptilink.sysSpuštenoUživatelsky
Disk DriverC:\WINDOWS\System32\DRIVERS\disk.sysSpuštenoSpolu s Windows
Distributed Link Tracking
ClientC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
Distributed Transaction
CoordinatorC:\WINDOWS\System32\msdtc.exeZastavenoUživatelsky
DNS ClientC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Error Reporting ServiceC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Event LogC:\WINDOWS\system32\services.exeSpuštenoSamospuštení
Extensible Authentication Protocol
ServiceC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Fast User Switching
CompatibilityC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
Flarion DTM Network
InterfaceC:\WINDOWS\System32\DRIVERS\FlrnDTM.sysSpuštenoUživatelsky
Floppy Disk Controller
DriverC:\WINDOWS\System32\DRIVERS\fdc.sysSpuštenoUživatelsky
Floppy Disk
DriverC:\WINDOWS\System32\DRIVERS\flpydisk.sysSpuštenoUživatelsky
FltMgrC:\WINDOWS\System32\drivers\fltmgr.sysSpuštenoSpolu s Windows
Game Port
EnumeratorC:\WINDOWS\System32\DRIVERS\gameenum.sysSpuštenoUživatelsky
Generic Packet
ClassifierC:\WINDOWS\System32\DRIVERS\msgpc.sysSpuštenoUživatelsky
Health Key and Certificate Management
ServiceC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Help and SupportC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
HID Input ServiceC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
HTTPC:\WINDOWS\System32\Drivers\HTTP.sysSpuštenoUživatelsky
HTTP SSLC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
i8042 Keyboard and PS/2 Mouse Port
DriverC:\WINDOWS\System32\DRIVERS\i8042prt.sysSpuštenoSpustí si Windows
IMAPI CD-Burning COM
ServiceC:\WINDOWS\system32\imapi.exeZastavenoUživatelsky
Indexing ServiceC:\WINDOWS\system32\cisvc.exeZastavenoUživatelsky
IP in IP Tunnel
DriverC:\WINDOWS\System32\DRIVERS\ipinip.sysZastavenoUživatelsky
IP Network Address
TranslatorC:\WINDOWS\System32\DRIVERS\ipnat.sysSpuštenoUživatelsky
IP Traffic Filter
DriverC:\WINDOWS\System32\DRIVERS\ipfltdrv.sysZastavenoUživatelsky
IPSEC driverC:\WINDOWS\System32\DRIVERS\ipsec.sysSpuštenoSpustí si Windows
IPSEC ServicesC:\WINDOWS\system32\lsass.exeSpuštenoSamospuštení
IPv6 Windows Firewall
DriverC:\WINDOWS\System32\drivers\ip6fw.sysZastavenoUživatelsky
IPX Traffic Filter
DriverC:\WINDOWS\System32\DRIVERS\nwlnkflt.sysZastavenoUživatelsky
IPX Traffic Forwarder
DriverC:\WINDOWS\System32\DRIVERS\nwlnkfwd.sysZastavenoUživatelsky
IR Enumerator
ServiceC:\WINDOWS\System32\DRIVERS\irenum.sysZastavenoUživatelsky
IVT Bluetooth Bus
ServiceC:\WINDOWS\System32\Drivers\IvtBtBus.sysSpuštenoUživatelsky
Java Quick StarterC:\Program
Files\Java\jre7\bin\jqs.exeZastavenoNespušteno
Keyboard Class
DriverC:\WINDOWS\System32\DRIVERS\kbdclass.sysSpuštenoSpustí si Windows
Keyboard HID DriverC:\WINDOWS\System32\DRIVERS\kbdhid.sysZastavenoSpustí
si Windows
LexBce ServerC:\WINDOWS\system32\LEXBCES.EXEZastavenoNespušteno
Logical Disk ManagerC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Logical Disk Manager Administrative
ServiceC:\WINDOWS\System32\dmadmin.exeZastavenoUživatelsky
Logical Disk Manager
DriverC:\WINDOWS\System32\drivers\dmio.sysSpuštenoSpolu s Windows
MessengerC:\WINDOWS\system32\svchost.exeZastavenoNespušteno
Microcode Update
DriverC:\WINDOWS\System32\DRIVERS\update.sysSpuštenoUživatelsky
