Prosím o preventivku, trochu pomalejší systém.
Logfile of random's system information tool 1.07 (written by random/random)
Run by ADMIN1 at 2010-06-08 20:29:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (40%) free of 38 GB
Total RAM: 478 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:17, on 8.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\ADMIN1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASTFYP - Unknown owner - C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\ASTFYP.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VFCIEVIZ - Unknown owner - C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\VFCIEVIZ.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 8080 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-25 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2009-12-22 3216664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Player\hqtray.exe [2008-03-03 55856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
C:\PROGRA~1\SMC\SMC802~1.11B\WLANMO~1.EXE [2003-04-24 462848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-08-27 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"HideClock"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======File associations======
.js - edit -
.js - open -
.txt - open -
======List of files/folders created in the last 1 months======
2010-06-08 20:29:33 ----D---- C:\Program Files\trend micro
2010-06-08 20:29:25 ----D---- C:\rsit
2010-06-06 16:27:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-05-30 14:27:30 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\Digital Red
2010-05-30 13:44:48 ----D---- C:\Program Files\Digital Red
2010-05-30 13:33:18 ----D---- C:\Program Files\DAEMON Tools Lite
2010-05-30 13:32:42 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\DAEMON Tools Lite
2010-05-30 13:32:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
======List of files/folders modified in the last 1 months======
2010-06-08 20:29:33 ----RD---- C:\Program Files
2010-06-08 20:29:20 ----D---- C:\WINDOWS\Prefetch
2010-06-08 19:12:24 ----D---- C:\WINDOWS\Temp
2010-06-08 19:12:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 19:12:12 ----D---- C:\WINDOWS
2010-06-08 19:11:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-06-06 17:35:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-06 17:32:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-06 16:27:17 ----SHD---- C:\WINDOWS\Installer
2010-06-06 16:27:17 ----HD---- C:\Config.Msi
2010-06-06 16:27:11 ----D---- C:\Program Files\Common Files
2010-05-30 13:33:39 ----D---- C:\WINDOWS\system32\drivers
2010-05-29 22:44:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-28 292864]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-28 276480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W); C:\WINDOWS\system32\DRIVERS\fvnetd51.sys [2002-12-11 91392]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2009-12-15 268912]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 amk24k3y;amk24k3y; C:\WINDOWS\system32\drivers\amk24k3y.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-25 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-25 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-25 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2009-11-18 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 167424]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-11-10 95568]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ASTFYP;ASTFYP; C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\ASTFYP.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-18 98304]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-09-03 355584]
S3 VFCIEVIZ;VFCIEVIZ; C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\VFCIEVIZ.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventivku
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
zdravím 
stáhněte a uložte nejlépe na plochu ComboFix
spusťte aplikaci pod účtem s administrátorským oprávněním
po startu se zobrazí obrazovka s licenčními podmínkami, klikněte na tlačítko Ano:
může dojít k varování ohledně rezidentního štítu Vašeho antiviru a upozornění na nenainstalovanou konzoli pro zotavení; zatím jí neinstalujte
sken trvá cca 10 minut (může trvat i déle, podle množství souborů a rychlosti pc); během skenu nespouštějte žádné aplikace
během skenování může být Vaše pc restartováno, proto nepropadejte panice
upozornění: pokud používate antispyware s rezidentním štítem, deaktivujte jeho rezidentní štít, protože dochází při skenu a výmazu případného malware k nežádoucím kolizím Combofixu s rezidentem antispyware
po restartování vytvoří aplikace log, uložený na C:/Combofix.txt jeho obsah vložte sem
stáhněte a uložte nejlépe na plochu ComboFix
spusťte aplikaci pod účtem s administrátorským oprávněním
po startu se zobrazí obrazovka s licenčními podmínkami, klikněte na tlačítko Ano:
může dojít k varování ohledně rezidentního štítu Vašeho antiviru a upozornění na nenainstalovanou konzoli pro zotavení; zatím jí neinstalujte
sken trvá cca 10 minut (může trvat i déle, podle množství souborů a rychlosti pc); během skenu nespouštějte žádné aplikace
během skenování může být Vaše pc restartováno, proto nepropadejte panice
upozornění: pokud používate antispyware s rezidentním štítem, deaktivujte jeho rezidentní štít, protože dochází při skenu a výmazu případného malware k nežádoucím kolizím Combofixu s rezidentem antispyware
po restartování vytvoří aplikace log, uložený na C:/Combofix.txt jeho obsah vložte sem
Re: Prosím o preventivku
ComboFix 10-06-08.02 - ADMIN1 08.06.2010 22:49:55.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.478.136 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN1\Dokumenty\Stažené soubory\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-06-08 18:57 . 2010-06-08 19:01 5937990 ----a-w- c:\windows\REGBK00.ZIP
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\VDLL.DLL
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\system32\runouce.exe
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\logo_1.exe
2010-06-08 18:42 . 2010-06-08 18:42 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-06-08 18:42 . 2010-06-08 18:42 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-06-08 18:42 . 2010-06-08 18:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-06-08 18:41 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-06-08 18:41 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-06-08 18:41 . 2010-06-08 18:41 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- c:\program files\trend micro
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- C:\rsit
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-30 11:44 . 2010-05-30 11:44 -------- d-----w- c:\program files\Digital Red
2010-05-30 11:33 . 2010-05-30 11:33 -------- d-----w- c:\program files\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 15:32 . 2010-04-13 09:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-30 11:33 . 2010-05-30 11:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.28992841
2010-04-27 18:57 . 2010-04-26 20:07 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-04-26 20:18 . 2010-04-26 20:17 -------- d-----w- c:\program files\KigoVideoConverter
