Zdravim, můžu požádat o kontrolu logu?
Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2010-11-20 11:47:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (40%) free of 131 GB
Total RAM: 1471 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:37, on 20.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TrustPort\Antivirus\bin\avmgma.exe
C:\Program Files\Common Files\TrustPort\bin\tptray.exe
C:\Program Files\TrustPort\Antivirus\bin\avcom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TrustPort\Antivirus\bin\avss.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\TrustPort\Antivirus\bin\avas.exe
C:\Program Files\TrustPort\Antivirus\bin\gozer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Petr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?ms=ge
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60040
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - -{02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {A6890AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TrustPortTray] "C:\Program Files\Common Files\TrustPort\bin\tptray.exe"
O4 - HKLM\..\Run: [AntivirusCommunicatorAgent] "C:\Program Files\TrustPort\Antivirus\bin\avcom.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [peedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Stáhnout položku pomocí FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout všechny položky pomocí FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Filtr webu - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Filtr webu - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Xchat - {2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Digitálně - {DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/ (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Stahuj.cz - {FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/ (file missing)
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} (FotoStarUploader Control) - http://foto.droxi.cz/snadno-vlozit-foto ... loader.dll
O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.cenia.cz/3dmodel/mzp/plugin/gvista31.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0675829765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2583526828
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.5.0_16) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/ ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CE1B984-0593-4A76-A334-2899A0456544}: NameServer = 192.168.2.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avas.exe
O23 - Service: TrustPort Antivirus Management Agent (avmgma_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avmgma.exe
O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avss.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe
O23 - Service: TrustPort Personal GTW (gozer) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\gozer.exe
O23 - Service: Google Update Service (gupdate1c99e8893d47ecc) (gupdate1c99e8893d47ecc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: TrustPort Antivirus DrWeb scanner service (tpavdrw_service) - Doctor Web, Ltd. - C:\Program Files\TrustPort\Antivirus\engines\drweb\dwengine.exe
--
End of file - 12873 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6f9615e000a.job
C:\WINDOWS\tasks\Secunia PSI (RC3).job
C:\WINDOWS\tasks\SymInstallStub.job
C:\WINDOWS\tasks\TrustPort Updater.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\-{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11D54ACE-09A9-11D4-8ACE-00C04F542830}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO\FlashGetBHO3.dll [2009-12-22 157232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-19 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\Program Files\ICQToolbar\toolbaru.dll [2005-01-19 446464]
{A6890AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"TrustPortTray"=C:\Program Files\Common Files\TrustPort\bin\tptray.exe [2009-11-06 802648]
"AntivirusCommunicatorAgent"=C:\Program Files\TrustPort\Antivirus\bin\avcom.exe [2009-11-06 638808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"wininet.dll"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"peedfan"=C:\Program Files\SpeedFan\speedfan.exe [2008-11-21 3835904]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-11 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-02-14 567016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avmgma_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gozer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktopCleanupWizard"=1
