Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivosek at 2013-01-08 13:23:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 95 GB (40%) free of 238 GB
Total RAM: 3033 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:23:26, on 8.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\UpdateReminder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Ivosek\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Ivosek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webtv.starnet.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{69561A6A-E9D9-4DB1-BC9E-84E3AD283A3D}: NameServer = 10.108.10.108,10.108.10.109
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5798 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Ivosek\Data aplikací\Mozilla\Firefox\Profiles\i3vfpfmi.default
prefs.js - "browser.startup.homepage" - "www.google.cz"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.9.9]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Ivosek\Data aplikací\Mozilla\Firefox\Profiles\i3vfpfmi.default\extensions\
centrumpomocnik@centrum.cz
{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-28 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-28 155384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2010-09-07 43608]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2011-12-04 949376]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2011-12-04 425984]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-02-13 499608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2012-02-29 108352]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-03-01 1634112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2012-12-03 1354736]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Documents and Settings\Ivosek\Dokumenty\Warcraft3\war3.exe"="C:\Documents and Settings\Ivosek\Dokumenty\Warcraft3\war3.exe:*:Enabled:Warcraft III"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Ivosek\Dokumenty\Warcraft3\gproxy.exe"="C:\Documents and Settings\Ivosek\Dokumenty\Warcraft3\gproxy.exe:*:Enabled:gproxy"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\d.j.knedlik@seznam.cz\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\d.j.knedlik@seznam.cz\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe"="C:\Program Files\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe:*:Enabled:Stronghold3"
"C:\Program Files\StarCraft II\StarCraft II.exe"="C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\UOAM\uoam_locked.exe"="C:\Program Files\UOAM\uoam_locked.exe:*:Enabled:Ultima Online's premier mapping tool."
"C:\Program Files\UOAM\uoam.exe"="C:\Program Files\UOAM\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.515\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.515\Agent.exe:*:Enabled:Blizzard Update Agent"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.516\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.516\Agent.exe:*:Enabled:Blizzard Update Agent"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Helbreath USA\Helbreath.exe"="C:\Program Files\Helbreath USA\Helbreath.exe:*:Enabled:mfcftp"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.868\Agent.exe"="C:\Documents and Settings\All Users\Data aplikací\Battle.net\Agent\Agent.868\Agent.exe:*:Enabled:Battle.net Update Agent"
"C:\Program Files\Diablo III Beta\Diablo III.exe"="C:\Program Files\Diablo III Beta\Diablo III.exe:*:Enabled:Diablo III Beta"
"C:\Documents and Settings\All Users\Data aplikacĂ\Battle.net\Agent\Agent.868\Agent.exe"="C:\Documents and Settings\All Users\Data aplikacĂ\Battle.net\Agent\Agent.868\Agent.exe:*:Enabled:Blizzard Agent"
"C:\Documents and Settings\All Users\Data aplikaci\Battle.net\Agent\Agent.515\Agent.exe"="C:\Documents and Settings\All Users\Data aplikaci\Battle.net\Agent\Agent.515\Agent.exe:*:Enabled:Blizzard Agent"
"C:\Documents and Settings\All Users\Data aplikaci\Battle.net\Agent\Agent.868\Agent.exe"="C:\Documents and Settings\All Users\Data aplikaci\Battle.net\Agent\Agent.868\Agent.exe:*:Enabled:Blizzard Agent"
"C:\Program Files\Farming Simulator 2013\FarmingSimulator2013.exe"="C:\Program Files\Farming Simulator 2013\FarmingSimulator2013.exe:*:Enabled:Farming Simulator 2013"
"C:\Program Files\Farming Simulator 2013\FarmingSimulator2013Game.exe"="C:\Program Files\Farming Simulator 2013\FarmingSimulator2013Game.exe:*:Enabled:Farming Simulator 2013"
"C:\Program Files\Steam\steamapps\shaguarb\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\shaguarb\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe"="C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe:*:Enabled:Counter-Strike: Global Offensive"
"C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe"="C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe:*:Enabled:Counter-Strike: Global Offensive - SDK"
"C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe"="C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"VIDC.CFHD"=cfhd.dll
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
======List of files/folders created in the last 3 months======
2013-01-08 13:23:19 ----D---- C:\rsit
2013-01-08 13:23:19 ----D---- C:\Program Files\trend micro
2012-12-21 16:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-12 16:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-12 16:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-12 16:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-12 16:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$
