Logfile of random's system information tool 1.07 (written by random/random)
Run by MAREK at 2010-06-15 10:39:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (61%) free of 76 GB
Total RAM: 894 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:59, on 15.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\marek\Local Settings\Data aplikací\Seznam.cz\postak.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Opera\opera.exe
c:\RSIT.exe
C:\Program Files\trend micro\MAREK.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Display Stix - System tray] C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Documents and Settings\marek\Local Settings\Data aplikací\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: AVG Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3926832953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kubousekcb.local
O17 - HKLM\Software\..\Telephony: DomainName = kubousekcb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kubousekcb.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kubousekcb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 12800 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-01-22 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-07 278128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-07 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-01-22 491520]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-07 278128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe [2007-05-14 1191936]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-04-13 61440]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-11-06 122880]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Display Stix - System tray"=C:\Program Files\Fractalis Software\Display Stix 2.5\dstix.exe [2004-04-24 245760]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Seznam Postak"=C:\Documents and Settings\marek\Local Settings\Data aplikací\Seznam.cz\postak.exe [2010-03-01 451224]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-06 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2007-01-30 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-01-22 212992]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVG Tray Icon.lnk - C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\marek\Nabídka Start\Programy\Po spuštění
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wxvault.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-04-24 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-30 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"C:\Uzivatel_Marek\Soukromé\Soft\Defrag\Portable OO Defrag Pro v11 English\O&O Defrag Professional Edition\40000015600002i\oodag.exe"="C:\Uzivatel_Marek\Soukromé\Soft\Defrag\Portable OO Defrag Pro v11 English\O&O Defrag Professional Edition\40000015600002i\oodag.exe:*:Enabled:oodag"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21b3e1c0-8953-11dc-90a3-001a6b89a69e}]
shell\AutoRun\command - F:\6xdgw26.com
shell\explore\command - F:\6xdgw26.com
shell\open\command - F:\6xdgw26.com
======List of files/folders created in the last 1 months======
2010-06-15 10:39:29 ----D---- C:\rsit
2010-06-15 10:38:26 ----A---- C:\RSIT.exe
2010-06-15 10:22:11 ----D---- C:\A
2010-06-11 09:56:53 ----A---- C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc
2010-06-11 09:18:33 ----D---- C:\Prim_tool
2010-06-11 08:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 08:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 08:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 08:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 08:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 08:40:05 ----A---- C:\WINDOWS\imsins.BAK
2010-06-11 08:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-07 10:33:21 ----HD---- C:\$AVG8.VAULT$
2010-06-07 10:26:45 ----SHD---- C:\RECYCLER
2010-06-07 10:04:35 ----D---- C:\WINDOWS\temp
2010-06-07 09:54:34 ----A---- C:\WINDOWS\zip.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\SWSC.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\SWREG.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\sed.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\PEV.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\MBR.exe
2010-06-07 09:54:34 ----A---- C:\WINDOWS\grep.exe
2010-06-07 09:53:59 ----D---- C:\WINDOWS\ERDNT
======List of files/folders modified in the last 1 months======
2010-06-15 10:39:46 ----D---- C:\Program Files\trend micro
2010-06-15 10:39:34 ----D---- C:\WINDOWS\Prefetch
2010-06-15 10:39:16 ----A---- C:\WINDOWS\wincmd.ini
2010-06-15 10:38:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-15 10:37:46 ----D---- C:\WINDOWS