2010-04-26 20:02 . 2010-04-26 20:02 -------- d-----w- c:\program files\FlvToMp3
2010-04-25 19:37 . 2010-04-25 19:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 19:35 . 2010-04-25 19:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 19:35 . 2010-04-25 19:35 -------- d-----w- c:\program files\Java
2010-04-18 09:21 . 2009-09-02 20:35 -------- d-----w- c:\program files\Opera
2010-04-13 10:25 . 2009-09-01 23:04 -------- d-----w- c:\program files\GRETECH
2010-04-13 10:21 . 2010-04-13 10:21 -------- d-----w- c:\program files\CoreAAC
2010-04-13 09:13 . 2010-04-13 09:13 -------- d-----w- c:\program files\VS Revo Group
2010-04-10 21:45 . 2001-10-25 12:00 71334 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 21:45 . 2001-10-25 12:00 395840 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 17:49 . 2010-04-10 17:49 -------- d-----w- c:\program files\Daniusoft
2010-03-25 14:41 . 2010-03-25 14:29 183133 ----a-w- c:\windows\hphins25.dat
2009-09-02 23:14 . 2009-09-02 23:14 74 --sh--r- c:\windows\CT4SET.BIN
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-12-22 3216664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
path=c:\documents and settings\ADMIN1\Nabídka Start\Programy\Po spuštění\WLAN Monitor & Configuration.lnk
backup=c:\windows\pss\WLAN Monitor & Configuration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 11:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-03-03 19:05 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.9.2009 2:09 108289]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W);c:\windows\system32\drivers\fvnetd51.sys [11.12.2002 17:03 91392]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [8.9.2009 1:09 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [18.3.2010 21:36 167424]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.11.2009 19:45 95568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1094856&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 22:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-06-08 23:05:06
ComboFix-quarantined-files.txt 2010-06-08 21:04
Před spuštěním: Volných bajtů: 17 850 314 752
Po spuštění: Volných bajtů: 18 077 007 872
- - End Of File - - D2E93ED26E0471798EF4906AFA71873D
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.478.136 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN1\Dokumenty\Stažené soubory\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-08 do 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-06-08 18:57 . 2010-06-08 19:01 5937990 ----a-w- c:\windows\REGBK00.ZIP
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\VDLL.DLL
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\system32\runouce.exe
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\logo_1.exe
2010-06-08 18:42 . 2010-06-08 18:42 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-06-08 18:42 . 2010-06-08 18:42 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-06-08 18:42 . 2010-06-08 18:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-06-08 18:41 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-06-08 18:41 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-06-08 18:41 . 2010-06-08 18:41 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- c:\program files\trend micro
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- C:\rsit
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-30 11:44 . 2010-05-30 11:44 -------- d-----w- c:\program files\Digital Red
2010-05-30 11:33 . 2010-05-30 11:33 -------- d-----w- c:\program files\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 15:32 . 2010-04-13 09:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-30 11:33 . 2010-05-30 11:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.28992841
2010-04-27 18:57 . 2010-04-26 20:07 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-04-26 20:18 . 2010-04-26 20:17 -------- d-----w- c:\program files\KigoVideoConverter
2010-04-26 20:02 . 2010-04-26 20:02 -------- d-----w- c:\program files\FlvToMp3
2010-04-25 19:37 . 2010-04-25 19:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 19:35 . 2010-04-25 19:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 19:35 . 2010-04-25 19:35 -------- d-----w- c:\program files\Java
2010-04-18 09:21 . 2009-09-02 20:35 -------- d-----w- c:\program files\Opera
2010-04-13 10:25 . 2009-09-01 23:04 -------- d-----w- c:\program files\GRETECH
2010-04-13 10:21 . 2010-04-13 10:21 -------- d-----w- c:\program files\CoreAAC
2010-04-13 09:13 . 2010-04-13 09:13 -------- d-----w- c:\program files\VS Revo Group
2010-04-10 21:45 . 2001-10-25 12:00 71334 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 21:45 . 2001-10-25 12:00 395840 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 17:49 . 2010-04-10 17:49 -------- d-----w- c:\program files\Daniusoft
2010-03-25 14:41 . 2010-03-25 14:29 183133 ----a-w- c:\windows\hphins25.dat
2009-09-02 23:14 . 2009-09-02 23:14 74 --sh--r- c:\windows\CT4SET.BIN
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-12-22 3216664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
path=c:\documents and settings\ADMIN1\Nabídka Start\Programy\Po spuštění\WLAN Monitor & Configuration.lnk
backup=c:\windows\pss\WLAN Monitor & Configuration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 11:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-03-03 19:05 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.9.2009 2:09 108289]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W);c:\windows\system32\drivers\fvnetd51.sys [11.12.2002 17:03 91392]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [8.9.2009 1:09 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [18.3.2010 21:36 167424]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.11.2009 19:45 95568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1094856&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 22:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-06-08 23:05:06
ComboFix-quarantined-files.txt 2010-06-08 21:04
Před spuštěním: Volných bajtů: 17 850 314 752
Po spuštění: Volných bajtů: 18 077 007 872
- - End Of File - - D2E93ED26E0471798EF4906AFA71873D
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
pokud jste tak ještě neučinil, přesuňte Combofix na plochu
otevřete si Poznámkový blok
do něj zkopírujte skript z následujícího okna:
uložte vámi vytvořený textový soubor jako CFScript.txt na plochu
po uložení uchopte vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad níž skript upusťte:
po aplikaci by se měl zobrazit další log, vložte jej sem
Upozornění: je možné, že po aplikaci skriptu a restartu nenaběhnou Windows, v takovém případě znovu restartujte, po restartu mačkejte F8 a zvolte Poslední známou funkční konfiguraci
otevřete si Poznámkový blok
do něj zkopírujte skript z následujícího okna:
Kód: Vybrat vše
Driver::
ASTFYP
VFCIEVIZpo uložení uchopte vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad níž skript upusťte:
po aplikaci by se měl zobrazit další log, vložte jej sem
Upozornění: je možné, že po aplikaci skriptu a restartu nenaběhnou Windows, v takovém případě znovu restartujte, po restartu mačkejte F8 a zvolte Poslední známou funkční konfiguraci
Re: Prosím o preventivku
