Logfile of random's system information tool 1.09 (written by random/random)
Run by a at 2013-12-30 21:31:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 83 GB (55%) free of 153 GB
Total RAM: 959 MB (12% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:31:34, on 30.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\OO Software\Defrag\oodag.exe
c:\apache\APACHE.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Program Files\ChromePlus\new_chrome.exe
C:\Program Files\ChromePlus\new_chrome.exe
C:\Program Files\ChromePlus\new_chrome.exe
C:\Documents and Settings\a\Plocha\Nepoužívané odkazy plochy\RSIT.exe
C:\Program Files\trend micro\a.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C72C8017-3824-4DED-91CC-0F9167EBDF51}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
--
End of file - 7235 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default
prefs.js - "browser.search.useDBForOrder" - true
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"50360d95c3507@50360d95c3540.info"=C:\Documents and Settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\extensions\50360d95c3507@50360d95c3540.info
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Documents and Settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\extensions\
50360d95c3507@50360d95c3540.info
ffxtlbr@incredibar.com
{20a82645-c095-46ed-80e3-08825760534b}
{687578b9-7132-4a7a-80e4-30ee31099e03}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-01 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-01 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-11 2524416]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-11-08 6756048]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-12-12 684600]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 188416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Philips GoGear VIBE Device Manager.lnk]
C:\PROGRA~1\Philips\GOGEAR~1\GOGEAR~1.EXE []
C:\Documents and Settings\a\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Miranda IM KP v5.0.9.16\miranda32.exe"="C:\Program Files\Miranda IM KP v5.0.9.16\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Common Files\Comodo\tvnserver.exe"="C:\Program Files\Common Files\Comodo\tvnserver.exe:*:Enabled:TVN Server"
"C:\Program Files\GoforFiles\goforfilesdl.exe"="C:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:Go for Files"
"C:\Program Files\GoforFiles\GoforFiles.exe"="C:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:Go for Files"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codec"=l3codecp.acm
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2013-12-30 21:31:13 ----D---- C:\rsit
2013-12-20 12:14:03 ----D---- C:\Program Files\Mozilla Firefox
2013-12-11 16:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2013-12-08 18:06:31 ----D---- C:\Program Files\MyPC Backup
2013-12-06 15:40:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
======List of files/folders modified in the last 1 month======
2013-12-30 21:31:23 ----D---- C:\WINDOWS\Temp
2013-12-30 21:31:18 ----D---- C:\Program Files\trend micro
2013-12-30 21:31:08 ----D---- C:\WINDOWS\Prefetch
2013-12-30 21:19:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-30 19:55:11 ----A---- C:\WINDOWS\NeroDigital.ini
2013-12-30 19:34:10 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-29 17:31:22 ----D---- C:\Documents and Settings\a\Data aplikací\vlc
2013-12-26 17:05:52 ----HD---- C:\WINDOWS\inf
2013-12-25 21:48:00 ----D---- C:\WINDOWS\system32
2013-12-25 21:47:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-23 19:11:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-12-22 18:57:44 ----RD---- C:\Program Files
2013-12-12 11:47:33 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-12 10:40:37 ----D---- C:\WINDOWS
2013-12-11 16:37:08 ----SHD---- C:\WINDOWS\Installer
2013-12-11 16:37:08 ----SHD---- C:\Config.Msi
2013-12-11 16:37:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-12-11 16:36:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-12-11 16:36:23 ----A---- C:\WINDOWS\imsins.BAK
2013-12-11 16:35:12 ----D---- C:\WINDOWS\system32\MRT
2013-12-11 16:31:55 ----A---- C:\WINDOWS\system32\MRT.exe
2013-12-10 18:35:08 ----D---- C:\Documents and Settings\a\Data aplikací\OpenOffice.org2
2013-12-08 18:08:29 ----SD---- C:\WINDOWS\Tasks
2013-12-06 17:17:45 ----SHD---- C:\System Volume Information
2013-12-06 17:16:09 ----D---- C:\WINDOWS\system32\NtmsData
2013-12-06 15:39:03 ----D---- C:\WINDOWS\Registration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-11-08 99080]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-12-12 135648]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-10-07 37352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-11-08 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-11-08 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-11 242240]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-12-12 90400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-19 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 Motorola-Netmon-Serial;Network Monitor Serial Driver; C:\WINDOWS\system32\DRIVERS\Motorola-Netmon-Serial.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X86BDA;OEM Capture; C:\WINDOWS\system32\DRIVERS\OEMDrv.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-11-14 440376]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-12-12 440376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-11-08 1990464]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2010-01-04 650672]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2010-01-04 650672]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-11-01 182696]
R2 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-11 1488128]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-07 4150112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-07 155716]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-04-19 161384]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu počítače
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
renousek155
- Návštěvník
- Příspěvky: 7
- Registrován: 06 říj 2013 17:46
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu počítače
Zdravím!