2010-06-15 10:37:46 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-06-15 10:24:41 ----A---- C:\WINDOWS\WTRAN32.INI
2010-06-15 10:13:43 ----D---- C:\WINDOWS\security
2010-06-15 10:13:34 ----D---- C:\WINDOWS\Registration
2010-06-15 10:13:23 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-06-14 17:46:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-14 16:57:58 ----D---- C:\Uzivatel_Marek
2010-06-11 11:50:08 ----D---- C:\Program Files
2010-06-11 10:34:49 ----SHD---- C:\WINDOWS\Installer
2010-06-11 09:13:05 ----D---- C:\WINDOWS\system32
2010-06-11 08:48:39 ----HD---- C:\WINDOWS\inf
2010-06-11 08:48:37 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-06-11 08:48:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 08:46:52 ----D---- C:\Program Files\Internet Explorer
2010-06-11 08:40:47 ----D---- C:\WINDOWS\Debug
2010-06-07 10:01:42 ----A---- C:\WINDOWS\system.ini
2010-06-07 09:59:04 ----D---- C:\WINDOWS\system32\drivers
2010-06-07 09:59:04 ----D---- C:\WINDOWS\AppPatch
2010-06-07 09:59:01 ----D---- C:\Program Files\Common Files
2010-06-07 09:16:19 ----D---- C:\Program Files\CCleaner
2010-06-01 08:19:59 ----D---- C:\WINDOWS\system32\LogFiles
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-19 16:23:57 ----D---- C:\Program Files\Outlook Express
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-30 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-30 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-28 108552]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-04-26 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-28 9856]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-01-31 12672]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2004-09-02 70656]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-04-24 1975808]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-20 160256]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-08 88960]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2007-04-26 41600]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-26 41856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2007-11-06 31936]
S2 DSO20901;DSO-2090 USB DRIVER 1(DSO20901.SYS); C:\WINDOWS\System32\Drivers\DSO20901.SYS [2007-06-28 16008]
S2 DSO20902;DSO-2090 USB DRIVER 2(DSO20902.SYS); C:\WINDOWS\System32\Drivers\DSO20902.SYS [2007-06-07 17788]
S3 a2l174ns;a2l174ns; C:\WINDOWS\system32\drivers\a2l174ns.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-04-15 132608]
S3 catchme;catchme; \??\C:\DOCUME~1\marek\LOCALS~1\Temp\catchme.sys []
S3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\drivers\genmcmnUSB.sys []
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2007-04-13 16384]
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-01-31 989696]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-01-31 209152]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-12-03 47360]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2002-04-09 39552]
S3 SIF32X;SIF32X; C:\WINDOWS\system32\drivers\SiF32x.sys [2004-01-21 9600]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2007-01-28 71539]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-26 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-04-26 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-04-26 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2007-04-26 18612]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2004-09-02 17408]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-01-31 730112]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-04-24 446464]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-30 297752]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-05-10 94208]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.12 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-02-01 1466368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-02 24064]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-28 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 487424]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-29 435016]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC, občas nahlášena infekce, prosím o kontrolu. Dík
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
7.6. jste prováděl sken ComboFix. Dejte z něj log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
Log ze 7.6 jsem bohužel vymazal, udělal jsem dnes nový. Díky
ComboFix 10-06-15.02 - MAREK 16.06.2010 8:30.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.894.409 [GMT 2:00]
Spuštěný z: c:\documents and settings\marek\Plocha\ComboFix.exe