ComboFix 10-06-08.02 - ADMIN1 09.06.2010 18:51:34.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.478.190 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN1\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN1\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASTFYP
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-09 do 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-08 18:57 . 2010-06-08 19:01 5937990 ----a-w- c:\windows\REGBK00.ZIP
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\VDLL.DLL
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\system32\runouce.exe
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\logo_1.exe
2010-06-08 18:42 . 2010-06-08 18:42 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-06-08 18:42 . 2010-06-08 18:42 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-06-08 18:42 . 2010-06-08 18:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-06-08 18:41 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-06-08 18:41 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-06-08 18:41 . 2010-06-08 18:41 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- c:\program files\trend micro
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- C:\rsit
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-30 11:44 . 2010-05-30 11:44 -------- d-----w- c:\program files\Digital Red
2010-05-30 11:33 . 2010-05-30 11:33 -------- d-----w- c:\program files\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 15:32 . 2010-04-13 09:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-30 11:33 . 2010-05-30 11:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.28992841
2010-04-27 18:57 . 2010-04-26 20:07 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-04-26 20:18 . 2010-04-26 20:17 -------- d-----w- c:\program files\KigoVideoConverter
2010-04-26 20:02 . 2010-04-26 20:02 -------- d-----w- c:\program files\FlvToMp3
2010-04-25 19:37 . 2010-04-25 19:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 19:35 . 2010-04-25 19:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 19:35 . 2010-04-25 19:35 -------- d-----w- c:\program files\Java
2010-04-18 09:21 . 2009-09-02 20:35 -------- d-----w- c:\program files\Opera
2010-04-13 10:25 . 2009-09-01 23:04 -------- d-----w- c:\program files\GRETECH
2010-04-13 10:21 . 2010-04-13 10:21 -------- d-----w- c:\program files\CoreAAC
2010-04-13 09:13 . 2010-04-13 09:13 -------- d-----w- c:\program files\VS Revo Group
2010-04-10 21:45 . 2001-10-25 12:00 71334 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 21:45 . 2001-10-25 12:00 395840 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 17:49 . 2010-04-10 17:49 -------- d-----w- c:\program files\Daniusoft
2010-03-25 14:41 . 2010-03-25 14:29 183133 ----a-w- c:\windows\hphins25.dat
2009-09-02 23:14 . 2009-09-02 23:14 74 --sh--r- c:\windows\CT4SET.BIN
.
((((((((((((((((((((((((((((( SnapShot@2010-06-08_20.59.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 16:38 . 2010-06-09 16:38 16384 c:\windows\Temp\Perflib_Perfdata_114.dat
+ 2009-09-03 12:48 . 2008-06-30 09:41 22528 c:\windows\system32\uxtuneup.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-12-22 3216664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
path=c:\documents and settings\ADMIN1\Nabídka Start\Programy\Po spuštění\WLAN Monitor & Configuration.lnk
backup=c:\windows\pss\WLAN Monitor & Configuration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 11:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-03-03 19:05 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.9.2009 2:09 108289]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W);c:\windows\system32\drivers\fvnetd51.sys [11.12.2002 17:03 91392]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [8.9.2009 1:09 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [18.3.2010 21:36 167424]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.11.2009 19:45 95568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1094856&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 19:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-06-09 19:11:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-09 17:10
ComboFix2.txt 2010-06-08 21:05
Před spuštěním: Volných bajtů: 18 091 630 592
Po spuštění: Volných bajtů: 17 966 755 840
- - End Of File - - 486147DE566C945625DE82E52A6E8F6A
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.478.190 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN1\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN1\Plocha\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASTFYP
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-09 do 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-08 18:57 . 2010-06-08 19:01 5937990 ----a-w- c:\windows\REGBK00.ZIP
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\VDLL.DLL
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\system32\runouce.exe
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-06-08 18:47 . 2010-06-08 18:47 -------- d---a-w- c:\windows\logo_1.exe
2010-06-08 18:42 . 2010-06-08 18:42 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-06-08 18:42 . 2010-06-08 18:42 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-06-08 18:42 . 2010-06-08 18:42 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-06-08 18:41 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-06-08 18:41 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-06-08 18:41 . 2010-06-08 18:41 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- c:\program files\trend micro
2010-06-08 18:29 . 2010-06-08 18:30 -------- d-----w- C:\rsit
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-30 11:44 . 2010-05-30 11:44 -------- d-----w- c:\program files\Digital Red
2010-05-30 11:33 . 2010-05-30 11:33 -------- d-----w- c:\program files\DAEMON Tools Lite
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 15:32 . 2010-04-13 09:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-30 11:33 . 2010-05-30 11:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.28992841
2010-04-27 18:57 . 2010-04-26 20:07 -------- d-----w- c:\program files\Flash FLV to Video Audio Converter
2010-04-26 20:18 . 2010-04-26 20:17 -------- d-----w- c:\program files\KigoVideoConverter
2010-04-26 20:02 . 2010-04-26 20:02 -------- d-----w- c:\program files\FlvToMp3
2010-04-25 19:37 . 2010-04-25 19:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 19:35 . 2010-04-25 19:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 19:35 . 2010-04-25 19:35 -------- d-----w- c:\program files\Java
2010-04-18 09:21 . 2009-09-02 20:35 -------- d-----w- c:\program files\Opera
2010-04-13 10:25 . 2009-09-01 23:04 -------- d-----w- c:\program files\GRETECH
2010-04-13 10:21 . 2010-04-13 10:21 -------- d-----w- c:\program files\CoreAAC
2010-04-13 09:13 . 2010-04-13 09:13 -------- d-----w- c:\program files\VS Revo Group
2010-04-10 21:45 . 2001-10-25 12:00 71334 ----a-w- c:\windows\system32\perfc005.dat
2010-04-10 21:45 . 2001-10-25 12:00 395840 ----a-w- c:\windows\system32\perfh005.dat
2010-04-10 17:49 . 2010-04-10 17:49 -------- d-----w- c:\program files\Daniusoft
2010-03-25 14:41 . 2010-03-25 14:29 183133 ----a-w- c:\windows\hphins25.dat
2009-09-02 23:14 . 2009-09-02 23:14 74 --sh--r- c:\windows\CT4SET.BIN
.