Microsoft ACPI DriverC:\WINDOWS\System32\DRIVERS\ACPI.sysSpuštenoSpolu s
Windows
Microsoft HID Class
DriverC:\WINDOWS\System32\DRIVERS\hidusb.sysZastavenoUživatelsky
Microsoft Kernel Acoustic Echo
CancellerC:\WINDOWS\System32\drivers\aec.sysZastavenoUživatelsky
Microsoft Kernel Audio
SplitterC:\WINDOWS\System32\drivers\splitter.sysZastavenoUživatelsky
Microsoft Kernel DLS
SyntheiszerC:\WINDOWS\System32\drivers\DMusic.sysZastavenoUživatelsky
Microsoft Kernel DRM Audio
DescramblerC:\WINDOWS\System32\drivers\drmkaud.sysZastavenoUživatelsky
Microsoft Kernel GS Wavetable
SynthesizerC:\WINDOWS\System32\drivers\swmidi.sysZastavenoUživatelsky
Microsoft Kernel System Audio
DeviceC:\WINDOWS\System32\drivers\sysaudio.sysSpuštenoUživatelsky
Microsoft Kernel Wave Audio
MixerC:\WINDOWS\System32\drivers\kmixer.sysSpuštenoUživatelsky
Microsoft MPU-401 MIDI UART
DriverC:\WINDOWS\System32\drivers\msmpu401.sysSpuštenoUživatelsky
Microsoft Streaming Clock
ProxyC:\WINDOWS\System32\drivers\MSPCLOCK.sysZastavenoUživatelsky
Microsoft Streaming Quality Manager
ProxyC:\WINDOWS\System32\drivers\MSPQM.sysZastavenoUživatelsky
Microsoft Streaming Service
ProxyC:\WINDOWS\System32\drivers\MSKSSRV.sysZastavenoUživatelsky
Microsoft Streaming Tee/Sink-to-Sink
ConverterC:\WINDOWS\System32\drivers\MSTEE.sysZastavenoUživatelsky
Microsoft System Management BIOS
DriverC:\WINDOWS\System32\DRIVERS\mssmbios.sysSpuštenoUživatelsky
Microsoft USB Generic Parent
DriverC:\WINDOWS\System32\DRIVERS\usbccgp.sysZastavenoUživatelsky
Microsoft USB Open Host Controller Miniport
DriverC:\WINDOWS\System32\DRIVERS\usbohci.sysSpuštenoUživatelsky
Microsoft USB PRINTER
ClassC:\WINDOWS\System32\DRIVERS\usbprint.sysZastavenoUživatelsky
Microsoft USB Standard Hub
DriverC:\WINDOWS\System32\DRIVERS\usbhub.sysSpuštenoUživatelsky
Microsoft WINMM WDM Audio Compatibility
DriverC:\WINDOWS\System32\drivers\wdmaud.sysSpuštenoUživatelsky
Mouse Class DriverC:\WINDOWS\System32\DRIVERS\mouclass.sysSpuštenoSpustí
si Windows
MRXSMBC:\WINDOWS\System32\DRIVERS\mrxsmb.sysSpuštenoSpustí si Windows
MS Software Shadow Copy
ProviderC:\WINDOWS\System32\dllhost.exeZastavenoUživatelsky
NDIS Usermode I/O
ProtocolC:\WINDOWS\System32\DRIVERS\ndisuio.sysSpuštenoUživatelsky
Net LogonC:\WINDOWS\system32\lsass.exeZastavenoUživatelsky
NetBIOS InterfaceC:\WINDOWS\System32\DRIVERS\netbios.sysSpuštenoSpustí si
Windows
NetBios over TcpipC:\WINDOWS\System32\DRIVERS\netbt.sysSpuštenoSpustí si
Windows
NetMeeting Remote Desktop
SharingC:\WINDOWS\System32\mnmsrvc.exeZastavenoUživatelsky
Network Access Protection
AgentC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Network ConnectionsC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
Network DDEC:\WINDOWS\system32\netdde.exeZastavenoNespušteno
Network DDE DSDMC:\WINDOWS\system32\netdde.exeZastavenoNespušteno
Network Location Awareness
(NLA)C:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
Network Provisioning
ServiceC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
NT LM Security Support
ProviderC:\WINDOWS\System32\lsass.exeZastavenoUživatelsky
Parallel port
driverC:\WINDOWS\System32\DRIVERS\parport.sysSpuštenoUživatelsky
PCCS Mode Change Filter
DriverC:\WINDOWS\System32\DRIVERS\pccsmcfd.sysZastavenoUživatelsky
PCI Bus DriverC:\WINDOWS\System32\DRIVERS\pci.sysSpuštenoSpolu s Windows
Performance Logs and