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-15 12:02 . 2010-06-15 12:02 2288128 ----a-w- c:\windows\system32\TUKernel.exe
2010-06-15 11:39 . 2010-05-07 16:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-15 11:39 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-15 11:38 . 2010-06-15 11:39 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-11 06:31 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 08:33 . 2010-06-15 10:04 -------- d-----w- C:\$AVG8.VAULT$
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 11:44 . 2004-09-13 15:21 85090 ----a-w- c:\windows\system32\perfc005.dat
2010-06-15 11:44 . 2004-09-13 15:21 442864 ----a-w- c:\windows\system32\perfh005.dat
2010-06-15 10:51 . 2010-03-21 09:03 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-07 07:16 . 2007-11-02 21:10 -------- d-----w- c:\program files\CCleaner
2010-05-06 10:35 . 2004-09-13 15:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:43 . 2007-11-02 20:17 -------- d-----w- c:\program files\Opera
2010-05-02 08:09 . 2004-09-13 15:20 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-09-13 15:20 285696 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
"Seznam Postak"="c:\documents and settings\marek\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-05-14 1191936]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-7-22 118784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVG Tray Icon.lnk - c:\program files\AVG\AVG8\avgtray.exe [2009-1-12 2046816]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 18:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 14:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 16:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 10:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [5.10.2007 15:34 3456]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [15.5.2008 20:12 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15.5.2008 20:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15.5.2008 20:12 108552]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19.12.2006 15:21 79432]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12.1.2009 18:10 297752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 18:04 1051976]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [13.9.2004 17:20 5120]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [30.1.2009 20:42 17408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.6.2009 14:27 717296]
S2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [6.11.2007 15:13 31936]
S2 DSO20901;DSO-2090 USB DRIVER 1(DSO20901.SYS);c:\windows\system32\drivers\DSO20901.SYS [9.1.2008 18:07 16008]
S2 DSO20902;DSO-2090 USB DRIVER 2(DSO20902.SYS);c:\windows\system32\drivers\DSO20902.SYS [9.1.2008 18:07 17788]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2010 19:07 135664]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [21.3.2010 11:03 246520]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [23.1.2008 12:53 93440]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 13:32 97536]
S3 genmcmnUSB;USB Scroll Mouse Driver; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [30.1.2009 20:42 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [30.1.2009 20:42 9856]
S3 SIF32X;SIF32X;c:\windows\system32\drivers\SiF32x.sys [18.1.2008 18:07 9600]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.4.2008 12:47 17408]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:06]
2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 08:35
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1123561945-839522115-1315\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\CSY_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
[HKEY_USERS\S-1-5-21-2052111302-1123561945-839522115-1315\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\CSY_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c
[HKEY_USERS\S-1-5-21-2052111302-1123561945-839522115-1315\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\CSY_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:03,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="A5A39EABCA9D44A1C74CF359DE0D6EBD913DBA274D083B749439D2F6DF686A98AD277E18E591F74C19696440C4236EA40CFD9E5927103B9968775F8E2B7419C175BD23C12EC30F6CB3A8F43B22C477F7B45ABBB671DF1A0A947EA4B97939DA88EA478FBB0D1F6D74E34590A01047257E598B09FE97D650810524C33BA5C31E3DBA542C6DED801A68B92F8A1BAA74BB120AFDDFC0074EF8506CF23F280F1B7843D82C459140B8C4E2890A19AB138B9EA01CD200613010D1D8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB34528EDD5E5BE2F6E667992CA8CBA200B3A96AE85C5AB65292DAEC1B36BC0799381CAD962DA736AD3D396A3CEAC158B61983A619DDF58BBDF3BB66DD5E85B80497D5E023DBF155336687D4FA27383BDAE5ACE9593C550EB7DB7397C6AA213256F8DE27E40774567A8C1747426BA783DED70AA1810DD3484263DC8E4A5A6FEFBFEB27D30F34B3C67ED90E70A4285B6E2F5097FE20C9A3C9D5C2669E1213A770E424B4F789D18CB4321BA3C5623473BBA856E1F674D348A2DA5A14DDFC5953B4DE791DE96C30ABB57A42277C75C8E3B01E928C43726B1AE8B2AD7E251B1BD045B8E78DC6080394DFAF6279140882F296D353CBDF43B8C636B0E1CE14B12551ABF210C7EC5E639D4F9D3610CA7AE33D39060CEC8F44C34FA719C3440C3CAD5BF500B51FFEA54DF2A388997325DED0B369E150CBD505FB8860A9C0B433664AC6B8C9BFFAE4C8A09101A28CC06CFD93987B88DA5B7DC9B39A0410EB847312F5C2092C3BD8C86623CD8E96362B2A545904C8118AA2920CA102BD70FC30FB55125182F5D6481BCFFBCD7801DD75B1103463AC8660BBE6F76111BBE0CE473E79E0C7C26CE7EC0F0EB80C6DF1F079931498F389E381540F6EEEEAAD6C5F6D70FB894F6D4764811A59485722EF00262C78E0CAC39DB9AEE3822E09CA9252590C8D186728B16A4F782180D34D72407B940AC8CFC219752104FDE4B8CB45EDD45195FA609ECCB8B8298798762B688A8E2DC6F3BD74314616CE5E3E19EEED1E413F2C86607EABB3B1EF64AD8AFBB0DB891B62E626C832E38C6A51482175E470919F9FF2617BD7624253BF41AF82A1D4A8C64489EA335F2716C0BDF497257A19CCF9EF59304CCB71869E5A35D686053A3E5B89AB45AFEE0E58FC3B1A1AC7F1EE0E9CD43AF0AA78B02E60275349539676AEC9007DC038093A8F1217F31A2B016B841B37F996D5C0937E6DC94820B987147445AC14BBCD4EF108345120DA21D4AEF3CAB25EEC8FFD324FDB1FA34A0CFC451B47C5696CF5CE9FA4DC9DA0777E8AFB33451B941120FBC88D06365B0BA210DF450B37DA583912CF5BC865DB5A9DB5B8ADE9F5A97450FAB7B8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Celkový čas: 2010-06-16 08:38:04
ComboFix-quarantined-files.txt 2010-06-16 06:38
Před spuštěním: Volných bajtů: 52,781,584,384
Po spuštění: Volných bajtů: 52,760,895,488
- - End Of File - - 1A5B7504727ABEEFD037C7CCD819A53A
ComboFix 10-06-15.02 - MAREK 16.06.2010 8:30.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.894.409 [GMT 2:00]
Spuštěný z: c:\documents and settings\marek\Plocha\ComboFix.exe
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-16 do 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-15 12:02 . 2010-06-15 12:02 2288128 ----a-w- c:\windows\system32\TUKernel.exe
2010-06-15 11:39 . 2010-05-07 16:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-15 11:39 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-15 11:38 . 2010-06-15 11:39 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-11 06:31 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 08:33 . 2010-06-15 10:04 -------- d-----w- C:\$AVG8.VAULT$
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 11:44 . 2004-09-13 15:21 85090 ----a-w- c:\windows\system32\perfc005.dat
2010-06-15 11:44 . 2004-09-13 15:21 442864 ----a-w- c:\windows\system32\perfh005.dat
2010-06-15 10:51 . 2010-03-21 09:03 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-07 07:16 . 2007-11-02 21:10 -------- d-----w- c:\program files\CCleaner
2010-05-06 10:35 . 2004-09-13 15:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:43 . 2007-11-02 20:17 -------- d-----w- c:\program files\Opera
2010-05-02 08:09 . 2004-09-13 15:20 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-09-13 15:20 285696 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Display Stix - System tray"="c:\program files\Fractalis Software\Display Stix 2.5\dstix.exe" [2004-04-24 245760]
"Seznam Postak"="c:\documents and settings\marek\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-05-14 1191936]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-04-13 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-7-22 118784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVG Tray Icon.lnk - c:\program files\AVG\AVG8\avgtray.exe [2009-1-12 2046816]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 18:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 14:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 16:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 10:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [5.10.2007 15:34 3456]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [15.5.2008 20:12 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15.5.2008 20:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15.5.2008 20:12 108552]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19.12.2006 15:21 79432]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12.1.2009 18:10 297752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 18:04 1051976]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [13.9.2004 17:20 5120]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [30.1.2009 20:42 17408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.6.2009 14:27 717296]
