Logfile of random's system information tool 1.06 (written by random/random)
Run by Strongmann at 2010-01-25 18:46:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (5%) free of 20 GB
Total RAM: 2046 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:16, on 25.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Programy\ICQ6.5\ICQ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\programy\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Programy\wcescomm.exe
D:\Programy\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
F:\stahování\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Rudy#77\xulyin.exe \s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programy\wcescomm.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 12392 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoCare.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-790525478-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-790525478-839522115-1003UA.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-15 1230288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30 1019336]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-15 1230288]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"WinampAgent"=D:\programy\Winamp\winampa.exe [2009-04-22 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-01-21 80896]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"H/PC Connection Agent"=D:\Programy\wcescomm.exe [2006-11-13 1289000]
"SpywareTerminatorUpdate"=D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-25 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ENABLE"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe"="D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\rapimgr.exe"="D:\Programy\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Programy\wcescomm.exe"="D:\Programy\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Programy\WCESMgr.exe"="D:\Programy\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\rapimgr.exe"="D:\Programy\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Programy\wcescomm.exe"="D:\Programy\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Programy\WCESMgr.exe"="D:\Programy\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2010-01-25 18:46:12 ----D---- C:\rsit
2010-01-25 18:13:37 ----D---- C:\Program Files\Crawler
2010-01-25 18:13:32 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Spyware Terminator
2010-01-25 18:13:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-17 19:17:49 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-01-17 19:17:48 ----D---- C:\Program Files\Microsoft WSE
2010-01-13 22:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 22:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 20:16:55 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-01-11 20:16:50 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
======List of files/folders modified in the last 1 months======
2010-01-25 18:42:22 ----D---- C:\WINDOWS\system32
2010-01-25 18:42:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-25 18:41:52 ----A---- C:\WINDOWS\wincmd.ini
2010-01-25 18:38:30 ----D---- C:\WINDOWS\Temp
2010-01-25 18:37:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-25 18:36:53 ----RD---- C:\Program Files
2010-01-25 18:17:25 ----D---- C:\WINDOWS
2010-01-25 18:13:35 ----D---- C:\WINDOWS\system32\drivers
2010-01-25 18:06:36 ----D---- C:\WINDOWS\Debug
2010-01-25 17:39:24 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-25 17:36:59 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-01-25 09:43:47 ----SD---- C:\Documents and Settings\Strongmann\Data aplikací\Microsoft
2010-01-25 09:43:35 ----SHD---- C:\WINDOWS\Installer
2010-01-25 09:43:34 ----SHD---- C:\Config.Msi
2010-01-25 09:43:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-24 22:21:49 ----D---- C:\WINDOWS\Prefetch
2010-01-24 19:48:58 ----HD---- C:\WINDOWS\inf
2010-01-24 19:48:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-24 17:35:34 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-01-23 12:11:31 ----HD---- C:\$AVG8.VAULT$
2010-01-22 22:36:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:36:42 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:36:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 17:20:05 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\WinEdt
2010-01-17 19:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-17 19:17:48 ----RSD---- C:\WINDOWS\assembly
2010-01-16 23:05:09 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-14 08:02:53 ----D---- C:\WINDOWS\AppPatch
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 14:52:04 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-28 21:03:25 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S2 acpi32;acpi32; \??\C:\WINDOWS\system32\drivers\acpi32.sys []
S2 systemntmi;systemntmi; \??\C:\WINDOWS\system32\drivers\systemntmi.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a7x70j9n;a7x70j9n; C:\WINDOWS\system32\drivers\a7x70j9n.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-04-30 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-16 214520]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu ... pomaljsi pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
prosim o kontrolu ... pomaljsi pc
Koncentrak
Re: prosim o kontrolu ... pomaljsi pc
Dobré ranko 
Máte málo místa na disku, to může být také příčina, nicméně něco tam stejně vidím
.