AlertsC:\WINDOWS\system32\smlogsvc.exeZastavenoUživatelsky
Plug and PlayC:\WINDOWS\system32\services.exeSpuštenoSamospuštení
PnP ISA/EISA Bus DriverC:\WINDOWS\System32\DRIVERS\isapnp.sysSpuštenoSpolu
s Windows
Portable Media Serial Number
ServiceC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Print SpoolerC:\WINDOWS\system32\spoolsv.exeSpuštenoSamospuštení
Processor DriverC:\WINDOWS\System32\DRIVERS\processr.sysSpuštenoSpustí si
Windows
Protected StorageC:\WINDOWS\system32\lsass.exeSpuštenoSamospuštení
QoS Packet
SchedulerC:\WINDOWS\System32\DRIVERS\psched.sysSpuštenoUživatelsky
QoS RSVPC:\WINDOWS\System32\rsvp.exeZastavenoUživatelsky
RAS Asynchronous Media
DriverC:\WINDOWS\System32\DRIVERS\asyncmac.sysZastavenoUživatelsky
RdbssC:\WINDOWS\System32\DRIVERS\rdbss.sysSpuštenoSpustí si Windows
Remote Access Auto Connection
DriverC:\WINDOWS\System32\DRIVERS\rasacd.sysSpuštenoSpustí si Windows
Remote Access Auto Connection
ManagerC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Remote Access Connection
ManagerC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
Remote Access IP ARP
DriverC:\WINDOWS\System32\DRIVERS\wanarp.sysSpuštenoUživatelsky
Remote Access NDIS TAPI
DriverC:\WINDOWS\System32\DRIVERS\ndistapi.sysSpuštenoUživatelsky
Remote Access NDIS WAN
DriverC:\WINDOWS\System32\DRIVERS\ndiswan.sysSpuštenoUživatelsky
Remote Access PPPOE
DriverC:\WINDOWS\System32\DRIVERS\raspppoe.sysSpuštenoUživatelsky
Remote Desktop Help Session
ManagerC:\WINDOWS\system32\sessmgr.exeZastavenoUživatelsky
Remote Procedure Call
(RPC)C:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
Remote Procedure Call (RPC)
LocatorC:\WINDOWS\System32\locator.exeZastavenoUživatelsky
Remote RegistryC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
Removable StorageC:\WINDOWS\system32\svchost.exeZastavenoUživatelsky
Routing and Remote
AccessC:\WINDOWS\System32\svchost.exeZastavenoNespušteno
SecdrvC:\WINDOWS\System32\DRIVERS\secdrv.sysZastavenoUživatelsky
Secondary LogonC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Security Accounts ManagerC:\WINDOWS\system32\lsass.exeSpuštenoSamospuštení
Security CenterC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Serenum Filter
DriverC:\WINDOWS\System32\DRIVERS\serenum.sysSpuštenoUživatelsky
Serial port driverC:\WINDOWS\System32\DRIVERS\serial.sysSpuštenoSpustí si
Windows
ServerC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
Service for AC'97 Sample Driver
(WDM)C:\WINDOWS\System32\drivers\ac97sis.sysSpuštenoUživatelsky
ServiceLayerC:\Program Files\PC Connectivity
Solution\ServiceLayer.exeZastavenoUživatelsky
Shell Hardware
DetectionC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
SIS AGP Bus FilterC:\WINDOWS\System32\DRIVERS\sisagp.sysSpuštenoSpolu s
Windows
SiS PCI Fast Ethernet Adapter
DriverC:\WINDOWS\System32\DRIVERS\sisnic.sysSpuštenoUživatelsky
Smart CardC:\WINDOWS\System32\SCardSvr.exeZastavenoUživatelsky
Software Bus
DriverC:\WINDOWS\System32\DRIVERS\swenum.sysSpuštenoUživatelsky
SrvC:\WINDOWS\System32\DRIVERS\srv.sysSpuštenoUživatelsky
SSDP Discovery ServiceC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
Standard IDE/ESDI Hard Disk
ControllerC:\WINDOWS\System32\DRIVERS\atapi.sysSpuštenoSpolu s Windows
System Event
NotificationC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