Log vypadá OK. Nějaký problém?
Log vypadá OK. Nějaký problém?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
renousek155
- Návštěvník
- Příspěvky: 7
- Registrován: 06 říj 2013 17:46
Re: prosím o kontrolu počítače
Dobrý den, najela mě stranka policie čr v prohlížeči která je vir.Obnovila sem system na předešlý stav a vyčistila programem roguekiller pc. Nevim jestli je to dostatečně odstraněné mohl by jste mi poradit ?
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu počítače
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
renousek155
- Návštěvník
- Příspěvky: 7
- Registrován: 06 říj 2013 17:46
Re: prosím o kontrolu počítače
ComboFix 14-01-01.01 - a 01.01.2014 18:15:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.959.502 [GMT 1:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\Internet Explorer\SET185.tmp
c:\program files\Internet Explorer\SET186.tmp
c:\program files\Internet Explorer\SET187.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SETB5.tmp
c:\program files\Internet Explorer\SETB6.tmp
c:\program files\Internet Explorer\SETB7.tmp
c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\program files\VisualTool\VisualTool.dat
c:\windows\IsUn0405.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-01 do 2014-01-01 )))))))))))))))))))))))))))))))
.
.
2013-12-31 09:41 . 2013-12-31 09:41 -------- d-----w- c:\windows\system32\wbem\Repository
2013-12-30 20:31 . 2013-12-30 20:31 -------- d-----w- C:\rsit
2013-12-15 11:22 . 2013-12-15 11:22 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2013-12-08 17:06 . 2013-12-08 17:27 -------- d-----w- c:\program files\MyPC Backup
2013-12-08 17:06 . 2013-12-08 17:08 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\CatalinaGroup
2013-12-06 14:40 . 2013-12-06 14:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-31 10:05 . 2013-12-31 10:05 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 82944 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 59280 ----a-w- c:\windows\system32\drivers\VMNetSrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 52480 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 229208 ----a-w- c:\windows\system32\drivers\VMM.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 18688 ----a-w- c:\windows\system32\drivers\wstcodec.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2013-12-31 10:05 . 2013-12-31 10:05 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 73344 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 48512 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 28520 ----a-w- c:\windows\system32\drivers\ssmdrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14976 ----a-w- c:\windows\system32\drivers\streamip.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 10880 ----a-w- c:\windows\system32\drivers\slip.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 66600 ----a-w- c:\windows\system32\drivers\sbhips.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 64256 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 270888 ----a-w- c:\windows\system32\drivers\SbFw.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4547584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 58496 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 68736 ----a-w- c:\windows\system32\drivers\pci.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 39680 ----a-w- c:\windows\system32\drivers\processr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 3328 ----a-w- c:\windows\system32\drivers\pciide.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 120064 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 895744 ----a-w- c:\windows\system32\drivers\nvnrm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 80000 ----a-w- c:\windows\system32\drivers\parport.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 46592 ----a-w- c:\windows\system32\drivers\p3.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Philips GoGear VIBE Device Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-07-10 13:08 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Miranda IM KP v5.0.9.16\\miranda32.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25.12.2012 13:27 37352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [17.1.2012 21:00 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.12.2011 18:59 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2012 9:13 242240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [8.12.2008 20:51 270888]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [19.7.2011 1:02 123264]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.12.2012 13:27 440376]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9.5.2010 15:18 650672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9.5.2010 15:18 650672]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [14.6.2013 21:34 4150112]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19.11.2008 19:57 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [8.12.2008 20:51 65576]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.4.2013 14:14 161384]
S3 Motorola-Netmon-Serial;Network Monitor Serial Driver;c:\windows\system32\DRIVERS\Motorola-Netmon-Serial.sys --> c:\windows\system32\DRIVERS\Motorola-Netmon-Serial.sys [?]