odinstalujte Daemon tools toolbar
Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Máte málo místa na disku, to může být také příčina, nicméně něco tam stejně vidím
. odinstalujte Daemon tools toolbar Stahněte TFC a použijteTFC (http://oldtimer.geekstogo.com/TFC.exe)
Z mého podpisu stahněte Ccleaner-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy
udělat zálohu registrů - nemusíte-kliknete opravit všechny problémy
ok zavřítCcleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
ComboFix 10-01-25.06 - Strongmann 26.01.2010 11:17:35.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1588 [GMT 1:00]
Spuštěný z: c:\documents and settings\Strongmann\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Rudy#77\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\MyWebSearch
c:\windows\system32\kr_done1
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NICSK32
-------\Legacy_SYSTEMNTMI
-------\Service_acpi32
-------\Service_systemntmi
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-25 18:02 . 2010-01-25 18:02 -------- d-----w- c:\windows\system32\oodag
2010-01-25 17:46 . 2010-01-25 17:46 -------- d-----w- C:\rsit
2010-01-25 17:13 . 2010-01-25 17:13 -------- d-----w- c:\program files\Crawler
2010-01-25 17:13 . 2010-01-25 17:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-17 18:17 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-17 18:17 . 2010-01-17 18:17 -------- d-----w- c:\program files\Microsoft WSE
2010-01-13 07:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:16 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 10:22 . 2001-10-25 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-01-26 10:22 . 2001-10-25 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-01-26 10:21 . 2009-06-13 21:22 16608 ----a-w- c:\windows\gdrv.sys
2010-01-25 19:49 . 2009-06-14 10:34 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-25 19:49 . 2009-06-14 10:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-17 18:22 . 2009-06-13 21:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 16:34 . 2009-06-28 16:05 22 ----a-w- c:\windows\popcinfot.dat
2010-01-11 19:17 . 2010-01-11 19:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-11 19:17 . 2010-01-11 19:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\DIFX
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-23 14:22 . 2009-11-22 16:18 -------- d-----w- c:\program files\gs
2009-12-21 19:08 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 10:01 . 2009-07-29 18:45 70008 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-03 12:29 . 2009-12-03 12:29 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 11:50 . 2009-06-13 21:54 -------- d-----w- c:\program files\IObit
2009-11-21 16:03 . 2002-09-20 16:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2009-11-21 11:53 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-11-21 11:53 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 22:25 . 2009-11-07 22:25 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-06 19:11 . 2009-06-14 09:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"denicek"="f:\daniel\Daniel\cviceni\můj deníček.XLS" [2010-01-21 80896]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"Google Update"="c:\documents and settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-04 135664]
"SpywareTerminatorUpdate"="d:\programy\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-25 3037696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="d:\programy\Winamp\winampa.exe" [2009-04-22 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="d:\programy\Reader\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OODefragTray"="d:\programy\Defraq\oodtray.exe" [2009-09-11 2524416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 07:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Soldat\\Soldat.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\TMS2003\\Tennis Masters Series 2003.exe"=
"d:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Programy\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Hry\\call of juarez\\CoJBiBGame_x86.exe"=
"d:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Race driver grid\\Grid\\GRID.exe"=
"d:\\Hry\\Pes 2010\\pes2010.exe"=
"d:\\Hry\\Call of Duty Modern Warfare 2\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Programy\\Opera10beta\\opera.exe"=
"d:\programy\rapimgr.exe"= d:\programy\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programy\wcescomm.exe"= d:\programy\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\programy\WCESMgr.exe"= d:\programy\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Programy\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.6.2009 10:34 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.6.2009 22:46 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.6.2009 22:46 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.1.2010 18:13 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13.6.2009 22:46 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.6.2009 22:46 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [13.6.2009 22:22 68136]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [13.6.2009 22:48 7888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.12.2009 23:54 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.12.2009 23:54 8320]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-25 c:\windows\Tasks\AWC AutoCare.job
- c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe [2009-09-01 13:11]
2010-01-26 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-01 13:35]
2009-12-20 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-02 12:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.iobit.com/advancedwindowscareper.html?Str=download
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {3CB6E056-FAF0-42A7-B7CE-C028C9B680E1} = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\Strongmann\Data aplikací\Mozilla\Firefox\Profiles\8c69713x.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=
FF - prefs.js: network.proxy.type - 2
FF - component: d:\programy\pc suit\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: d:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programy\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programy\Firefox\plugins\NPMyWebS.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\NPOFF12.DLL
FF - plugin: d:\programy\Opera9.6\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin2.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin3.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin4.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin5.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin6.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin7.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Reader\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKU-Default-Run-s32bg - c:\documents and settings\Rudy#77\s32bg.exe.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 11:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcr.sys >>UNKNOWN [0x89E03938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21