2012-12-12 16:03:15 ----SHD---- C:\Config.Msi
2012-12-12 16:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-12 16:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2761465$
2012-11-28 13:23:29 ----D---- C:\Program Files\Common Files\Java
2012-11-28 13:23:21 ----A---- C:\WINDOWS\system32\javaws.exe
2012-11-28 13:23:16 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-11-26 20:12:01 ----A---- C:\WINDOWS\system32\drivers\lirsgt.sys
2012-11-26 20:12:01 ----A---- C:\WINDOWS\system32\drivers\atksgt.sys
2012-11-15 15:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-11-15 15:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-10-27 10:52:54 ----D---- C:\Program Files\King's Bounty - Warriors of the North
2012-10-27 09:07:20 ----D---- C:\Program Files\Farming Simulator 2013
2012-10-20 20:43:28 ----A---- C:\WINDOWS\system32\javaw.exe
2012-10-20 20:43:28 ----A---- C:\WINDOWS\system32\java.exe
2012-10-10 14:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-10 14:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-10 14:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-10 14:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
======List of files/folders modified in the last 3 months======
2013-01-08 13:23:19 ----RD---- C:\Program Files
2013-01-08 13:23:19 ----D---- C:\WINDOWS\Prefetch
2013-01-08 13:05:39 ----D---- C:\WINDOWS\Temp
2013-01-08 13:04:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-08 11:36:53 ----D---- C:\Program Files\Steam
2013-01-08 11:27:34 ----D---- C:\Program Files\Mozilla Firefox
2013-01-08 09:44:41 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-06 21:34:44 ----D---- C:\Documents and Settings\Ivosek\Data aplikací\TS3Client
2013-01-06 14:09:40 ----D---- C:\Program Files\Ultima Online
2012-12-21 16:19:43 ----D---- C:\WINDOWS\system32
2012-12-21 16:19:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-21 16:15:19 ----D---- C:\WINDOWS
2012-12-21 16:06:02 ----HD---- C:\WINDOWS\inf
2012-12-21 16:05:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-21 16:04:51 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-18 18:42:13 ----SD---- C:\WINDOWS\Tasks
2012-12-18 18:42:05 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-12 16:04:24 ----A---- C:\WINDOWS\imsins.BAK
2012-12-12 16:04:10 ----SHD---- C:\WINDOWS\Installer
2012-12-12 16:04:07 ----D---- C:\Documents and Settings\All Users\Data aplikaci\Microsoft Help
2012-12-12 15:59:38 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-07 21:14:05 ----D---- C:\Documents and Settings\All Users\Data aplikaci\Adobe
2012-11-28 18:51:14 ----D---- C:\WINDOWS\system32\DirectX
2012-11-28 18:49:50 ----RSD---- C:\WINDOWS\assembly
2012-11-28 13:23:29 ----D---- C:\Program Files\Common Files
2012-11-28 13:23:05 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-11-28 13:23:05 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-11-28 13:23:02 ----D---- C:\Program Files\Java
2012-11-26 20:20:15 ----D---- C:\Documents and Settings\Ivosek\Data aplikací\uTorrent
2012-11-26 20:17:48 ----D---- C:\Program Files\Ubisoft
2012-11-26 20:12:01 ----D---- C:\WINDOWS\system32\drivers
2012-11-26 20:09:22 ----HD---- C:\Program Files\InstallShield Installation Information
2012-11-15 18:06:40 ----D---- C:\WINDOWS\Microsoft.NET
2012-11-15 17:51:50 ----D---- C:\Documents and Settings\Ivosek\Data aplikací\.minecraft
2012-11-15 15:33:11 ----D---- C:\WINDOWS\WinSxS
2012-11-15 15:31:00 ----D---- C:\Program Files\Common Files\System
2012-11-15 15:31:00 ----A---- C:\WINDOWS\win.ini
2012-11-13 23:07:33 ----D---- C:\Documents and Settings\Ivosek\Data aplikací\DAEMON Tools Lite
2012-11-13 23:07:33 ----D---- C:\Documents and Settings\All Users\Data aplikaci\DAEMON Tools Lite
2012-11-10 03:07:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2012-11-10 01:39:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-11-04 17:28:12 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-11-02 03:03:56 ----A---- C:\WINDOWS\system32\dpnet.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\wininet.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\url.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\shdocvw.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\mstime.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\mshtmled.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\iepeers.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\ieencode.dll
2012-10-31 12:32:37 ----A---- C:\WINDOWS\system32\browseui.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ahcix86;ahcix86; C:\WINDOWS\system32\DRIVERS\ahcix86.sys [2010-09-24 214096]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2010-11-25 103000]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-08-14 239168]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2011-12-04 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2011-12-04 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2012-11-26 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2012-11-26 25416]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asmthub3;ASMedia USB3 Hub Service; C:\WINDOWS\system32\DRIVERS\asmthub3.sys [2011-02-24 100328]