S3 X86BDA;OEM Capture;c:\windows\system32\DRIVERS\OEMDrv.sys --> c:\windows\system32\DRIVERS\OEMDrv.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 10:47]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C72C8017-3824-4DED-91CC-0F9167EBDF51}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: !HIDDEN! 2009-09-02 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-08-23 13:10; 50360d95c3507@50360d95c3540.info; c:\documents and settings\a\Data aplikacĂÂ\Mozilla\Firefox\Profiles\71mug241.default\extensions\50360d95c3507@50360d95c3540.info
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLTBSFaG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4c279fb2000000000000001d7d5eca02
FF - user.js: extensions.incredibar_i.instlDay - 15575
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:14
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLTBSFaG
FF - user.js: extensions.incredibar_i.upn2n - 92261980011567802
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 201%5F5
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-FBrowsingAdvisor_is1 - c:\program files\FBrowsingAdvisor\unins000.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-01 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\prefs.js.BAK 12924 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="0F936686F9882CFAAFF7472324C8F2C077A1F0262F3E662E956D9A910B252007812C9FD772335DF58C71AF2CE122E26B4BDD626DE5C8230CC303849BBA4A482BF6D748DF32CB8362B13BBA9DF6BF2827B6040D20154122FA2B242CCCD601B2B0625F296974BA81B16D0673F48CC37E6204CEE10D70A2948EB4B50663C53CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555D9854830AE7107A29D54C8BECDB62CAF65803CDD539D43F710D693BF091610E7CA802F26A21D4FC3427D09BD1F26D7D52515C796E8AD08AA72EF071F53C47CD49A3003C0E0C2A4CEF0A108F8DBF01661EA79BC8FC1D8411D3021B15CF6986AE77D9B48935147F498D2EA65ABF2EC011CF396F9CFF00959B33C36D0E3C92B2FBFB8103992B015A318A147F873A5742AF7901E90BD5DA8ADF81ABE5107F898151DA71FC01A909A09E6AC69C9D60A671487A481492742270F19E38F597C05815AE4B79C7FE856C7EF4458C6963C8928398328781C3B2D78C1E4C5C040DBBF8BB0A36A24CA1FB89215931A99D0EDE19C82C7A8FEB98E82157F51832C8F2451DD3E8557912BC5C4F62E5B7F601E9CA43052D34553031A777774F6EFF588B637A69DDB2805DB46DDEE604626DCD7DBB8517BCA327890B9189E4313F47F1FD6C094DB1E9BE4CE6DB57FC7A3C1950CA1D672C776B7B5A92EC2907F8611F178308F5E7BE504D92870D62C73661A547BC98D0AF0C1B396CF9C2952B357D43972CF9D3BF170C6D2BFE39D7EE5258A279B93BD13283C9469358BD4715B2CE4859BA6B568AA205E7DA242BA85171C80E116241E0D909ADEC23EE91DFCE7D2FA4A380A772602FBDAD191EAB3D2702801184901B7F8C3B42CF8080533093E3DE3C0BEB3D73A4C2B5B88011F5FFA52CD23254696E8DECC85A7276014192C38FE0264DA409D6C4CFC199E1A066D9810329228D133E149AC2D12ABC72D26822252C9F5EB32E4893E635D5338A9DBC76EA28D81668B2BC4D4EFBE2C774F832C3D124579866E1D62D07585AEEBF8012CAA0B685830B61CE630B6970C59D831CCBD4190B6F13E0BCAA3EA84787945046AF3810997932F63C41A0B977A0A0E820B4E845D3AA8CFC59CCEA3E03E5B47642C6B3BEBEBA2D483F9E09F4F64DE191D140CA37153DB3338B35C9F35503C167020A9139F47A96B51A3CAC662FB5C05FC16850B26976D5EA3F048862F44FC334EF5B88848E0249A77E50FF60BBA3EC2EFC542CD68DD762C1BB986A19074B27E766419BD9C33C5EC7266D84F935B722618D93A1F3AC2C05786757D5D307CA5C0B526BCF9677BF1529450498DDC5B1B68ED0FDAD8AE27CC83A090844E78BDD1A12D770A28883C431F04D17316DB7E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\guard32.dll
c:\windows\system32\msctfime.ime
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1372)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1284)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2014-01-01 18:27:01
ComboFix-quarantined-files.txt 2014-01-01 17:26
.