SendHandler -> NDIS.sys @ 0xb7cfd87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1547161642-790525478-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,59,71,98,26,84,a0,d1,83,8f,af,ba,01,fa,b3,c6,8f,bf,1c,ba,51,b2,70,
3a,14,04,4c,96,e9,a7,76,bb,85,f7,18,2f,db,e0,21,ae,13,86,4e,d5,ac,7f,64,78,\
"??"=hex:18,68,64,58,b2,32,7c,ed,9d,b5,62,2e,44,c3,71,96
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"g:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="EAA800C2F80881ADF5AF957F34BDF7114DA3C3EEB59112A58C8684197BC7C722289E9413F02A1C730D19948C3AA7A790142F8476CA91F3663F707FB450DDACD74E8656DE697B193F179A7014AD4067114241835D87D7CC803F7815205E4E6CBD9D3AD22209A69CBEAA12B0191C006A9AE156654F01CB7972AA5FA6D25C15B4EC6D59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452DD2668A792F166BA2DAC8AFD494A5B00055C2806C8C1D61EE555191AEB0CF87852F40ED1E71257619983FD4203680FE26B7EDD5C87DEA6A3B9E3A7CD16933A51F01833FABFA5011C7BD8DF82F1E818CE92BD8DD33537A963E7CB60D73A41D6B5981961A83005FC456DFBDE527A3D44FB75D22A3025F3029368CF9E4C3698648259E1775E482BF775BCA2FD4A767875E6BD5BFC3A1C63E53460968CC6DCBE8ED278C2A6290538308D6D631405B255A04FCAD822BFD4782184AEA92CE27680140CF1EDF3165CF1FCAF35BC4A236FAF4F38323007117C47900A627852C33DCBC9D0707C3A38B53D44C37E0EA2C863081DEB39ACF182360AA60EC055A78EDFB2958ED6E8A7A6EC280373671C6C9B36843E765DF8F9EC97A06A9E42F528EC01ED73713B92BC7CD2614AAFC38E504905EC75264B28892D2A0A758B9374A58D3957726B653D4FD6AABD3CAA99F04800602F9D116930E1226DEEF6EA14514420926E36B355100A592C3414DBA336A4F34F5B228DCE6816B3D1972F945AEB7DDB0D55F5C4B916E9AA05E19B7ECFB106DD49A686B9C4100FC7BDF1F5A72D8D1E799A537B5B7ABE427552853491C01C64773CE95E744D4787CC0B8FB503895F46B72253A7FAAF5E37672C045258CC900B010822D3629B948EB188A76CCDA0EE6A56FEE3EE69272BC1B49664FD597F10183F8270246B95E009ECF7132CF056AF541D0138D42FE2C1329390D2D3E0167F7EF8F319A03B58F92F7510D09A9843782054E928F79D9821A9BD089F037C05A704799A05AE43B28F0C49798174B5B4823F4B722D07C3B12C1C73E23E5001EFB3C49126C24636A8397FE7D26B057FA8EC76D04366C37AC92BD475F6469484B3352F143C01F50DF16FBCD6ADF930EB57B9DCBCFC97865935C7718B13743CE35E9E06D7F696DE83F88F4D1F11B8EABBA64FE1E833263B3FF814E3007429473BB14B60BA617AB69A5D5C0B4C765AC1ED3478C3B1EA1F60504C80F02251E5C8EFA474A79AFD4BC596F378A6704BB5D0C6CF631879A03008F01FE633C4CFD4E929E1BD1DDB414969FDC36F241EF243CBD1FDA24926432B5CCA1202993D0DC167D0C829D06514D7939E882DD9EFC2A2785BF82D92A03689964D7BF06266999A91976AA02B24D382"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\programy\Defraq\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
d:\programy\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
d:\programy\wcescomm.exe
d:\programy\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-26 11:24:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-26 10:24
Před spuštěním: 860 332 032
Po spuštění: 1 232 261 120
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 4386AFFAD3881AFA7F775DED4CE3BB0C
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1588 [GMT 1:00]
Spuštěný z: c:\documents and settings\Strongmann\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Rudy#77\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\MyWebSearch
c:\windows\system32\kr_done1
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NICSK32
-------\Legacy_SYSTEMNTMI
-------\Service_acpi32
-------\Service_systemntmi
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-25 18:02 . 2010-01-25 18:02 -------- d-----w- c:\windows\system32\oodag
2010-01-25 17:46 . 2010-01-25 17:46 -------- d-----w- C:\rsit
2010-01-25 17:13 . 2010-01-25 17:13 -------- d-----w- c:\program files\Crawler
2010-01-25 17:13 . 2010-01-25 17:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-17 18:17 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-17 18:17 . 2010-01-17 18:17 -------- d-----w- c:\program files\Microsoft WSE
2010-01-13 07:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:16 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 10:22 . 2001-10-25 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-01-26 10:22 . 2001-10-25 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-01-26 10:21 . 2009-06-13 21:22 16608 ----a-w- c:\windows\gdrv.sys
2010-01-25 19:49 . 2009-06-14 10:34 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-25 19:49 . 2009-06-14 10:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-17 18:22 . 2009-06-13 21:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 16:34 . 2009-06-28 16:05 22 ----a-w- c:\windows\popcinfot.dat
2010-01-11 19:17 . 2010-01-11 19:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-11 19:17 . 2010-01-11 19:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\DIFX
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-24 22:54 . 2009-12-24 22:54 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-23 14:22 . 2009-11-22 16:18 -------- d-----w- c:\program files\gs
2009-12-21 19:08 . 2002-09-20 16:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 10:01 . 2009-07-29 18:45 70008 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-03 12:29 . 2009-12-03 12:29 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 11:50 . 2009-06-13 21:54 -------- d-----w- c:\program files\IObit
2009-11-21 16:03 . 2002-09-20 16:03 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2009-11-21 11:53 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-11-21 11:53 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 22:25 . 2009-11-07 22:25 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-06 19:11 . 2009-06-14 09:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"denicek"="f:\daniel\Daniel\cviceni\můj deníček.XLS" [2010-01-21 80896]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"Google Update"="c:\documents and settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-04 135664]
"SpywareTerminatorUpdate"="d:\programy\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-25 3037696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="d:\programy\Winamp\winampa.exe" [2009-04-22 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="d:\programy\Reader\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OODefragTray"="d:\programy\Defraq\oodtray.exe" [2009-09-11 2524416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 07:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Soldat\\Soldat.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\TMS2003\\Tennis Masters Series 2003.exe"=
"d:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Programy\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Hry\\call of juarez\\CoJBiBGame_x86.exe"=
"d:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Race driver grid\\Grid\\GRID.exe"=
"d:\\Hry\\Pes 2010\\pes2010.exe"=
"d:\\Hry\\Call of Duty Modern Warfare 2\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Programy\\Opera10beta\\opera.exe"=