System Restore Filter
DriverC:\WINDOWS\System32\DRIVERS\sr.sysSpuštenoSpolu s Windows
System Restore ServiceC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
Task SchedulerC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
TCP/IP NetBIOS HelperC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
TCP/IP Protocol DriverC:\WINDOWS\System32\DRIVERS\tcpip.sysSpuštenoSpustí
si Windows
TelephonyC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
TelnetC:\WINDOWS\System32\tlntsvr.exeZastavenoUživatelsky
Terminal Device DriverC:\WINDOWS\System32\DRIVERS\termdd.sysSpuštenoSpustí
si Windows
Terminal Server Device Redirector
DriverC:\WINDOWS\System32\DRIVERS\rdpdr.sysSpuštenoUživatelsky
Terminal ServicesC:\WINDOWS\System32\svchost.exeSpuštenoUživatelsky
ThemesC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Uninterruptible Power
SupplyC:\WINDOWS\System32\ups.exeZastavenoUživatelsky
Universal Plug and Play Device
HostC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
USB Mass Storage
DriverC:\WINDOWS\System32\DRIVERS\USBSTOR.SYSZastavenoUživatelsky
USB Scanner
DriverC:\WINDOWS\System32\DRIVERS\usbscan.sysSpuštenoUživatelsky
VGA Display Controller.C:\WINDOWS\System32\drivers\vga.sysSpuštenoSpustí
si Windows
Virtual Serial port
driverC:\WINDOWS\System32\DRIVERS\VComm.sysZastavenoUživatelsky
Volume Manager DriverC:\WINDOWS\System32\DRIVERS\ftdisk.sysSpuštenoSpolu s
Windows
Volume Shadow CopyC:\WINDOWS\System32\vssvc.exeZastavenoUživatelsky
WAN Miniport
(L2TP)C:\WINDOWS\System32\DRIVERS\rasl2tp.sysSpuštenoUživatelsky
WAN Miniport
(PPTP)C:\WINDOWS\System32\DRIVERS\raspptp.sysSpuštenoUživatelsky
WebClientC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
WebDav Client
RedirectorC:\WINDOWS\System32\DRIVERS\mrxdav.sysSpuštenoUživatelsky
Windows AudioC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Windows Firewall/Internet Connection Sharing
(ICS)C:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Windows Image Acquisition
(WIA)C:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Windows InstallerC:\WINDOWS\system32\msiexec.exeZastavenoUživatelsky
Windows Management
InstrumentationC:\WINDOWS\system32\svchost.exeSpuštenoSamospuštení
Windows Management Instrumentation Driver
ExtensionsC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Windows Socket 2.0 Non-IFS Service Provider Support
EnvironmentC:\WINDOWS\System32\drivers\ws2ifsl.sysSpuštenoSpustí si
Windows
Windows TimeC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
Wired AutoConfigC:\WINDOWS\System32\svchost.exeZastavenoUživatelsky
Wireless Zero
ConfigurationC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
WMI Performance
AdapterC:\WINDOWS\System32\wbem\wmiapsrv.exeZastavenoUživatelsky
WorkstationC:\WINDOWS\System32\svchost.exeSpuštenoSamospuštení
World Standard Teletext
CodecC:\WINDOWS\System32\DRIVERS\WSTCODEC.SYSZastavenoUživatelsky
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu pc je uplne pomale
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu pc je uplne pomale
Proč používáte ComboFix, utilitu určenou pouze odborníků bez jakékoli konzultace s rádcem? Chcete si zbořit systém? Stačil log RSIT a dál by rádce rozhodl sám. Dávat logy ze všeho, co existuje, je naprostý nesmysl. Teď musím dokončit ComboFix ať chci, nebo ne, jinou volbu jste mi nedal.