Před spuštěním: Volných bajtů: 92 261 359 616
Po spuštění: Volných bajtů: 92 354 514 944
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 3FBA1F64050C819583CC4C87A900B1FD
413FC2A0C716421B3158746D63736515
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.959.502 [GMT 1:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\Internet Explorer\SET185.tmp
c:\program files\Internet Explorer\SET186.tmp
c:\program files\Internet Explorer\SET187.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SETB5.tmp
c:\program files\Internet Explorer\SETB6.tmp
c:\program files\Internet Explorer\SETB7.tmp
c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\program files\VisualTool\VisualTool.dat
c:\windows\IsUn0405.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-01 do 2014-01-01 )))))))))))))))))))))))))))))))
.
.
2013-12-31 09:41 . 2013-12-31 09:41 -------- d-----w- c:\windows\system32\wbem\Repository
2013-12-30 20:31 . 2013-12-30 20:31 -------- d-----w- C:\rsit
2013-12-15 11:22 . 2013-12-15 11:22 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2013-12-08 17:06 . 2013-12-08 17:27 -------- d-----w- c:\program files\MyPC Backup
2013-12-08 17:06 . 2013-12-08 17:08 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\CatalinaGroup
2013-12-06 14:40 . 2013-12-06 14:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-31 10:05 . 2013-12-31 10:05 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 82944 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 59280 ----a-w- c:\windows\system32\drivers\VMNetSrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 52480 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 229208 ----a-w- c:\windows\system32\drivers\VMM.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 18688 ----a-w- c:\windows\system32\drivers\wstcodec.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2013-12-31 10:05 . 2013-12-31 10:05 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 73344 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 48512 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 28520 ----a-w- c:\windows\system32\drivers\ssmdrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14976 ----a-w- c:\windows\system32\drivers\streamip.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 10880 ----a-w- c:\windows\system32\drivers\slip.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 66600 ----a-w- c:\windows\system32\drivers\sbhips.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 64256 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 270888 ----a-w- c:\windows\system32\drivers\SbFw.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4547584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 58496 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 68736 ----a-w- c:\windows\system32\drivers\pci.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 39680 ----a-w- c:\windows\system32\drivers\processr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 3328 ----a-w- c:\windows\system32\drivers\pciide.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 120064 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 895744 ----a-w- c:\windows\system32\drivers\nvnrm.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 80000 ----a-w- c:\windows\system32\drivers\parport.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 46592 ----a-w- c:\windows\system32\drivers\p3.sys.bak
2013-12-31 10:05 . 2013-12-31 10:05 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Philips GoGear VIBE Device Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-07-10 13:08 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Miranda IM KP v5.0.9.16\\miranda32.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25.12.2012 13:27 37352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [17.1.2012 21:00 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [19.12.2011 18:59 32640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.2.2012 9:13 242240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [8.12.2008 20:51 270888]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [19.7.2011 1:02 123264]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.12.2012 13:27 440376]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9.5.2010 15:18 650672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9.5.2010 15:18 650672]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [14.6.2013 21:34 4150112]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19.11.2008 19:57 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [8.12.2008 20:51 65576]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.4.2013 14:14 161384]
S3 Motorola-Netmon-Serial;Network Monitor Serial Driver;c:\windows\system32\DRIVERS\Motorola-Netmon-Serial.sys --> c:\windows\system32\DRIVERS\Motorola-Netmon-Serial.sys [?]