"d:\programy\rapimgr.exe"= d:\programy\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programy\wcescomm.exe"= d:\programy\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\programy\WCESMgr.exe"= d:\programy\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Programy\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.6.2009 10:34 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.6.2009 22:46 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.6.2009 22:46 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.1.2010 18:13 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13.6.2009 22:46 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.6.2009 22:46 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [13.6.2009 22:22 68136]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [13.6.2009 22:48 7888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24.12.2009 23:54 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24.12.2009 23:54 8320]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-25 c:\windows\Tasks\AWC AutoCare.job
- c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe [2009-09-01 13:11]
2010-01-26 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-01 13:35]
2009-12-20 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-02 12:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.iobit.com/advancedwindowscareper.html?Str=download
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {3CB6E056-FAF0-42A7-B7CE-C028C9B680E1} = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\Strongmann\Data aplikací\Mozilla\Firefox\Profiles\8c69713x.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=
FF - prefs.js: network.proxy.type - 2
FF - component: d:\programy\pc suit\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: d:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programy\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programy\Firefox\plugins\NPMyWebS.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\NPOFF12.DLL
FF - plugin: d:\programy\Opera9.6\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin2.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin3.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin4.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin5.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin6.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npqtplugin7.dll
FF - plugin: d:\programy\Opera9.6\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Reader\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
d:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKU-Default-Run-s32bg - c:\documents and settings\Rudy#77\s32bg.exe.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 11:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcr.sys >>UNKNOWN [0x89E03938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21
SendHandler -> NDIS.sys @ 0xb7cfd87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1547161642-790525478-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,59,71,98,26,84,a0,d1,83,8f,af,ba,01,fa,b3,c6,8f,bf,1c,ba,51,b2,70,
3a,14,04,4c,96,e9,a7,76,bb,85,f7,18,2f,db,e0,21,ae,13,86,4e,d5,ac,7f,64,78,\
"??"=hex:18,68,64,58,b2,32,7c,ed,9d,b5,62,2e,44,c3,71,96
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"g:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="EAA800C2F80881ADF5AF957F34BDF7114DA3C3EEB59112A58C8684197BC7C722289E9413F02A1C730D19948C3AA7A790142F8476CA91F3663F707FB450DDACD74E8656DE697B193F179A7014AD4067114241835D87D7CC803F7815205E4E6CBD9D3AD22209A69CBEAA12B0191C006A9AE156654F01CB7972AA5FA6D25C15B4EC6D59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452DD2668A792F166BA2DAC8AFD494A5B00055C2806C8C1D61EE555191AEB0CF87852F40ED1E71257619983FD4203680FE26B7EDD5C87DEA6A3B9E3A7CD16933A51F01833FABFA5011C7BD8DF82F1E818CE92BD8DD33537A963E7CB60D73A41D6B5981961A83005FC456DFBDE527A3D44FB75D22A3025F3029368CF9E4C3698648259E1775E482BF775BCA2FD4A767875E6BD5BFC3A1C63E53460968CC6DCBE8ED278C2A6290538308D6D631405B255A04FCAD822BFD4782184AEA92CE27680140CF1EDF3165CF1FCAF35BC4A236FAF4F38323007117C47900A627852C33DCBC9D0707C3A38B53D44C37E0EA2C863081DEB39ACF182360AA60EC055A78EDFB2958ED6E8A7A6EC280373671C6C9B36843E765DF8F9EC97A06A9E42F528EC01ED73713B92BC7CD2614AAFC38E504905EC75264B28892D2A0A758B9374A58D3957726B653D4FD6AABD3CAA99F04800602F9D116930E1226DEEF6EA14514420926E36B355100A592C3414DBA336A4F34F5B228DCE6816B3D1972F945AEB7DDB0D55F5C4B916E9AA05E19B7ECFB106DD49A686B9C4100FC7BDF1F5A72D8D1E799A537B5B7ABE427552853491C01C64773CE95E744D4787CC0B8FB503895F46B72253A7FAAF5E37672C045258CC900B010822D3629B948EB188A76CCDA0EE6A56FEE3EE69272BC1B49664FD597F10183F8270246B95E009ECF7132CF056AF541D0138D42FE2C1329390D2D3E0167F7EF8F319A03B58F92F7510D09A9843782054E928F79D9821A9BD089F037C05A704799A05AE43B28F0C49798174B5B4823F4B722D07C3B12C1C73E23E5001EFB3C49126C24636A8397FE7D26B057FA8EC76D04366C37AC92BD475F6469484B3352F143C01F50DF16FBCD6ADF930EB57B9DCBCFC97865935C7718B13743CE35E9E06D7F696DE83F88F4D1F11B8EABBA64FE1E833263B3FF814E3007429473BB14B60BA617AB69A5D5C0B4C765AC1ED3478C3B1EA1F60504C80F02251E5C8EFA474A79AFD4BC596F378A6704BB5D0C6CF631879A03008F01FE633C4CFD4E929E1BD1DDB414969FDC36F241EF243CBD1FDA24926432B5CCA1202993D0DC167D0C829D06514D7939E882DD9EFC2A2785BF82D92A03689964D7BF06266999A91976AA02B24D382"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\programy\Defraq\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
d:\programy\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
d:\programy\wcescomm.exe
d:\programy\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-26 11:24:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-26 10:24
Před spuštěním: 860 332 032
Po spuštění: 1 232 261 120
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 4386AFFAD3881AFA7F775DED4CE3BB0C
Koncentrak
Re: prosim o kontrolu ... pomaljsi pc
Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory Dejte soubor otestovat na http://www.virustotal.comC:\Documents and Settings\Rudy#77\xulyin.exe
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
stáhněte MBR http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -tNepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
Ahoj
1. otestování souboru nejde jelikož už se adresáři nenachází
2. hotovo
3. při spuštění mbr okno jenom rychle problikne (přesto se však nějáký texťák na ploše vytvořil):
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
1. otestování souboru nejde jelikož už se adresáři nenachází
2. hotovo
3. při spuštění mbr okno jenom rychle problikne (přesto se však nějáký texťák na ploše vytvořil):
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Koncentrak
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqj.sys >>UNKNOWN [0x89E03938]<<
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqj.sys >>UNKNOWN [0x89E03938]<<
kernel: MBR read successfully
user & kernel MBR OK
Koncentrak
Re: prosim o kontrolu ... pomaljsi pc
Poprosím o nový log ze Rsitu Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
Logfile of random's system information tool 1.06 (written by random/random)
Run by Strongmann at 2010-01-26 18:02:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (13%) free of 20 GB