S2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [6.11.2007 15:13 31936]
S2 DSO20901;DSO-2090 USB DRIVER 1(DSO20901.SYS);c:\windows\system32\drivers\DSO20901.SYS [9.1.2008 18:07 16008]
S2 DSO20902;DSO-2090 USB DRIVER 2(DSO20902.SYS);c:\windows\system32\drivers\DSO20902.SYS [9.1.2008 18:07 17788]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2010 19:07 135664]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [21.3.2010 11:03 246520]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [23.1.2008 12:53 93440]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 13:32 97536]
S3 genmcmnUSB;USB Scroll Mouse Driver; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [30.1.2009 20:42 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [30.1.2009 20:42 9856]
S3 SIF32X;SIF32X;c:\windows\system32\drivers\SiF32x.sys [18.1.2008 18:07 9600]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.4.2008 12:47 17408]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:06]
2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 17:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 08:35
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1123561945-839522115-1315\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\CSY_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
[HKEY_USERS\S-1-5-21-2052111302-1123561945-839522115-1315\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\CSY_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c
[HKEY_USERS\S-1-5-21-2052111302-1123561945-839522115-1315\Software\%s (%s)\«Ů0x >:xz|8xn9xz|8xCStringList*đł/xß0x!A:xoŢ0xn9xz|8xCMapPtrToPtr\CSY_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:03,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="A5A39EABCA9D44A1C74CF359DE0D6EBD913DBA274D083B749439D2F6DF686A98AD277E18E591F74C19696440C4236EA40CFD9E5927103B9968775F8E2B7419C175BD23C12EC30F6CB3A8F43B22C477F7B45ABBB671DF1A0A947EA4B97939DA88EA478FBB0D1F6D74E34590A01047257E598B09FE97D650810524C33BA5C31E3DBA542C6DED801A68B92F8A1BAA74BB120AFDDFC0074EF8506CF23F280F1B7843D82C459140B8C4E2890A19AB138B9EA01CD200613010D1D8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB34528EDD5E5BE2F6E667992CA8CBA200B3A96AE85C5AB65292DAEC1B36BC0799381CAD962DA736AD3D396A3CEAC158B61983A619DDF58BBDF3BB66DD5E85B80497D5E023DBF155336687D4FA27383BDAE5ACE9593C550EB7DB7397C6AA213256F8DE27E40774567A8C1747426BA783DED70AA1810DD3484263DC8E4A5A6FEFBFEB27D30F34B3C67ED90E70A4285B6E2F5097FE20C9A3C9D5C2669E1213A770E424B4F789D18CB4321BA3C5623473BBA856E1F674D348A2DA5A14DDFC5953B4DE791DE96C30ABB57A42277C75C8E3B01E928C43726B1AE8B2AD7E251B1BD045B8E78DC6080394DFAF6279140882F296D353CBDF43B8C636B0E1CE14B12551ABF210C7EC5E639D4F9D3610CA7AE33D39060CEC8F44C34FA719C3440C3CAD5BF500B51FFEA54DF2A388997325DED0B369E150CBD505FB8860A9C0B433664AC6B8C9BFFAE4C8A09101A28CC06CFD93987B88DA5B7DC9B39A0410EB847312F5C2092C3BD8C86623CD8E96362B2A545904C8118AA2920CA102BD70FC30FB55125182F5D6481BCFFBCD7801DD75B1103463AC8660BBE6F76111BBE0CE473E79E0C7C26CE7EC0F0EB80C6DF1F079931498F389E381540F6EEEEAAD6C5F6D70FB894F6D4764811A59485722EF00262C78E0CAC39DB9AEE3822E09CA9252590C8D186728B16A4F782180D34D72407B940AC8CFC219752104FDE4B8CB45EDD45195FA609ECCB8B8298798762B688A8E2DC6F3BD74314616CE5E3E19EEED1E413F2C86607EABB3B1EF64AD8AFBB0DB891B62E626C832E38C6A51482175E470919F9FF2617BD7624253BF41AF82A1D4A8C64489EA335F2716C0BDF497257A19CCF9EF59304CCB71869E5A35D686053A3E5B89AB45AFEE0E58FC3B1A1AC7F1EE0E9CD43AF0AA78B02E60275349539676AEC9007DC038093A8F1217F31A2B016B841B37F996D5C0937E6DC94820B987147445AC14BBCD4EF108345120DA21D4AEF3CAB25EEC8FFD324FDB1FA34A0CFC451B47C5696CF5CE9FA4DC9DA0777E8AFB33451B941120FBC88D06365B0BA210DF450B37DA583912CF5BC865DB5A9DB5B8ADE9F5A97450FAB7B8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Celkový čas: 2010-06-16 08:38:04
ComboFix-quarantined-files.txt 2010-06-16 06:38
Před spuštěním: Volných bajtů: 52,781,584,384
Po spuštění: Volných bajtů: 52,760,895,488
- - End Of File - - 1A5B7504727ABEEFD037C7CCD819A53A
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
Log jsem přece vložil..
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
Log vypadá čistý. Kde AV hlásil tu infekci?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
AVG hlásí trojany ve Volumeinformation...musim rict ze po projeti s Combofixem se mi to uz nehlasi, pokud se neco objevi dam vedet. Jinak diky za kontrolu.
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, občas nahlášena infekce, prosím o kontrolu. D
System volume information je záloha systému. Pokud by se tam ještě vir objevil, vypněte obnovu systému, restartujte PC a obnovu opět zapněte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?