((((((((((((((((((((((((((((( SnapShot@2010-06-08_20.59.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 16:38 . 2010-06-09 16:38 16384 c:\windows\Temp\Perflib_Perfdata_114.dat
+ 2009-09-03 12:48 . 2008-06-30 09:41 22528 c:\windows\system32\uxtuneup.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-12-22 3216664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
path=c:\documents and settings\ADMIN1\Nabídka Start\Programy\Po spuštění\WLAN Monitor & Configuration.lnk
backup=c:\windows\pss\WLAN Monitor & Configuration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2004-12-03 11:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-03-03 19:05 55856 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.9.2009 2:09 108289]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W);c:\windows\system32\drivers\fvnetd51.sys [11.12.2002 17:03 91392]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [8.9.2009 1:09 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [18.3.2010 21:36 167424]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [22.11.2009 19:45 95568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1094856&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 19:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-06-09 19:11:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-09 17:10
ComboFix2.txt 2010-06-08 21:05
Před spuštěním: Volných bajtů: 18 091 630 592
Po spuštění: Volných bajtů: 17 966 755 840
- - End Of File - - 486147DE566C945625DE82E52A6E8F6A
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
poprosím vás o nový log z RSITu
Re: Prosím o preventivku
Logfile of random's system information tool 1.07 (written by random/random)
Run by ADMIN1 at 2010-06-10 20:16:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (45%) free of 38 GB
Total RAM: 478 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:55, on 10.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\ADMIN1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 7830 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-25 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2009-12-22 3216664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Player\hqtray.exe [2008-03-03 55856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
C:\PROGRA~1\SMC\SMC802~1.11B\WLANMO~1.EXE [2003-04-24 462848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-08-27 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=
"NoFileAssociate"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2010-06-09 19:11:11 ----A---- C:\ComboFix.txt
2010-06-08 22:45:05 ----A---- C:\WINDOWS\zip.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\SWSC.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\SWREG.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\sed.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\PEV.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\grep.exe
2010-06-08 22:44:53 ----D---- C:\WINDOWS\ERDNT
2010-06-08 22:42:51 ----D---- C:\Qoobox
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\VDLL.DLL
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\logo_1.exe
2010-06-08 20:42:16 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-06-08 20:42:15 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-06-08 20:42:13 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-06-08 20:41:44 ----A---- C:\WINDOWS\system32\T.COM
2010-06-08 20:41:43 ----A---- C:\WINDOWS\R.COM
2010-06-08 20:41:42 ----D---- C:\Program Files\Common Files\MicroWorld
2010-06-08 20:41:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-06-08 20:29:33 ----D---- C:\Program Files\trend micro
2010-06-08 20:29:25 ----D---- C:\rsit
2010-06-06 16:27:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-05-30 14:27:30 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\Digital Red
2010-05-30 13:44:48 ----D---- C:\Program Files\Digital Red
2010-05-30 13:33:18 ----D---- C:\Program Files\DAEMON Tools Lite
2010-05-30 13:32:42 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\DAEMON Tools Lite
2010-05-30 13:32:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
======List of files/folders modified in the last 1 months======
2010-06-10 20:16:34 ----D---- C:\WINDOWS\Prefetch
2010-06-10 19:44:10 ----D---- C:\WINDOWS\Temp
2010-06-10 19:44:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 19:43:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-06-09 20:21:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-09 19:33:59 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-09 19:11:18 ----D---- C:\WINDOWS\system32\drivers
2010-06-09 19:02:27 ----D---- C:\WINDOWS
2010-06-09 19:02:27 ----A---- C:\WINDOWS\system.ini
2010-06-09 19:00:25 ----D---- C:\WINDOWS\system32\config
2010-06-09 18:57:27 ----D---- C:\WINDOWS\system32
2010-06-09 18:57:27 ----D---- C:\WINDOWS\AppPatch
2010-06-09 18:57:22 ----D---- C:\Program Files\Common Files
2010-06-08 22:21:16 ----SHD---- C:\System Volume Information
2010-06-08 22:21:16 ----D---- C:\WINDOWS\system32\Restore
2010-06-08 20:29:33 ----RD---- C:\Program Files
2010-06-06 16:27:17 ----SHD---- C:\WINDOWS\Installer
2010-06-06 16:27:17 ----D---- C:\Config.Msi
2010-05-30 12:50:51 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\stickies