"NoInstrumentation"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoFind"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\S5MNWHMF\udpgate-1.0.1[1].exe"="C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\S5MNWHMF\udpgate-1.0.1[1].exe:*:Enabled:udpgate-1.0.1[1]"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======File associations======
.ini - open - notepad.exe %1
======List of files/folders created in the last 1 months======
2010-11-20 11:47:26 ----D---- C:\Program Files\trend micro
2010-11-20 11:47:20 ----D---- C:\rsit
2010-11-19 14:50:38 ----D---- C:\Program Files\Defraggler
2010-11-19 11:17:45 ----D---- C:\Program Files\NT Registry Optimizer
2010-11-19 10:07:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2010-11-19 10:07:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-11-19 10:07:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-11-19 09:42:36 ----D---- C:\Program Files\FlashGet Network
2010-11-19 09:35:15 ----A---- C:\WINDOWS\libem.INI
2010-11-19 09:34:56 ----D---- C:\Documents and Settings\Petr\Data aplikací\FlashGet
2010-11-19 09:34:52 ----D---- C:\Documents and Settings\Petr\Data aplikací\BITS
2010-11-19 09:34:43 ----D---- C:\Documents and Settings\Petr\Data aplikací\FlashGetBHO
2010-11-19 09:11:29 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-19 09:11:29 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-19 09:11:29 ----A---- C:\WINDOWS\system32\java.exe
2010-11-14 09:40:42 ----D---- C:\Program Files\Microsoft.NET
2010-10-27 17:36:34 ----A---- C:\WINDOWS\TSDataEx.ini
======List of files/folders modified in the last 1 months======
2010-11-20 11:47:26 ----D---- C:\Program Files
2010-11-20 11:47:08 ----D---- C:\Downloads
2010-11-20 11:21:13 ----D---- C:\WINDOWS\system32
2010-11-20 10:39:40 ----D---- C:\WINDOWS\Temp
2010-11-20 10:15:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-20 10:07:17 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-20 10:07:08 ----D---- C:\Program Files\SpeedFan
2010-11-20 10:06:23 ----D---- C:\WINDOWS
2010-11-20 10:06:14 ----D---- C:\Config.Msi
2010-11-20 09:59:06 ----D---- C:\WINDOWS\system32\drivers
2010-11-19 15:06:17 ----D---- C:\Program Files\CCleaner
2010-11-19 14:49:48 ----SHD---- C:\WINDOWS\Installer
2010-11-19 13:21:51 ----D---- C:\Program Files\Němčina
2010-11-19 13:18:53 ----D---- C:\Documents and Settings\Petr\Data aplikací\ispnews
2010-11-19 13:18:35 ----D---- C:\Program Files\PC Tools Firewall Plus
2010-11-19 13:09:11 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-11-19 13:09:11 ----D---- C:\WINDOWS\system32\config
2010-11-19 13:09:11 ----D---- C:\WINDOWS\EHome
2010-11-19 13:09:11 ----D---- C:\WINDOWS\ASTULogTemp
2010-11-19 13:09:10 ----D---- C:\Program Files\WinTranslator 2000
2010-11-19 13:09:10 ----D---- C:\Program Files\NC5
2010-11-19 13:09:09 ----D---- C:\Program Files\Mozilla Firefox
2010-11-19 13:09:09 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2010-11-19 11:58:47 ----A---- C:\WINDOWS\system32\oeminfo.ini
2010-11-19 11:47:29 ----D---- C:\aa
2010-11-19 11:47:28 ----D---- C:\WINDOWS\system32\NtmsData
2010-11-19 10:51:00 ----RD---- C:\WINDOWS\Web
2010-11-19 10:50:55 ----D---- C:\WINDOWS\Help
2010-11-19 10:50:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-11-19 10:13:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-19 10:13:15 ----D---- C:\WINDOWS\Minidump
2010-11-19 10:09:30 ----SD---- C:\WINDOWS\Tasks
2010-11-19 09:12:09 ----D---- C:\Program Files\Common Files\Java
2010-11-19 09:11:06 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-19 08:41:24 ----D---- C:\Games
2010-11-19 08:35:00 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-15 21:42:50 ----D---- C:\WINDOWS\system32\DirectX
2010-11-14 22:06:12 ----D---- C:\Program Files\Room Arranger
2010-11-14 13:08:01 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-14 13:07:59 ----RSD---- C:\WINDOWS\assembly
2010-11-14 09:46:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-14 09:41:27 ----D---- C:\WINDOWS\WinSxS
2010-11-14 09:40:47 ----D---- C:\WINDOWS\system32\en-US
2010-11-14 09:32:39 ----HD---- C:\WINDOWS\inf
2010-11-14 09:30:40 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-10-30 11:51:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-24 14:51:03 ----D---- C:\Documents and Settings\Petr\Data aplikací\ZoomBrowser EX
2010-10-24 14:25:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdide;amdide; C:\WINDOWS\system32\DRIVERS\amdide.sys [2007-10-12 9096]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2008-11-20 43872]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2006-02-24 88448]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-12-22 639224]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-10-25 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2006-11-07 17465]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\TrustPort\Antivirus\engines\NVC\NSE\NDISKIO.SYS []