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\dbrmdwb.bat
c:\windows\system32\zkldrkdwgxehho.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"tgflkunwtunpilwq"=-
Firefox::
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?sr ... 0.10005&q=
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-02 18:49; twitter.address.bar.search@firefox.twitter; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
FF - ExtSQL: 2012-11-02 18:54; searchy@searchy; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\searchy@searchy.xpi
FF - ExtSQL: 2012-11-03 17:30; autopager@mozilla.org; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\autopager@mozilla.org.xpi
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu pc je uplne pomale
ComboFix 12-11-08.01 - jajo pajo 10.11.2012 9:41.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.239.71 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\jajo pajo\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-09 23:10 . 2012-11-09 23:10 177496 ----a-w- c:\windows\system32\drivers\20527464.sys
2012-11-09 21:14 . 2012-11-09 23:31 -------- dc----w- C:\TDSSKiller_Quarantine
2012-11-09 20:25 . 2012-11-09 20:25 -------- d-----w- c:\program files\trend micro
2012-11-09 20:25 . 2012-11-09 20:31 -------- dc----w- C:\rsit
2012-11-09 20:02 . 2012-11-09 20:07 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\EurekaLog
2012-11-08 20:12 . 2012-11-08 20:40 -------- dc----w- C:\UsbFix
2012-11-07 17:59 . 2012-11-07 17:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-11-07 17:51 . 2012-11-07 17:51 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-11-07 17:51 . 2012-11-07 17:51 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-11-07 17:51 . 2012-11-07 17:51 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-11-07 17:51 . 2007-11-30 22:26 135680 ----a-w- c:\windows\system32\T.COM
2012-11-07 17:51 . 2007-11-30 22:26 146432 ----a-w- c:\windows\R.COM
2012-11-07 17:51 . 2012-11-07 17:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-11-07 17:46 . 2012-11-07 17:46 2855 ----a-w- c:\windows\system32\mem.PIF
2012-11-07 17:44 . 2012-11-07 17:44 -------- d--h--w- c:\windows\PIF
2012-11-04 19:02 . 2012-11-05 08:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-11-04 18:48 . 2012-11-04 18:53 8192 ----a-w- c:\windows\system32\vxdblock.exe
2012-11-04 18:47 . 2012-11-04 18:58 -------- d-----w- c:\program files\Evolution Labs
2012-11-04 18:00 . 2012-11-04 18:28 -------- d-----w- c:\program files\FineRecovery
2012-11-02 21:22 . 2012-11-02 21:22 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\Serif
2012-11-02 19:58 . 2012-11-02 19:58 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-11-02 19:58 . 2012-11-02 19:58 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-11-02 19:58 . 2012-11-02 19:58 2577888 ----a-w- c:\windows\dbplugin.ocx
2012-11-02 19:58 . 2012-11-02 19:58 1023456 ----a-w- c:\windows\dbplugin.exe
2012-11-02 19:58 . 2012-11-02 19:58 2433024 ----a-w- c:\windows\npdbplug.dll
2012-11-02 19:51 . 2012-11-02 20:06 -------- d-----w- c:\program files\DeskTopAuthor
2012-11-02 19:48 . 2012-11-02 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-02 17:14 . 2012-11-02 17:17 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\PhotoFiltre Studio X
2012-11-01 11:06 . 2012-11-01 11:06 -------- d-----w- c:\windows\Sun
2012-10-21 11:54 . 2012-10-21 11:54 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-21 11:53 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 18:14 . 2012-11-07 18:10 3660157 ----a-w- c:\windows\REGBK03.ZIP
2012-11-02 21:34 . 2012-06-03 18:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 21:34 . 2012-06-03 18:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 12:53 . 2012-09-14 12:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 12:53 . 2012-09-14 12:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 05:46 . 2012-09-14 05:43 3129338 ----a-w- c:\windows\REGBK02.ZIP
2012-09-09 12:18 . 2012-09-09 12:17 905216 ----a-w- C:\SRDownloader.exe
2012-10-27 07:35 . 2012-10-27 07:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="d:\program files\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-24 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverMax"=
"SRDownloader"=C:\SRDownloader.exe /min
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R3 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 19592]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:41 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 25480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [31.5.2012 19:33 24706]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://1141/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10874632.sys
SafeBoot-75394816.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-10 10:08
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-10 10:15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-10 09:15
ComboFix2.txt 2012-11-09 19:12
.
Pre-Run: 2 276 048 896 bytes free
Post-Run: 2 280 960 000 voľných bajtov
.