2010-05-29 22:44:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-28 292864]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-28 276480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W); C:\WINDOWS\system32\DRIVERS\fvnetd51.sys [2002-12-11 91392]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2009-12-15 268912]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-25 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-25 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-25 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2009-11-18 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 167424]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-11-10 95568]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-18 98304]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-09-03 355584]
-----------------EOF-----------------
Run by ADMIN1 at 2010-06-10 20:16:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (45%) free of 38 GB
Total RAM: 478 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:55, on 10.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\ADMIN1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 7830 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-25 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2009-12-22 3216664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Player\hqtray.exe [2008-03-03 55856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ADMIN1^Nabídka Start^Programy^Po spuštění^WLAN Monitor & Configuration.lnk]
C:\PROGRA~1\SMC\SMC802~1.11B\WLANMO~1.EXE [2003-04-24 462848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-08-27 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=
"NoFileAssociate"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2010-06-09 19:11:11 ----A---- C:\ComboFix.txt
2010-06-08 22:45:05 ----A---- C:\WINDOWS\zip.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\SWSC.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\SWREG.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\sed.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\PEV.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-08 22:45:05 ----A---- C:\WINDOWS\grep.exe
2010-06-08 22:44:53 ----D---- C:\WINDOWS\ERDNT
2010-06-08 22:42:51 ----D---- C:\Qoobox
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\VDLL.DLL
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-06-08 20:47:49 ----AD---- C:\WINDOWS\logo_1.exe
2010-06-08 20:42:16 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-06-08 20:42:15 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-06-08 20:42:13 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-06-08 20:41:44 ----A---- C:\WINDOWS\system32\T.COM
2010-06-08 20:41:43 ----A---- C:\WINDOWS\R.COM
2010-06-08 20:41:42 ----D---- C:\Program Files\Common Files\MicroWorld
2010-06-08 20:41:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-06-08 20:29:33 ----D---- C:\Program Files\trend micro
2010-06-08 20:29:25 ----D---- C:\rsit
2010-06-06 16:27:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-05-30 14:27:30 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\Digital Red
2010-05-30 13:44:48 ----D---- C:\Program Files\Digital Red
2010-05-30 13:33:18 ----D---- C:\Program Files\DAEMON Tools Lite
2010-05-30 13:32:42 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\DAEMON Tools Lite
2010-05-30 13:32:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
======List of files/folders modified in the last 1 months======
2010-06-10 20:16:34 ----D---- C:\WINDOWS\Prefetch
2010-06-10 19:44:10 ----D---- C:\WINDOWS\Temp
2010-06-10 19:44:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 19:43:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-06-09 20:21:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-09 19:33:59 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-09 19:11:18 ----D---- C:\WINDOWS\system32\drivers
2010-06-09 19:02:27 ----D---- C:\WINDOWS
2010-06-09 19:02:27 ----A---- C:\WINDOWS\system.ini
2010-06-09 19:00:25 ----D---- C:\WINDOWS\system32\config
2010-06-09 18:57:27 ----D---- C:\WINDOWS\system32
2010-06-09 18:57:27 ----D---- C:\WINDOWS\AppPatch
2010-06-09 18:57:22 ----D---- C:\Program Files\Common Files
2010-06-08 22:21:16 ----SHD---- C:\System Volume Information
2010-06-08 22:21:16 ----D---- C:\WINDOWS\system32\Restore
2010-06-08 20:29:33 ----RD---- C:\Program Files
2010-06-06 16:27:17 ----SHD---- C:\WINDOWS\Installer
2010-06-06 16:27:17 ----D---- C:\Config.Msi
2010-05-30 12:50:51 ----D---- C:\Documents and Settings\ADMIN1\Data aplikací\stickies
2010-05-29 22:44:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-28 292864]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-28 276480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 SMC_WinXP_PCMCIAFVNETR_(SMCD)(R);SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W); C:\WINDOWS\system32\DRIVERS\fvnetd51.sys [2002-12-11 91392]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2009-12-15 268912]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-25 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-25 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-25 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2009-11-18 55208]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-29 167424]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-11-10 95568]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-18 98304]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-09-03 355584]
-----------------EOF-----------------
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
log je ok systém je stále pomalý?
systém je stále pomalý?Re: Prosím o preventivku
Odezva systému je stále nic moc.