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R2 tdifw;TrustPort PGTW driver; C:\WINDOWS\system32\drivers\tdifw.sys [2009-11-06 39768]
R2 tpsec;TrustPort Security Filter; C:\WINDOWS\system32\drivers\tpsec.sys [2009-11-06 20824]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-11 3225088]
R3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF; C:\WINDOWS\System32\DRIVERS\avasdmft.sys [2009-11-06 33624]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-10-06 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S3 AODDriver;AODDriver; \??\C:\Program Files\AMD\OverDrive\i386\AODDriver.sys []
S3 atirage3;atirage3; C:\WINDOWS\system32\DRIVERS\atimpae.sys [2001-10-24 75136]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\esihdrv.sys []
S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSICPL;MSICPL; \??\C:\Documents and Settings\Petr\Plocha\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-10-13 11776]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-11 557056]
R2 avmgma_service;TrustPort Antivirus Management Agent; C:\Program Files\TrustPort\Antivirus\bin\avmgma.exe [2009-11-06 292360]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe [2006-10-13 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-19 153376]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R3 avas_service;TrustPort Antivirus On-Access Scanner Agent; C:\Program Files\TrustPort\Antivirus\bin\avas.exe [2009-11-06 368472]
R3 avss_service;TrustPort Antivirus Service Scanner Provider; C:\Program Files\TrustPort\Antivirus\bin\avss.exe [2009-11-06 212824]
R3 gozer;TrustPort Personal GTW; C:\Program Files\TrustPort\Antivirus\bin\gozer.exe [2009-11-06 372568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c99e8893d47ecc;Google Update Service (gupdate1c99e8893d47ecc); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010\Dfsdks.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-22 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 tpavdrw_service;TrustPort Antivirus DrWeb scanner service; C:\Program Files\TrustPort\Antivirus\engines\drweb\dwengine.exe [2009-01-21 886072]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe []
S4 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe []
S4 fshttps;F-Secure HTTP Server; C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe []
S4 FSMA;FSMA; C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola
Dobrý večer 
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivní kontrola
Po delší době sem se dostal k PC,...udelal sem vše podle vašeho návodu a tady je nový log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 5406
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.12.2010 15:49:06
mbam-log-2010-12-28 (15-48-57).txt
Typ kontroly: Úplný test (C:\|)
Testované objekty: 295334
Uplynulý čas: 2 hodin, 10 minut, 54 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (Adware.180Solutions) -> No action taken.
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 5406
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.12.2010 15:49:06
mbam-log-2010-12-28 (15-48-57).txt
Typ kontroly: Úplný test (C:\|)
Testované objekty: 295334
Uplynulý čas: 2 hodin, 10 minut, 54 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (Adware.180Solutions) -> No action taken.
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.
Re: Preventivní kontrola
Vše smažte.
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivní kontrola
Spustil sem combofix a tady je výsledný log. Mám to chápat tak, že ted by mělo být všechno v pořádku, nebo se bude ještě něco mazat?
ComboFix 10-12-28.03 - Petr 29.12.2010 16:13:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1652 [GMT 1:00]
Spuštěný z: c:\downloads\software\ComboFix.exe
AV: F-Secure Anti-Virus 2006 6.10 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: TrustPort Antivirus *Disabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
FW: F-Secure Anti-Virus 2006 6.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\page
c:\documents and settings\All Users\Data aplikací\page\page.ico
c:\documents and settings\All Users\Data aplikací\page\page.URL
c:\documents and settings\Petr\Data aplikací\.#
c:\program files\\setup.exe
c:\program files\Setup.exe
C:\Thumbs.db
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\Oeminfo.ini
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-29 )))))))))))))))))))))))))))))))
.