Total RAM: 2046 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:18, on 26.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programy\Defraq\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy\Reader\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Plocha\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Programy\Defraq\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 10378 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-01-21 80896]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe"="D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-26 13:19:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-26 11:59:35 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-26 11:32:24 ----SHD---- C:\RECYCLER
2010-01-26 11:24:33 ----A---- C:\ComboFix.txt
2010-01-26 11:16:31 ----A---- C:\Boot.bak
2010-01-26 11:16:27 ----RASHD---- C:\cmdcons
2010-01-26 11:15:26 ----A---- C:\WINDOWS\zip.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\SWSC.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\SWREG.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\sed.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\PEV.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\MBR.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\grep.exe
2010-01-26 11:15:16 ----D---- C:\WINDOWS\ERDNT
2010-01-26 11:10:03 ----D---- C:\Qoobox
2010-01-25 19:02:48 ----D---- C:\WINDOWS\system32\oodag
2010-01-25 18:46:12 ----D---- C:\rsit
2010-01-25 18:13:32 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Spyware Terminator
2010-01-25 18:13:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-17 19:17:49 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-01-17 19:17:48 ----D---- C:\Program Files\Microsoft WSE
2010-01-13 22:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 22:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 20:16:55 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-01-11 20:16:50 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
======List of files/folders modified in the last 1 months======
2010-01-26 17:59:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 17:59:00 ----D---- C:\WINDOWS\Temp
2010-01-26 17:57:28 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 15:19:22 ----D---- C:\WINDOWS\system32
2010-01-26 15:19:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-26 15:14:12 ----A---- C:\WINDOWS\wincmd.ini
2010-01-26 13:47:44 ----D---- C:\WINDOWS
2010-01-26 13:47:44 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-26 13:21:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 13:19:17 ----RD---- C:\Program Files
2010-01-26 12:48:04 ----SD---- C:\WINDOWS\Tasks
2010-01-26 12:04:09 ----D---- C:\WINDOWS\WinSxS
2010-01-26 12:03:44 ----D---- C:\WINDOWS\Help
2010-01-26 12:03:44 ----D---- C:\Config.Msi
2010-01-26 12:03:43 ----SHD---- C:\WINDOWS\Installer
2010-01-26 12:02:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-26 12:02:13 ----D---- C:\Program Files\Common Files\Apple
2010-01-26 12:01:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-26 11:59:02 ----HD---- C:\WINDOWS\inf
2010-01-26 11:36:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-01-26 11:36:49 ----D---- C:\Program Files\Common Files
2010-01-26 11:22:18 ----D---- C:\WINDOWS\Prefetch
2010-01-26 11:21:50 ----A---- C:\WINDOWS\system.ini
2010-01-26 11:20:11 ----D---- C:\WINDOWS\system32\config
2010-01-26 11:19:03 ----D---- C:\WINDOWS\AppPatch
2010-01-26 11:16:31 ----RASH---- C:\boot.ini
2010-01-25 20:49:46 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-25 18:39:55 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-01-25 18:06:36 ----D---- C:\WINDOWS\Debug
2010-01-25 09:43:47 ----SD---- C:\Documents and Settings\Strongmann\Data aplikací\Microsoft
2010-01-25 09:43:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-24 17:35:34 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-01-23 12:11:31 ----D---- C:\$AVG8.VAULT$
2010-01-22 22:36:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:36:42 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:36:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 17:20:05 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\WinEdt
2010-01-17 19:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-17 19:17:48 ----RSD---- C:\WINDOWS\assembly
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 14:52:04 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-28 21:03:25 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-04-30 168004]
R2 O&O Defrag;O&O Defrag; D:\Programy\Defraq\oodag.exe [2009-09-12 1488128]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-25 214520]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3640
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.1.2010 19:04:12
mbam-log-2010-01-26 (19-04-07).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|F:\|)
Zkontrolované objekty: 403752
Uplynulý čas: 55 minute(s), 42 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 38
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 31
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114744.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114745.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114746.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114747.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114748.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114749.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114750.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114751.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114752.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114753.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114754.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114755.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114758.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114760.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114761.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114762.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114763.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114764.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114765.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114766.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114768.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114769.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114771.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114772.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114780.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114781.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114783.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114784.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP429\A0115032.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP429\A0115215.sys (Malware.Trace) -> No action taken.
D:\Programy\Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