- - End Of File - - 68D96C66CD75EF8321FE4BFAB2D5D30D
Tak tu je log z combofixu ,podla neho mi bezi antivir avira lenze ten bol uz davno odinstalovany,Dakujem
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.239.71 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\jajo pajo\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-09 23:10 . 2012-11-09 23:10 177496 ----a-w- c:\windows\system32\drivers\20527464.sys
2012-11-09 21:14 . 2012-11-09 23:31 -------- dc----w- C:\TDSSKiller_Quarantine
2012-11-09 20:25 . 2012-11-09 20:25 -------- d-----w- c:\program files\trend micro
2012-11-09 20:25 . 2012-11-09 20:31 -------- dc----w- C:\rsit
2012-11-09 20:02 . 2012-11-09 20:07 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\EurekaLog
2012-11-08 20:12 . 2012-11-08 20:40 -------- dc----w- C:\UsbFix
2012-11-07 17:59 . 2012-11-07 17:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-11-07 17:51 . 2012-11-07 17:51 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-11-07 17:51 . 2012-11-07 17:51 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-11-07 17:51 . 2012-11-07 17:51 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-11-07 17:51 . 2007-11-30 22:26 135680 ----a-w- c:\windows\system32\T.COM
2012-11-07 17:51 . 2007-11-30 22:26 146432 ----a-w- c:\windows\R.COM
2012-11-07 17:51 . 2012-11-07 17:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-11-07 17:46 . 2012-11-07 17:46 2855 ----a-w- c:\windows\system32\mem.PIF
2012-11-07 17:44 . 2012-11-07 17:44 -------- d--h--w- c:\windows\PIF
2012-11-04 19:02 . 2012-11-05 08:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-11-04 18:48 . 2012-11-04 18:53 8192 ----a-w- c:\windows\system32\vxdblock.exe
2012-11-04 18:47 . 2012-11-04 18:58 -------- d-----w- c:\program files\Evolution Labs
2012-11-04 18:00 . 2012-11-04 18:28 -------- d-----w- c:\program files\FineRecovery
2012-11-02 21:22 . 2012-11-02 21:22 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\Serif
2012-11-02 19:58 . 2012-11-02 19:58 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-11-02 19:58 . 2012-11-02 19:58 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-11-02 19:58 . 2012-11-02 19:58 2577888 ----a-w- c:\windows\dbplugin.ocx
2012-11-02 19:58 . 2012-11-02 19:58 1023456 ----a-w- c:\windows\dbplugin.exe
2012-11-02 19:58 . 2012-11-02 19:58 2433024 ----a-w- c:\windows\npdbplug.dll
2012-11-02 19:51 . 2012-11-02 20:06 -------- d-----w- c:\program files\DeskTopAuthor
2012-11-02 19:48 . 2012-11-02 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-02 17:14 . 2012-11-02 17:17 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\PhotoFiltre Studio X
2012-11-01 11:06 . 2012-11-01 11:06 -------- d-----w- c:\windows\Sun
2012-10-21 11:54 . 2012-10-21 11:54 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-21 11:53 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 18:14 . 2012-11-07 18:10 3660157 ----a-w- c:\windows\REGBK03.ZIP
2012-11-02 21:34 . 2012-06-03 18:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 21:34 . 2012-06-03 18:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 12:53 . 2012-09-14 12:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 12:53 . 2012-09-14 12:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 05:46 . 2012-09-14 05:43 3129338 ----a-w- c:\windows\REGBK02.ZIP
2012-09-09 12:18 . 2012-09-09 12:17 905216 ----a-w- C:\SRDownloader.exe
2012-10-27 07:35 . 2012-10-27 07:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="d:\program files\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-24 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverMax"=
"SRDownloader"=C:\SRDownloader.exe /min
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R3 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 19592]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:41 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 25480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [31.5.2012 19:33 24706]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://1141/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10874632.sys
SafeBoot-75394816.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-10 10:08
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-10 10:15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-10 09:15
ComboFix2.txt 2012-11-09 19:12
.
Pre-Run: 2 276 048 896 bytes free
Post-Run: 2 280 960 000 voľných bajtov
.