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
stáhněte si OTL z tohoto odkazu http://ottools.noahdfear.net/OTL.exe
stažený soubor spusťte jako správce
v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte
stažený soubor spusťte jako správce
v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte
Re: Prosím o preventivku
OTL logfile created on: 16.6.2010 13:37:40 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
478,00 Mb Total Physical Memory | 218,00 Mb Available Physical Memory | 46,00% Memory free
737,00 Mb Paging File | 454,00 Mb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 16,91 Gb Free Space | 45,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ADMIN1-B440DBDE
Current User Name: ADMIN1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.16 13:37:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\OTL.exe
PRC - [2009.12.22 10:42:52 | 003,216,664 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.03 21:06:26 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008.03.03 21:06:12 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008.03.03 21:06:10 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2007.03.23 11:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.11.13 16:50:20 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 16:50:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
========== Modules (SafeList) ==========
MOD - [2010.06.16 13:37:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009.09.03 14:48:36 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.30 11:41:58 | 000,022,528 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.03.03 21:06:26 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.03.03 21:06:12 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.03.03 21:06:10 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2007.03.23 11:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
========== Driver Services (SafeList) ==========
DRV - [2010.05.30 13:33:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys.28992841 -- (sptd)
DRV - [2009.12.15 15:41:30 | 000,268,912 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2009.12.10 21:12:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 23:45:08 | 000,055,208 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009.11.10 15:54:18 | 000,095,568 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008.03.03 21:06:38 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.03.03 21:06:36 | 000,925,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.03.03 21:06:34 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.03.03 21:06:32 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.03.03 20:12:22 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.03.03 20:12:22 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007.03.23 11:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007.01.31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007.01.18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2004.12.29 09:34:10 | 000,167,424 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2004.06.28 14:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004.06.28 14:03:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.10 10:40:00 | 000,199,552 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004.03.10 10:37:00 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.03.10 10:35:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002.12.11 17:03:36 | 000,091,392 | ---- | M] (ATMEL) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvnetd51.sys -- (SMC_WinXP_PCMCIAFVNETR_(SMCD)(R)) SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W)
DRV - [2002.05.02 12:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... ource=3&q="
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.no_proxies_on: "microweb"
FF - user.js..browser.search.openintab: false
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 22:06:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.25 21:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.13 11:23:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009.09.02 00:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Extensions
[2010.06.16 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions
[2010.04.28 21:04:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.23 22:46:27 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.04.28 21:04:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.23 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\noia2_option@kk.noia
[2010.06.16 13:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.25 21:36:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.25 21:35:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.16 23:44:48 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.16 23:44:48 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.16 23:44:48 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.16 23:44:49 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.16 23:44:49 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.06.09 19:02:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.25 12:37:14 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.06.10 20:24:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ADMIN1\UserData
[2010.06.08 22:45:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.08 22:45:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.08 22:45:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.08 22:45:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.08 22:44:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.08 22:42:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.06.08 20:42:16 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.08 20:42:15 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.08 20:42:13 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.08 20:41:44 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.06.08 20:41:43 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.06.08 20:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.06.08 20:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.06.08 20:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.08 20:29:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.06 17:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN1\Recent
[2010.06.06 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.06.06 16:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN1\Application Data
[2010.05.30 14:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN1\Data aplikací\Digital Red
[2010.05.30 13:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Red
[2010.05.30 13:33:39 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys.28992841
[2010.05.30 13:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.05.30 13:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN1\Data aplikací\DAEMON Tools Lite
[2010.05.30 13:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
========== Files - Modified Within 30 Days ==========
[2010.06.16 13:17:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.16 13:17:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.16 13:13:33 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\ADMIN1\NTUSER.DAT
[2010.06.16 13:13:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ADMIN1\ntuser.ini
[2010.06.15 22:38:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.10 20:52:28 | 000,000,179 | ---- | M] () -- C:\WINDOWS\registr_prospechu.ini
[2010.06.10 20:33:05 | 000,048,501 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_nemovitost3.rtf
[2010.06.10 20:31:04 | 000,012,126 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\DAR smlouva.docx
[2010.06.10 20:26:17 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci__smlouva_nemovitost1.doc
[2010.06.10 20:24:46 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_na_nemovitost.doc
[2010.06.09 19:02:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.09 19:02:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.09 18:45:14 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\Zástupce - ComboFix.lnk
[2010.06.08 23:17:21 | 001,580,676 | -H-- | M] () -- C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\IconCache.db
[2010.06.08 22:32:00 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Dokumenty\pinfect.zip
[2010.06.08 21:01:39 | 005,937,990 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.06.08 20:47:46 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.06.08 20:42:15 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.08 20:42:14 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.08 20:42:12 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.08 19:42:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 17:16:53 | 000,016,217 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\PrezencniListina.docx
[2010.06.06 17:14:58 | 000,018,666 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\ZaznamHlasovani.docx
[2010.06.06 16:08:32 | 006,024,194 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\VIA_GRA_GAUDEAMUS.flv
[2010.05.30 13:33:44 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
[2010.05.30 13:33:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys.28992841
[2010.05.30 13:16:17 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010.05.30 13:16:17 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010.05.30 13:09:01 | 000,624,183 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\Upgrading from Windows Vista to Windows 7.pdf