R3 asmtxhci;ASMEDIA XHCI Service; C:\WINDOWS\system32\DRIVERS\asmtxhci.sys [2011-02-24 308200]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-03-01 13417632]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-01-14 277352]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2010-12-16 36096]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-28 161768]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2011-12-04 552064]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-29 164160]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-13 129976]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
----------------------------------------------------------------------------------------------------------------------------------------------
A dalsi log z combofixu
ComboFix 13-01-06.01 - Ivosek 08.01.2013 13:36:10.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3033.2252 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivosek\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\SET1A97.tmp
c:\windows\system32\SET1A9B.tmp
c:\windows\system32\SET1A9C.tmp
c:\windows\system32\SET1AA3.tmp
c:\windows\system32\tmp2E9.tmp
c:\windows\system32\tmp2EA.tmp
c:\windows\system32\TZLog.log
.
c:\windows\system32\drivers\i8042prt.sys chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-08 do 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 12:40 . 2008-04-14 02:21 52096 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-01-08 12:40 . 2008-04-14 02:21 52096 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-01-08 12:23 . 2013-01-08 12:23 -------- d-----w- C:\rsit
2013-01-08 12:23 . 2013-01-08 12:23 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 17:42 . 2012-04-03 12:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-18 17:42 . 2011-11-05 17:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-28 12:23 . 2012-11-28 12:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-28 12:23 . 2012-07-26 15:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-28 12:23 . 2012-07-26 15:02 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-28 12:23 . 2012-02-20 18:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 19:12 . 2012-11-26 19:12 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-11-26 19:12 . 2012-11-26 19:12 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:32 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-10-31 11:32 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:32 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-31 11:29 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-05-13 20:45 . 2011-12-29 09:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2011-12-04 949376]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-12-04 425984]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-13 499608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-5-14 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-12-05 14:49 20065384 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-03 18:57 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Ivosek\\Dokumenty\\Warcraft3\\war3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Ivosek\\Dokumenty\\Warcraft3\\gproxy.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\d.j.knedlik@seznam.cz\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\UOAM\\uoam.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.868\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\Battle.net\\Agent\\Agent.515\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikaci\\Battle.net\\Agent\\Agent.868\\Agent.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013.exe"=
"c:\\Program Files\\Farming Simulator 2013\\FarmingSimulator2013Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaguarb\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [4.11.2011 21:04 214096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.8.2011 9:54 239168]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.12.2011 11:18 15424]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [4.11.2011 21:05 100328]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [4.11.2011 21:05 308200]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [4.11.2011 21:04 36096]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.11.2011 20:41 1691480]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://webtv.starnet.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{69561A6A-E9D9-4DB1-BC9E-84E3AD283A3D}: NameServer = 10.108.10.108,10.108.10.109
FF - ProfilePath - c:\documents and settings\Ivosek\Data aplikací\Mozilla\Firefox\Profiles\i3vfpfmi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{020627E6-E59E-46CF-B7F8-4B05D0C6088A}_is1 - c:\program files\Paradox Interactive\Crusader Kings II\crusader kings ii\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-08 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2484)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Eset\nod32krn.exe
.
**************************************************************************
.
Celkový čas: 2013-01-08 13:50:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-08 12:50
.
Před spuštěním: Volných bajtů: 99 837 104 128
Po spuštění: Volných bajtů: 102 274 043 904
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9C1548EFCDC3C95D8940D5EECC5D91FD
DIKY MOC!!
Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?
Protoze mi vzdy moderatori pomuzou.Topic lock, dik 
Přispějete na provoz fóra?