- - End Of File - - 68D96C66CD75EF8321FE4BFAB2D5D30D
Tak tu je log z combofixu ,podla neho mi bezi antivir avira lenze ten bol uz davno odinstalovany,Dakujem
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu pc je uplne pomale
Bude třeba ještě jednoho spusštění CF pomocí skriptu. Jsou tam rootkity a ty musí ven. Spusťte ještě jednou CF tímto skripteam:
Dejte nový log, možná bude třeba ještě sken AVPTool.KillAll::
Collect::
c:\windows\system32\drivers\20527464.sys
Firefox::
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Driver::
10874632
75394816
20527464
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu pc je uplne pomale
ComboFix 12-11-08.01 - jajo pajo 10.11.2012 20:38:18.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.239.55 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\jajo pajo\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
file zipped: c:\windows\system32\drivers\20527464.sys
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\20527464.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_10874632
-------\Legacy_75394816
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-09 21:14 . 2012-11-09 23:31 -------- dc----w- C:\TDSSKiller_Quarantine
2012-11-09 20:25 . 2012-11-09 20:25 -------- d-----w- c:\program files\trend micro
2012-11-09 20:25 . 2012-11-09 20:31 -------- dc----w- C:\rsit
2012-11-09 20:02 . 2012-11-09 20:07 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\EurekaLog
2012-11-08 20:12 . 2012-11-08 20:40 -------- dc----w- C:\UsbFix
2012-11-07 17:59 . 2012-11-07 17:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-11-07 17:51 . 2012-11-07 17:51 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-11-07 17:51 . 2012-11-07 17:51 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-11-07 17:51 . 2012-11-07 17:51 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-11-07 17:51 . 2007-11-30 22:26 135680 ----a-w- c:\windows\system32\T.COM
2012-11-07 17:51 . 2007-11-30 22:26 146432 ----a-w- c:\windows\R.COM
2012-11-07 17:51 . 2012-11-07 17:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-11-07 17:46 . 2012-11-07 17:46 2855 ----a-w- c:\windows\system32\mem.PIF
2012-11-07 17:44 . 2012-11-07 17:44 -------- d--h--w- c:\windows\PIF
2012-11-04 19:02 . 2012-11-05 08:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-11-04 18:48 . 2012-11-04 18:53 8192 ----a-w- c:\windows\system32\vxdblock.exe
2012-11-04 18:47 . 2012-11-04 18:58 -------- d-----w- c:\program files\Evolution Labs
2012-11-04 18:00 . 2012-11-04 18:28 -------- d-----w- c:\program files\FineRecovery
2012-11-02 21:22 . 2012-11-02 21:22 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\Serif
2012-11-02 19:58 . 2012-11-02 19:58 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-11-02 19:58 . 2012-11-02 19:58 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-11-02 19:58 . 2012-11-02 19:58 2577888 ----a-w- c:\windows\dbplugin.ocx
2012-11-02 19:58 . 2012-11-02 19:58 1023456 ----a-w- c:\windows\dbplugin.exe
2012-11-02 19:58 . 2012-11-02 19:58 2433024 ----a-w- c:\windows\npdbplug.dll
2012-11-02 19:51 . 2012-11-02 20:06 -------- d-----w- c:\program files\DeskTopAuthor
2012-11-02 19:48 . 2012-11-02 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-02 17:14 . 2012-11-02 17:17 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\PhotoFiltre Studio X
2012-11-01 11:06 . 2012-11-01 11:06 -------- d-----w- c:\windows\Sun
2012-10-21 11:54 . 2012-10-21 11:54 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-21 11:53 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 18:14 . 2012-11-07 18:10 3660157 ----a-w- c:\windows\REGBK03.ZIP
2012-11-02 21:34 . 2012-06-03 18:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 21:34 . 2012-06-03 18:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 12:53 . 2012-09-14 12:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 12:53 . 2012-09-14 12:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 05:46 . 2012-09-14 05:43 3129338 ----a-w- c:\windows\REGBK02.ZIP
2012-09-09 12:18 . 2012-09-09 12:17 905216 ----a-w- C:\SRDownloader.exe
2012-10-27 07:35 . 2012-10-27 07:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-24 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverMax"=
"SRDownloader"=C:\SRDownloader.exe /min
"Gadwin PrintScreen"="d:\program files\PrintScreen\PrintScreen.exe" /nosplash
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R3 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 19592]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:41 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 25480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [31.5.2012 19:33 24706]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://1141/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-10 21:06
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-10 21:13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-10 20:13
ComboFix2.txt 2012-11-10 09:15
ComboFix3.txt 2012-11-09 19:12
.
Pre-Run: 2 267 770 880 bytes free
Post-Run: 2 215 514 112 voľných bajtov
.