========== Files Created - No Company Name ==========
[2010.06.10 20:33:04 | 000,048,501 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_nemovitost3.rtf
[2010.06.10 20:29:18 | 000,012,126 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\DAR smlouva.docx
[2010.06.10 20:26:16 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci__smlouva_nemovitost1.doc
[2010.06.10 20:24:44 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_na_nemovitost.doc
[2010.06.09 18:45:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\Zástupce - ComboFix.lnk
[2010.06.08 22:45:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.08 22:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.08 22:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.08 22:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.08 22:32:00 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Dokumenty\pinfect.zip
[2010.06.08 20:57:51 | 005,937,990 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.06.08 20:44:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.06.08 20:42:13 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.06.06 16:07:08 | 006,024,194 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\VIA_GRA_GAUDEAMUS.flv
[2010.05.30 15:32:42 | 000,018,666 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\ZaznamHlasovani.docx
[2010.05.30 15:32:02 | 000,016,217 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\PrezencniListina.docx
[2010.05.30 13:33:44 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
[2010.05.30 13:10:57 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010.05.30 13:10:57 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010.05.30 13:09:01 | 000,624,183 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\Upgrading from Windows Vista to Windows 7.pdf
[2010.04.26 22:07:16 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2010.03.18 21:27:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2010.03.12 00:57:35 | 000,000,179 | ---- | C] () -- C:\WINDOWS\registr_prospechu.ini
[2010.01.28 17:07:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.28 17:07:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.01.28 17:07:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.28 17:07:35 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.01.28 17:07:27 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.01.28 17:07:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.27 00:14:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010.01.21 23:29:53 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\DCLibrary_nat.dll
[2010.01.18 20:27:41 | 000,268,912 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2009.11.22 00:32:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2009.11.06 01:25:34 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.11.06 01:25:06 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.09.10 01:50:30 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C31F31E6
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7E95B6FD
< End of report >
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
478,00 Mb Total Physical Memory | 218,00 Mb Available Physical Memory | 46,00% Memory free
737,00 Mb Paging File | 454,00 Mb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 16,91 Gb Free Space | 45,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ADMIN1-B440DBDE
Current User Name: ADMIN1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.16 13:37:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\OTL.exe
PRC - [2009.12.22 10:42:52 | 003,216,664 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.03 21:06:26 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008.03.03 21:06:12 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008.03.03 21:06:10 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2007.03.23 11:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.11.13 16:50:20 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006.11.13 16:50:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
========== Modules (SafeList) ==========
MOD - [2010.06.16 13:37:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN1\Dokumenty\Stažené soubory\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009.09.03 14:48:36 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.30 11:41:58 | 000,022,528 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.03.03 21:06:26 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.03.03 21:06:12 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.03.03 21:06:10 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2007.03.23 11:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
========== Driver Services (SafeList) ==========
DRV - [2010.05.30 13:33:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys.28992841 -- (sptd)
DRV - [2009.12.15 15:41:30 | 000,268,912 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2009.12.10 21:12:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.18 23:45:08 | 000,055,208 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009.11.10 15:54:18 | 000,095,568 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008.03.03 21:06:38 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.03.03 21:06:36 | 000,925,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.03.03 21:06:34 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.03.03 21:06:32 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.03.03 20:12:22 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.03.03 20:12:22 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007.03.23 11:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007.01.31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007.01.18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2004.12.29 09:34:10 | 000,167,424 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2004.06.28 14:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004.06.28 14:03:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.10 10:40:00 | 000,199,552 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004.03.10 10:37:00 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.03.10 10:35:00 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002.12.11 17:03:36 | 000,091,392 | ---- | M] (ATMEL) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvnetd51.sys -- (SMC_WinXP_PCMCIAFVNETR_(SMCD)(R)) SMC_WinXP_PCMCIAFVNETR_(SMCD)(R) Service for SMC EZ Connect Wireless PC Card(SMC2632W)
DRV - [2002.05.02 12:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... ource=3&q="
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.no_proxies_on: "microweb"
FF - user.js..browser.search.openintab: false
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 22:06:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.25 21:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.13 11:23:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009.09.02 00:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Extensions
[2010.06.16 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions
[2010.04.28 21:04:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.23 22:46:27 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.04.28 21:04:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.23 22:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN1\Data aplikací\Mozilla\Firefox\Profiles\8qv5cuoq.default\extensions\noia2_option@kk.noia
[2010.06.16 13:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.25 21:36:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.25 21:35:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.16 23:44:48 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.16 23:44:48 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.16 23:44:48 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.16 23:44:49 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.16 23:44:49 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.06.09 19:02:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe (SRS Labs, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.25 12:37:14 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.06.10 20:24:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ADMIN1\UserData
[2010.06.08 22:45:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.08 22:45:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.08 22:45:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.08 22:45:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.06.08 22:44:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.08 22:42:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.06.08 20:47:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.06.08 20:42:16 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.08 20:42:15 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.08 20:42:13 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.08 20:41:44 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.06.08 20:41:43 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.06.08 20:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.06.08 20:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.06.08 20:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.08 20:29:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.06 17:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN1\Recent