Run by Strongmann at 2010-01-26 18:02:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (13%) free of 20 GB
Total RAM: 2046 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:18, on 26.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programy\Defraq\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Programy\Reader\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Plocha\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Programy\Defraq\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 10378 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-01-21 80896]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe"="D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-26 13:19:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-26 11:59:35 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-26 11:32:24 ----SHD---- C:\RECYCLER
2010-01-26 11:24:33 ----A---- C:\ComboFix.txt
2010-01-26 11:16:31 ----A---- C:\Boot.bak
2010-01-26 11:16:27 ----RASHD---- C:\cmdcons
2010-01-26 11:15:26 ----A---- C:\WINDOWS\zip.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\SWSC.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\SWREG.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\sed.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\PEV.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\MBR.exe
2010-01-26 11:15:26 ----A---- C:\WINDOWS\grep.exe
2010-01-26 11:15:16 ----D---- C:\WINDOWS\ERDNT
2010-01-26 11:10:03 ----D---- C:\Qoobox
2010-01-25 19:02:48 ----D---- C:\WINDOWS\system32\oodag
2010-01-25 18:46:12 ----D---- C:\rsit
2010-01-25 18:13:32 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Spyware Terminator
2010-01-25 18:13:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-17 19:17:49 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-01-17 19:17:48 ----D---- C:\Program Files\Microsoft WSE
2010-01-13 22:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 22:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 20:16:55 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-01-11 20:16:50 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
======List of files/folders modified in the last 1 months======
2010-01-26 17:59:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 17:59:00 ----D---- C:\WINDOWS\Temp
2010-01-26 17:57:28 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 15:19:22 ----D---- C:\WINDOWS\system32
2010-01-26 15:19:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-26 15:14:12 ----A---- C:\WINDOWS\wincmd.ini
2010-01-26 13:47:44 ----D---- C:\WINDOWS
2010-01-26 13:47:44 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-26 13:21:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 13:19:17 ----RD---- C:\Program Files
2010-01-26 12:48:04 ----SD---- C:\WINDOWS\Tasks
2010-01-26 12:04:09 ----D---- C:\WINDOWS\WinSxS
2010-01-26 12:03:44 ----D---- C:\WINDOWS\Help
2010-01-26 12:03:44 ----D---- C:\Config.Msi
2010-01-26 12:03:43 ----SHD---- C:\WINDOWS\Installer
2010-01-26 12:02:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-26 12:02:13 ----D---- C:\Program Files\Common Files\Apple
2010-01-26 12:01:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-26 11:59:02 ----HD---- C:\WINDOWS\inf
2010-01-26 11:36:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-01-26 11:36:49 ----D---- C:\Program Files\Common Files
2010-01-26 11:22:18 ----D---- C:\WINDOWS\Prefetch
2010-01-26 11:21:50 ----A---- C:\WINDOWS\system.ini
2010-01-26 11:20:11 ----D---- C:\WINDOWS\system32\config
2010-01-26 11:19:03 ----D---- C:\WINDOWS\AppPatch
2010-01-26 11:16:31 ----RASH---- C:\boot.ini
2010-01-25 20:49:46 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-25 18:39:55 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-01-25 18:06:36 ----D---- C:\WINDOWS\Debug
2010-01-25 09:43:47 ----SD---- C:\Documents and Settings\Strongmann\Data aplikací\Microsoft
2010-01-25 09:43:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-24 17:35:34 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-01-23 12:11:31 ----D---- C:\$AVG8.VAULT$
2010-01-22 22:36:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:36:42 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:36:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 17:20:05 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\WinEdt
2010-01-17 19:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-17 19:17:48 ----RSD---- C:\WINDOWS\assembly
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 14:52:04 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-28 21:03:25 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-04-30 168004]
R2 O&O Defrag;O&O Defrag; D:\Programy\Defraq\oodag.exe [2009-09-12 1488128]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-25 214520]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3640
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.1.2010 19:04:12
mbam-log-2010-01-26 (19-04-07).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|F:\|)
Zkontrolované objekty: 403752
Uplynulý čas: 55 minute(s), 42 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 38
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 31
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114744.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114745.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114746.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114747.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114748.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114749.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114750.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114751.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114752.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114753.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114754.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114755.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114758.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114760.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114761.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114762.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114763.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114764.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114765.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114766.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114768.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114769.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114771.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114772.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114780.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114781.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114783.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP426\A0114784.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP429\A0115032.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{0A2D5EC0-BF23-4DC3-914C-F0D9B5832BAE}\RP429\A0115215.sys (Malware.Trace) -> No action taken.