S3 X86BDA;OEM Capture;c:\windows\system32\DRIVERS\OEMDrv.sys --> c:\windows\system32\DRIVERS\OEMDrv.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 10:47]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C72C8017-3824-4DED-91CC-0F9167EBDF51}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: !HIDDEN! 2009-09-02 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-08-23 13:10; 50360d95c3507@50360d95c3540.info; c:\documents and settings\a\Data aplikacĂÂ\Mozilla\Firefox\Profiles\71mug241.default\extensions\50360d95c3507@50360d95c3540.info
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLTBSFaG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 4c279fb2000000000000001d7d5eca02
FF - user.js: extensions.incredibar_i.instlDay - 15575
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:14
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLTBSFaG
FF - user.js: extensions.incredibar_i.upn2n - 92261980011567802
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 201%5F5
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-FBrowsingAdvisor_is1 - c:\program files\FBrowsingAdvisor\unins000.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-01 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\prefs.js.BAK 12924 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="0F936686F9882CFAAFF7472324C8F2C077A1F0262F3E662E956D9A910B252007812C9FD772335DF58C71AF2CE122E26B4BDD626DE5C8230CC303849BBA4A482BF6D748DF32CB8362B13BBA9DF6BF2827B6040D20154122FA2B242CCCD601B2B0625F296974BA81B16D0673F48CC37E6204CEE10D70A2948EB4B50663C53CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555D9854830AE7107A29D54C8BECDB62CAF65803CDD539D43F710D693BF091610E7CA802F26A21D4FC3427D09BD1F26D7D52515C796E8AD08AA72EF071F53C47CD49A3003C0E0C2A4CEF0A108F8DBF01661EA79BC8FC1D8411D3021B15CF6986AE77D9B48935147F498D2EA65ABF2EC011CF396F9CFF00959B33C36D0E3C92B2FBFB8103992B015A318A147F873A5742AF7901E90BD5DA8ADF81ABE5107F898151DA71FC01A909A09E6AC69C9D60A671487A481492742270F19E38F597C05815AE4B79C7FE856C7EF4458C6963C8928398328781C3B2D78C1E4C5C040DBBF8BB0A36A24CA1FB89215931A99D0EDE19C82C7A8FEB98E82157F51832C8F2451DD3E8557912BC5C4F62E5B7F601E9CA43052D34553031A777774F6EFF588B637A69DDB2805DB46DDEE604626DCD7DBB8517BCA327890B9189E4313F47F1FD6C094DB1E9BE4CE6DB57FC7A3C1950CA1D672C776B7B5A92EC2907F8611F178308F5E7BE504D92870D62C73661A547BC98D0AF0C1B396CF9C2952B357D43972CF9D3BF170C6D2BFE39D7EE5258A279B93BD13283C9469358BD4715B2CE4859BA6B568AA205E7DA242BA85171C80E116241E0D909ADEC23EE91DFCE7D2FA4A380A772602FBDAD191EAB3D2702801184901B7F8C3B42CF8080533093E3DE3C0BEB3D73A4C2B5B88011F5FFA52CD23254696E8DECC85A7276014192C38FE0264DA409D6C4CFC199E1A066D9810329228D133E149AC2D12ABC72D26822252C9F5EB32E4893E635D5338A9DBC76EA28D81668B2BC4D4EFBE2C774F832C3D124579866E1D62D07585AEEBF8012CAA0B685830B61CE630B6970C59D831CCBD4190B6F13E0BCAA3EA84787945046AF3810997932F63C41A0B977A0A0E820B4E845D3AA8CFC59CCEA3E03E5B47642C6B3BEBEBA2D483F9E09F4F64DE191D140CA37153DB3338B35C9F35503C167020A9139F47A96B51A3CAC662FB5C05FC16850B26976D5EA3F048862F44FC334EF5B88848E0249A77E50FF60BBA3EC2EFC542CD68DD762C1BB986A19074B27E766419BD9C33C5EC7266D84F935B722618D93A1F3AC2C05786757D5D307CA5C0B526BCF9677BF1529450498DDC5B1B68ED0FDAD8AE27CC83A090844E78BDD1A12D770A28883C431F04D17316DB7E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\guard32.dll
c:\windows\system32\msctfime.ime
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1372)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1284)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2014-01-01 18:27:01
ComboFix-quarantined-files.txt 2014-01-01 17:26
.
Před spuštěním: Volných bajtů: 92 261 359 616
Po spuštění: Volných bajtů: 92 354 514 944
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 3FBA1F64050C819583CC4C87A900B1FD
413FC2A0C716421B3158746D63736515
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu počítače
Ještě dočistíme. otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\MyPC Backup
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
Firefox::
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\71mug241.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: !HIDDEN! 2009-09-02 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-08-23 13:10; 50360d95c3507@50360d95c3540.info; c:\documents and settings\a\Data aplikacĂÂ\Mozilla\Firefox\Profiles\71mug241.default\extensions\50360d95c3507@50360d95c3540.info
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLTB ... 26&search=
FF - user.js: extensions.incredibar_i.id - 4c279fb2000000000000001d7d5eca02
FF - user.js: extensions.incredibar_i.instlDay - 15575
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:14
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLTBSFaG
FF - user.js: extensions.incredibar_i.upn2n - 92261980011567802
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 201%5F5
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?