[2010.06.06 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.06.06 16:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN1\Application Data
[2010.05.30 14:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN1\Data aplikací\Digital Red
[2010.05.30 13:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Red
[2010.05.30 13:33:39 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys.28992841
[2010.05.30 13:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.05.30 13:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN1\Data aplikací\DAEMON Tools Lite
[2010.05.30 13:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
========== Files - Modified Within 30 Days ==========
[2010.06.16 13:17:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.16 13:17:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.16 13:13:33 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\ADMIN1\NTUSER.DAT
[2010.06.16 13:13:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ADMIN1\ntuser.ini
[2010.06.15 22:38:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.10 20:52:28 | 000,000,179 | ---- | M] () -- C:\WINDOWS\registr_prospechu.ini
[2010.06.10 20:33:05 | 000,048,501 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_nemovitost3.rtf
[2010.06.10 20:31:04 | 000,012,126 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\DAR smlouva.docx
[2010.06.10 20:26:17 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci__smlouva_nemovitost1.doc
[2010.06.10 20:24:46 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_na_nemovitost.doc
[2010.06.09 19:02:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.09 19:02:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.09 18:45:14 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\Zástupce - ComboFix.lnk
[2010.06.08 23:17:21 | 001,580,676 | -H-- | M] () -- C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\IconCache.db
[2010.06.08 22:32:00 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Dokumenty\pinfect.zip
[2010.06.08 21:01:39 | 005,937,990 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.06.08 20:47:46 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.06.08 20:42:15 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.08 20:42:14 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.08 20:42:12 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.06.08 19:42:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 17:16:53 | 000,016,217 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\PrezencniListina.docx
[2010.06.06 17:14:58 | 000,018,666 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\ZaznamHlasovani.docx
[2010.06.06 16:08:32 | 006,024,194 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\VIA_GRA_GAUDEAMUS.flv
[2010.05.30 13:33:44 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
[2010.05.30 13:33:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys.28992841
[2010.05.30 13:16:17 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010.05.30 13:16:17 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010.05.30 13:09:01 | 000,624,183 | ---- | M] () -- C:\Documents and Settings\ADMIN1\Plocha\Upgrading from Windows Vista to Windows 7.pdf
========== Files Created - No Company Name ==========
[2010.06.10 20:33:04 | 000,048,501 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_nemovitost3.rtf
[2010.06.10 20:29:18 | 000,012,126 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\DAR smlouva.docx
[2010.06.10 20:26:16 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci__smlouva_nemovitost1.doc
[2010.06.10 20:24:44 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\darovaci_smlouva_na_nemovitost.doc
[2010.06.09 18:45:14 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\Zástupce - ComboFix.lnk
[2010.06.08 22:45:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.08 22:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.08 22:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.08 22:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.08 22:32:00 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Dokumenty\pinfect.zip
[2010.06.08 20:57:51 | 005,937,990 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.06.08 20:44:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.06.08 20:42:13 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.06.06 16:07:08 | 006,024,194 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\VIA_GRA_GAUDEAMUS.flv
[2010.05.30 15:32:42 | 000,018,666 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\ZaznamHlasovani.docx
[2010.05.30 15:32:02 | 000,016,217 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\PrezencniListina.docx
[2010.05.30 13:33:44 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
[2010.05.30 13:10:57 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010.05.30 13:10:57 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010.05.30 13:09:01 | 000,624,183 | ---- | C] () -- C:\Documents and Settings\ADMIN1\Plocha\Upgrading from Windows Vista to Windows 7.pdf
[2010.04.26 22:07:16 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2010.03.18 21:27:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\swunilog.ini
[2010.03.12 00:57:35 | 000,000,179 | ---- | C] () -- C:\WINDOWS\registr_prospechu.ini
[2010.01.28 17:07:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.28 17:07:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.01.28 17:07:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.28 17:07:35 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.01.28 17:07:27 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.01.28 17:07:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.27 00:14:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010.01.21 23:29:53 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\DCLibrary_nat.dll
[2010.01.18 20:27:41 | 000,268,912 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2009.11.22 00:32:46 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2009.11.06 01:25:34 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.11.06 01:25:06 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.09.10 01:50:30 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C31F31E6
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D282699C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7E95B6FD
< End of report >
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
stáhněte GMER , rozbalte a spusťte
proběhne sken, po jehož ukončení se zobrazí výsledky
poté klikněte na Save a uložíte tak log, jeho obsah sem vložte
pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem
proběhne sken, po jehož ukončení se zobrazí výsledky
poté klikněte na Save a uložíte tak log, jeho obsah sem vložte
pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem
Re: Prosím o preventivku
Log 1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-17 13:52:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\fwtiypog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
---- EOF - GMER 1.0.15 ----
Log 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 15:40:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\fwtiypog.sys
---- System - GMER 1.0.15 ----
SSDT F7E66D9E ZwCreateKey
SSDT F7E66D94 ZwCreateThread
SSDT F7E66DA3 ZwDeleteKey
SSDT F7E66DAD ZwDeleteValueKey
SSDT F7E66DB2 ZwLoadKey
SSDT F7E66D80 ZwOpenProcess
SSDT F7E66D85 ZwOpenThread
SSDT F7E66DBC ZwReplaceKey
SSDT F7E66DB7 ZwRestoreKey
SSDT F7E66DA8 ZwSetValueKey
SSDT F7E66D8F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x34 0x4B 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x05 0xCE 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x49 0x53 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x34 0x4B 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x05 0xCE 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x49 0x53 0x5E ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-17 13:52:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\fwtiypog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
---- EOF - GMER 1.0.15 ----
Log 2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 15:40:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN1\LOCALS~1\Temp\fwtiypog.sys
---- System - GMER 1.0.15 ----
SSDT F7E66D9E ZwCreateKey
SSDT F7E66D94 ZwCreateThread
SSDT F7E66DA3 ZwDeleteKey
SSDT F7E66DAD ZwDeleteValueKey
SSDT F7E66DB2 ZwLoadKey
SSDT F7E66D80 ZwOpenProcess
SSDT F7E66D85 ZwOpenThread
SSDT F7E66DBC ZwReplaceKey
SSDT F7E66DB7 ZwRestoreKey
SSDT F7E66DA8 ZwSetValueKey
SSDT F7E66D8F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x34 0x4B 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x05 0xCE 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x49 0x53 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x34 0x4B 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x05 0xCE 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x49 0x53 0x5E ...
---- EOF - GMER 1.0.15 ----
-
1danab
- Nováček
- Příspěvky: 1412
- Registrován: 21 říj 2007 13:04
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: Prosím o preventivku
ještě počkám na druhý log
Re: Prosím o preventivku
V předchozím příspěvku jsem vložil oba logy. Ten druhý je podle doporučeného návodu akorát místo pár minut trval sken téměř tři hodiny.
Přispějete na provoz fóra?