D:\Programy\Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
Koncentrak
Re: prosim o kontrolu ... pomaljsi pc
Co našel mbam, smažte. Jak to ted vypadá s počítačem?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
Odinstalujte combofix přesStart >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stahněte TFC a použijteTFC (http://oldtimer.geekstogo.com/TFC.exe)
Stáhněte Ccleaner,viz můj podpis-nainstalujte a vyčištěte dočasné soubory, i registry
Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
Logfile of random's system information tool 1.06 (written by random/random)
Run by Strongmann at 2010-01-27 12:06:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (30%) free of 20 GB
Total RAM: 2046 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:35, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Strongmann\Plocha\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Programy\Defraq\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 9501 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-01-21 80896]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe"="D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-27 12:06:29 ----D---- C:\rsit
2010-01-26 18:05:37 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Malwarebytes
2010-01-26 18:05:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-26 13:19:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-26 11:59:35 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-26 11:32:24 ----SHD---- C:\RECYCLER
2010-01-26 11:16:31 ----A---- C:\Boot.bak
2010-01-26 11:16:27 ----RASHD---- C:\cmdcons
2010-01-25 19:02:48 ----D---- C:\WINDOWS\system32\oodag
2010-01-25 18:13:32 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Spyware Terminator
2010-01-25 18:13:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-17 19:17:49 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-01-17 19:17:48 ----D---- C:\Program Files\Microsoft WSE
2010-01-13 22:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 22:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 20:16:55 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-01-11 20:16:50 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
======List of files/folders modified in the last 1 months======
2010-01-27 12:06:09 ----D---- C:\WINDOWS
2010-01-27 12:04:55 ----D---- C:\WINDOWS\Temp
2010-01-27 12:04:49 ----D---- C:\WINDOWS\system32
2010-01-27 12:04:07 ----D---- C:\WINDOWS\Prefetch
2010-01-27 12:03:58 ----D---- C:\WINDOWS\system32\Restore
2010-01-27 12:02:45 ----A---- C:\WINDOWS\wincmd.ini
2010-01-27 11:25:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-26 22:58:24 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 22:40:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 22:38:59 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-26 21:29:55 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 21:29:55 ----D---- C:\WINDOWS\srchasst
2010-01-26 15:23:56 ----D---- C:\$AVG8.VAULT$
2010-01-26 13:19:17 ----RD---- C:\Program Files
2010-01-26 12:48:04 ----SD---- C:\WINDOWS\Tasks
2010-01-26 12:04:09 ----D---- C:\WINDOWS\WinSxS
2010-01-26 12:03:44 ----D---- C:\WINDOWS\Help
2010-01-26 12:03:44 ----D---- C:\Config.Msi
2010-01-26 12:03:43 ----SHD---- C:\WINDOWS\Installer
2010-01-26 12:02:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-26 12:02:13 ----D---- C:\Program Files\Common Files\Apple
2010-01-26 12:01:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-26 11:59:02 ----HD---- C:\WINDOWS\inf
2010-01-26 11:36:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-01-26 11:36:49 ----D---- C:\Program Files\Common Files
2010-01-26 11:21:50 ----A---- C:\WINDOWS\system.ini
2010-01-26 11:20:11 ----D---- C:\WINDOWS\system32\config
2010-01-26 11:19:03 ----D---- C:\WINDOWS\AppPatch
2010-01-26 11:16:31 ----RASH---- C:\boot.ini
2010-01-25 20:49:46 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-25 18:39:55 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-01-25 18:06:36 ----D---- C:\WINDOWS\Debug
2010-01-25 09:43:47 ----SD---- C:\Documents and Settings\Strongmann\Data aplikací\Microsoft
2010-01-25 09:43:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-24 17:35:34 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-01-22 22:36:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:36:42 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:36:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 17:20:05 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\WinEdt
2010-01-17 19:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-17 19:17:48 ----RSD---- C:\WINDOWS\assembly
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 14:52:04 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-28 21:03:25 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-04-30 168004]
S2 O&O Defrag;O&O Defrag; D:\Programy\Defraq\oodag.exe [2009-09-12 1488128]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-25 214520]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Strongmann at 2010-01-27 12:06:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (30%) free of 20 GB