2010-12-29 08:41 . 2010-12-29 08:41 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Quest3D
2010-12-29 08:41 . 2010-12-29 08:41 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Roaming
2010-12-28 15:09 . 2010-12-28 15:09 -------- d-----w- c:\program files\Secunia
2010-12-28 12:10 . 2010-12-28 12:10 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Malwarebytes
2010-12-28 12:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-28 12:10 . 2010-12-28 12:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-28 12:10 . 2010-12-28 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-28 12:10 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-28 09:21 . 2010-12-28 09:46 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-12-26 16:47 . 2008-04-22 21:20 1584149 ----a-w- c:\windows\system32\setupapinew.dll
2010-12-26 16:47 . 2008-03-09 06:25 236 ---ha-w- c:\program files\Common Files\dx.reg
2010-12-26 16:47 . 2008-05-04 16:42 789525 ----a-w- c:\windows\system32\rpcrt4new.dll
2010-12-26 16:47 . 2007-04-18 01:13 25037 ----a-w- c:\windows\system32\Nucleus.dll
2010-12-26 16:47 . 2006-11-02 11:47 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
2010-12-26 16:47 . 2004-12-08 16:57 376832 ----a-w- c:\windows\system32\M2000Twn.dll
2010-12-26 16:47 . 2006-11-29 13:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-12-26 16:47 . 2008-04-12 17:13 1029126 ----a-w- c:\windows\system32\d3d10.dll
2010-12-26 15:13 . 2010-12-26 15:13 -------- d-----w- c:\program files\18 Wheels of Steel American Long Haul
2010-12-26 14:55 . 2010-12-26 14:55 -------- d-----w- c:\program files\MSI Kombustor
2010-12-26 11:33 . 2010-12-29 14:17 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-26 11:33 . 2010-12-29 14:17 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-26 11:33 . 2010-12-29 14:17 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-26 11:28 . 2010-10-22 06:23 9623680 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-12-26 11:28 . 2010-10-22 06:23 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-12-26 11:28 . 2010-10-22 06:23 6359552 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-12-26 11:28 . 2010-10-22 06:23 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-12-26 11:07 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-12-26 11:07 . 2010-12-29 14:15 -------- d-----w- C:\NVIDIA
2010-12-26 11:06 . 2010-12-26 11:06 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2010-12-26 09:56 . 2010-09-07 20:09 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-12-26 09:56 . 2010-09-07 20:08 100712 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2010-12-26 09:56 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-26 09:56 . 2010-10-22 06:23 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-26 09:56 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-26 09:56 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-26 09:56 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-26 09:56 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-26 09:56 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-26 09:56 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-26 09:56 . 2010-10-22 06:23 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-26 09:56 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-23 11:05 . 2010-12-23 11:05 -------- d-----w- c:\program files\Elektromer2008
2010-12-23 11:01 . 2010-12-23 11:10 -------- d-----w- c:\program files\bluescreenview
2010-12-20 19:02 . 2010-12-20 19:02 -------- d-----w- c:\program files\VideoLAN
2010-12-20 18:54 . 2010-12-20 19:07 -------- d-----w- c:\program files\smplayer-portable-0.6.9
2010-12-20 17:05 . 2010-09-08 08:09 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-20 17:05 . 2010-09-08 08:07 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-18 10:08 . 2010-12-18 10:08 -------- d-----w- c:\program files\AVIcodec
2010-12-14 19:18 . 2010-12-14 19:18 -------- d-----w- c:\documents and settings\Petr\Data aplikací\NVIDIA 3D Vision Video Player
2010-12-09 19:21 . 2010-12-28 10:40 -------- d-----w- c:\program files\MSI Afterburner
2010-12-09 19:17 . 2010-12-09 19:17 -------- d-----w- c:\documents and settings\Petr\Data aplikací\NVIDIA
2010-12-09 18:35 . 2010-12-26 11:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2010-12-09 18:35 . 2010-12-29 14:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-05 08:54 . 2010-12-05 08:59 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\GIANTS Editor 4.1.7