- - End Of File - - CB2534A74EF6063A8E913F196CFEB0EE
Upload was successful
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.239.55 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\jajo pajo\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
file zipped: c:\windows\system32\drivers\20527464.sys
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\20527464.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_10874632
-------\Legacy_75394816
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-09 21:14 . 2012-11-09 23:31 -------- dc----w- C:\TDSSKiller_Quarantine
2012-11-09 20:25 . 2012-11-09 20:25 -------- d-----w- c:\program files\trend micro
2012-11-09 20:25 . 2012-11-09 20:31 -------- dc----w- C:\rsit
2012-11-09 20:02 . 2012-11-09 20:07 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\EurekaLog
2012-11-08 20:12 . 2012-11-08 20:40 -------- dc----w- C:\UsbFix
2012-11-07 17:59 . 2012-11-07 17:59 -------- d---a-w- c:\windows\system32\runouce.exe
2012-11-07 17:51 . 2012-11-07 17:51 626688 ----a-w- c:\windows\system32\msvcr80.dll
2012-11-07 17:51 . 2012-11-07 17:51 548864 ----a-w- c:\windows\system32\msvcp80.dll
2012-11-07 17:51 . 2012-11-07 17:51 28672 ----a-w- c:\windows\system32\eEmpty.exe
2012-11-07 17:51 . 2007-11-30 22:26 135680 ----a-w- c:\windows\system32\T.COM
2012-11-07 17:51 . 2007-11-30 22:26 146432 ----a-w- c:\windows\R.COM
2012-11-07 17:51 . 2012-11-07 17:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-11-07 17:46 . 2012-11-07 17:46 2855 ----a-w- c:\windows\system32\mem.PIF
2012-11-07 17:44 . 2012-11-07 17:44 -------- d--h--w- c:\windows\PIF
2012-11-04 19:02 . 2012-11-05 08:30 -------- d-----w- c:\windows\SxsCaPendDel
2012-11-04 18:48 . 2012-11-04 18:53 8192 ----a-w- c:\windows\system32\vxdblock.exe
2012-11-04 18:47 . 2012-11-04 18:58 -------- d-----w- c:\program files\Evolution Labs
2012-11-04 18:00 . 2012-11-04 18:28 -------- d-----w- c:\program files\FineRecovery
2012-11-02 21:22 . 2012-11-02 21:22 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\Serif
2012-11-02 19:58 . 2012-11-02 19:58 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-11-02 19:58 . 2012-11-02 19:58 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-11-02 19:58 . 2012-11-02 19:58 2577888 ----a-w- c:\windows\dbplugin.ocx
2012-11-02 19:58 . 2012-11-02 19:58 1023456 ----a-w- c:\windows\dbplugin.exe
2012-11-02 19:58 . 2012-11-02 19:58 2433024 ----a-w- c:\windows\npdbplug.dll
2012-11-02 19:51 . 2012-11-02 20:06 -------- d-----w- c:\program files\DeskTopAuthor
2012-11-02 19:48 . 2012-11-02 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-02 17:14 . 2012-11-02 17:17 -------- d-----w- c:\documents and settings\jajo pajo\Application Data\PhotoFiltre Studio X
2012-11-01 11:06 . 2012-11-01 11:06 -------- d-----w- c:\windows\Sun
2012-10-21 11:54 . 2012-10-21 11:54 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-21 11:53 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 18:14 . 2012-11-07 18:10 3660157 ----a-w- c:\windows\REGBK03.ZIP
2012-11-02 21:34 . 2012-06-03 18:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 21:34 . 2012-06-03 18:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 12:53 . 2012-09-14 12:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-14 12:53 . 2012-09-14 12:56 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 05:46 . 2012-09-14 05:43 3129338 ----a-w- c:\windows\REGBK02.ZIP
2012-09-09 12:18 . 2012-09-09 12:17 905216 ----a-w- C:\SRDownloader.exe
2012-10-27 07:35 . 2012-10-27 07:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-24 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverMax"=
"SRDownloader"=C:\SRDownloader.exe /min
"Gadwin PrintScreen"="d:\program files\PrintScreen\PrintScreen.exe" /nosplash
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R3 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24.9.2009 4:40 19592]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24.9.2009 12:41 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 13:01 25480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\JAJOPA~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [31.5.2012 19:33 24706]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://1141/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-27 21:54; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-03 17:30; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\jajo pajo\Application Data\Mozilla\Firefox\Profiles\l72f8wua.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015&tt=2912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.hardId - 64be2519000000000000000735860a97
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-10 21:06
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-10 21:13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-10 20:13
ComboFix2.txt 2012-11-10 09:15
ComboFix3.txt 2012-11-09 19:12
.
Pre-Run: 2 267 770 880 bytes free
Post-Run: 2 215 514 112 voľných bajtov
.
- - End Of File - - CB2534A74EF6063A8E913F196CFEB0EE
Upload was successful
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu pc je uplne pomale
OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu pc je uplne pomale
Dakujem ,system je trochu sviznejsi. 
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu pc je uplne pomale
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?