Total RAM: 2046 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:35, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Strongmann\Plocha\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Programy\Defraq\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 9501 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-01-21 80896]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe"="D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-27 12:06:29 ----D---- C:\rsit
2010-01-26 18:05:37 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Malwarebytes
2010-01-26 18:05:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-26 13:19:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-26 11:59:35 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-26 11:32:24 ----SHD---- C:\RECYCLER
2010-01-26 11:16:31 ----A---- C:\Boot.bak
2010-01-26 11:16:27 ----RASHD---- C:\cmdcons
2010-01-25 19:02:48 ----D---- C:\WINDOWS\system32\oodag
2010-01-25 18:13:32 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Spyware Terminator
2010-01-25 18:13:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-17 19:17:49 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-01-17 19:17:48 ----D---- C:\Program Files\Microsoft WSE
2010-01-13 22:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 22:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 20:16:55 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-01-11 20:16:50 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
======List of files/folders modified in the last 1 months======
2010-01-27 12:06:09 ----D---- C:\WINDOWS
2010-01-27 12:04:55 ----D---- C:\WINDOWS\Temp
2010-01-27 12:04:49 ----D---- C:\WINDOWS\system32
2010-01-27 12:04:07 ----D---- C:\WINDOWS\Prefetch
2010-01-27 12:03:58 ----D---- C:\WINDOWS\system32\Restore
2010-01-27 12:02:45 ----A---- C:\WINDOWS\wincmd.ini
2010-01-27 11:25:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-26 22:58:24 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 22:40:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 22:38:59 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-01-26 21:29:55 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 21:29:55 ----D---- C:\WINDOWS\srchasst
2010-01-26 15:23:56 ----D---- C:\$AVG8.VAULT$
2010-01-26 13:19:17 ----RD---- C:\Program Files
2010-01-26 12:48:04 ----SD---- C:\WINDOWS\Tasks
2010-01-26 12:04:09 ----D---- C:\WINDOWS\WinSxS
2010-01-26 12:03:44 ----D---- C:\WINDOWS\Help
2010-01-26 12:03:44 ----D---- C:\Config.Msi
2010-01-26 12:03:43 ----SHD---- C:\WINDOWS\Installer
2010-01-26 12:02:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-26 12:02:13 ----D---- C:\Program Files\Common Files\Apple
2010-01-26 12:01:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-26 11:59:02 ----HD---- C:\WINDOWS\inf
2010-01-26 11:36:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-01-26 11:36:49 ----D---- C:\Program Files\Common Files
2010-01-26 11:21:50 ----A---- C:\WINDOWS\system.ini
2010-01-26 11:20:11 ----D---- C:\WINDOWS\system32\config
2010-01-26 11:19:03 ----D---- C:\WINDOWS\AppPatch
2010-01-26 11:16:31 ----RASH---- C:\boot.ini
2010-01-25 20:49:46 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-25 18:39:55 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-01-25 18:06:36 ----D---- C:\WINDOWS\Debug
2010-01-25 09:43:47 ----SD---- C:\Documents and Settings\Strongmann\Data aplikací\Microsoft
2010-01-25 09:43:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-24 17:35:34 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-01-22 22:36:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:36:42 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:36:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 17:20:05 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\WinEdt
2010-01-17 19:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-17 19:17:48 ----RSD---- C:\WINDOWS\assembly
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 14:52:04 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-28 21:03:25 ----D---- C:\WINDOWS\system32\DirectX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-04-30 168004]
S2 O&O Defrag;O&O Defrag; D:\Programy\Defraq\oodag.exe [2009-09-12 1488128]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-25 214520]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Koncentrak
Re: prosim o kontrolu ... pomaljsi pc
spusťte přejmenované HJT D:\Programy\hijackthis\Strongmann.exe -Klikněte na "Do a system scan only"
-u řádku
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Dejte fajfku do čtverečku a zmáčkněte Fix checked
-restartujte pc
odinstalujte přes CCleaner - nástroje - Daemon tools toolbar, -složku C:\Program Files\DAEMON Tools Toolbar smažte.
doporučuji odinstalovat"C:\Program Files\IObit\Advanced SystemCare
jak to vypadá s počítačem?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
koncentrak
- Návštěvník
- Příspěvky: 26
- Registrován: 12 dub 2007 15:14
Re: prosim o kontrolu ... pomaljsi pc
hotovo, počitač se zdá být nyní naprosto v pořádku...
Koncentrak
Re: prosim o kontrolu ... pomaljsi pc
Pokud nejsou problémy, je to vše
Kdyby se pacient rozstonal
, ozvěte se
Kdyby se pacient rozstonal
, ozvěte se Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?