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-20 10:47 . 2010-11-20 10:47 339991 ----a-w- c:\program files\RSIT.exe
2010-11-19 08:11 . 2010-11-19 08:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-19 08:11 . 2010-04-24 09:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:15 . 2005-10-25 18:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2001-10-25 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-10-25 18:38 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2001-10-25 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-10 13:37 . 2010-06-10 13:37 3074560 ----a-w- c:\program files\openofficeorg32.msi
2009-12-29 13:34 . 2009-12-29 13:34 2363360 ----a-w- c:\program files\SysInspector.exe
2009-12-26 15:04 . 2009-12-26 15:04 1507328 ----a-w- c:\program files\cpuz.exe
2009-10-12 12:33 . 2009-12-19 17:27 9330448 ----a-w- c:\program files\winoptimizer_2010_6.50_chip_full.exe
2008-07-15 16:05 . 2008-07-15 16:05 532616 ----a-w- c:\program files\ImageResizerPowertoySetup.exe
2007-05-25 20:08 . 2007-07-22 11:14 221184 ----a-w- c:\program files\ITNConv.exe
2004-10-26 18:39 . 2009-01-07 08:31 3530752 ----a-w- c:\program files\Monitor_Test.exe
2004-04-21 08:38 . 2009-04-01 18:53 446464 ----a-w- c:\program files\HPUSBFW.EXE
2003-11-13 10:00 . 2009-04-01 18:53 450560 ----a-w- c:\program files\HPUSBF.EXE
2003-10-10 11:22 . 2006-03-26 17:39 470528 ----a-w- c:\program files\msi.exe
2002-03-19 15:30 . 2002-03-19 15:30 21504 ----a-w- c:\program files\phototoys.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProcessExplorer"=c:\program files\ProcessExplorer\procexp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Games\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"c:\\Games\\Landwirtschafts Simulator 2011\\game.exe"=
"c:\\Games\\Farming Simulator 2011\\FarmingSimulator2011.exe"=
"c:\\Games\\Farming Simulator 2011\\game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2006 10:18 639224]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [28.12.2009 17:17 159600]
R2 Ndiskio;Ndiskio;c:\program files\TrustPort\Antivirus\engines\nvc\nse\ndiskio.sys [13.5.2003 9:38 18432]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [28.12.2009 17:17 73840]
R2 tdifw;TrustPort PGTW driver;c:\windows\system32\drivers\tdifw.sys [29.12.2009 9:52 39768]
R2 tpsec;TrustPort Security Filter;c:\windows\system32\drivers\tpsec.sys [29.12.2009 9:52 20824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [26.12.2010 10:56 100712]
S2 avmgma_service;TrustPort Antivirus Management Agent;c:\program files\TrustPort\Antivirus\bin\avmgma.exe [29.12.2009 9:52 292360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c99e8893d47ecc;Google Update Service (gupdate1c99e8893d47ecc);c:\program files\Google\Update\GoogleUpdate.exe [2.5.2010 12:50 136176]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent;c:\program files\TrustPort\Antivirus\bin\avas.exe [29.12.2009 9:52 368472]
S3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;c:\windows\system32\drivers\avasdmft.sys [29.12.2009 9:52 33624]
S3 avss_service;TrustPort Antivirus Service Scanner Provider;c:\program files\TrustPort\Antivirus\bin\avss.exe [29.12.2009 9:52 212824]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010\DfSdkS.exe [28.3.2010 7:37 406016]
S3 esihdrv;esihdrv;\??\c:\docume~1\Petr\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Petr\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [31.1.2010 19:08 9216]
S3 gozer;TrustPort Personal GTW;c:\program files\TrustPort\Antivirus\bin\gozer.exe [29.12.2009 9:52 372568]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [28.12.2009 17:16 95640]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7.7.2010 15:05 14904]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 tpavdrw_service;TrustPort Antivirus DrWeb scanner service;c:\program files\TrustPort\Antivirus\engines\drweb\dwengine.exe [21.1.2009 16:09 886072]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [26.12.2009 18:05 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - PROCEXP141
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9615e000a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 11:50]
2010-11-19 c:\windows\Tasks\SymInstallStub.job
- c:\windows\system32\Adobe\Shockwave 11\syminstallstub.exe [2010-11-19 07:59]
2009-12-29 c:\windows\Tasks\TrustPort Updater.job
- c:\program files\Common Files\TrustPort\bin\tpupdate.exe [2009-12-29 11:52]
2009-04-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word
IE: ????3??
IE: ????3??????
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links
IE: Cached Snapshot of Page
IE: Download all by FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Similar Pages
IE: Stahnou vse FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Stáhnout položku pomocí FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Stáhnout všechny položky pomocí FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Translate Page into English
IE: ????3?? - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
LSP: winsflt.dll
Trusted Zone: imageshack.us\toolbar
Trusted Zone: kuaiche.com\software
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.droxi.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader.dll
DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} - hxxp://www.cenia.cz/3dmodel/mzp/plugin/gvista31.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/4764/defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\eizk9brl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60040&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ÄŚeskĂ© slovnĂky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.blink_allowed - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
Notify-AtiExtEvent - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 16:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tpavdrw_service]
"ImagePath"="\"c:\program files\TrustPort\Antivirus\engines\drweb\dwengine.exe\" -rpcpr:lpc -rpcep:tpav_drweb_rpc -name:tpavdrw_service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Acronis\DiskDirector\geReadY*]
"TOPSTATE"="0"
"WIDTHNORMAL"="628"
"HEIGHTNORMAL"="508"
"XNORMAL"="192"
"YNORMAL"="103"
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\Petr\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Petr\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{26793A53-BC94-B810-C9E8-37A985794921}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2773A2F2-42DE-F080-AF3E-7651FAE72BAE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="0F7F9B56A37C4E98B1A548F0EB6C627EB887E6627946D57C253FBFF67756EB558885DB077B6C679C9685F727818325EA7A4ABFDFAA6D7FA808B7E484549B0DE138977C0DFCED252C72B0AE817694B99D2C733800EA0600555433BCC735FE679090F3E153009664FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5558EDD5E5BE2F6E6675D575E7D6A3B9808E45D074B7987B7E960034CE26F96BCADDB8E3E21F6B3E75F72E8F4510400CBE52DBC9129151664E820310CEE5026359E07F98FE53073E0DF0130DD8FC312E193D9FED2BCFCFC4DE3D9A4686D107EA1CB333BD002DEDFAB6972D2A9BC7C6DF7AC8765298DB5D0D74BDE8BF43AB3AFEF0A838CF3C7AAA4DE57D6BBBE3F157D6CB15B2595BA07574CE20285EC49057FF2021C9C8A207C24F7D547462A94BA618374FB673BF37C0ED8411EAA2F21126362B1A710CB8403F35568DDC09ACCDAEA671C1648657FE8220F538E05BB5BA98BD56854FA118531DD3A6338F0E58C2820A3A3585A0036DC78655A3411BA2663D54E4B526CDBC5BBDECE70798F818A1B3C28D977209B063429B267F2C274C396582CD3D65F4DFB9D299D8F48458B946E2EC960A996ECEE88FDB662347FD68A61D9B7CE9EC92D7514221610CFB5438A2118C0AE2CA64D083AF79189659F73E42459995CE311E58FA2620C983E720C6175D0AA8F3EB33A78ED4B486AF57381518505E1F0EA91873E0E38B6234685EDA0756285A2A21253FE8CDCC56A5B3C5A626D4381D57718C209E125B2FC9EE915E4690B37D9220B5FEC414AD6BF0D307BBC092CCF28D3E96F0BEADEFC49020F515DE0BD087B07DBC4267CE1AC778977879D490B0658CD3E0972BCCD7A7B2F59164F30A125A2A2B491A5F1295C6F50B3C3CF646144ABB73DAE04AC91F25FE722FB136D101D3F473C78779A55DF5EE5731B3853E30CB9E5092296D4F9901274B33E94741866924D09CABD3253944952BE99CA53FAC4EFB2344B95148C64859D4FBED464FCD6B4902A05ADB8413B8D240F729464C1B68F7B4334800B84607EB3A77EE620B32E0FEF20410FF1F479DAEA52FBB14C0B91ACA2340DE9A14DDB1909E526F3CEE70AE04F5F42C167F359B43BEAAE5514DA67318C75A7F80089134073A604B75B7770BE96516C3564F9C8F12EAEA9C50AE82FD7A3E77BE9960FA5B74D7784837576C88CB15348EE787817C0DFE6AD5D3DA1C334D6E4220B9666169477DE3EBA9029DE0690360388F8907A9E7153A28A04A5612895B65CC0F54D4C4051D46856E28C653BA43F6CAFFD9B0EDF87A48F4E784A2D6ED59C0C81EEB5937945435DE0674DEF8D68267B24E223CD2DCA01254076972B13134938587F451B513A8B1FFB5E4E7534D519C8BC47681A8067"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F03\4&1b121af8&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\winsflt.dll
.
Celkový čas: 2010-12-29 16:20:10
ComboFix-quarantined-files.txt 2010-12-29 15:20
Před spuštěním: Volných bajtů: 40 514 703 360
Po spuštění: Volných bajtů: 40 491 466 752
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
;timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4FB8ED58F6A0C2015A5F8B37EC917CA8
ComboFix 10-12-28.03 - Petr 29.12.2010 16:13:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1652 [GMT 1:00]
Spuštěný z: c:\downloads\software\ComboFix.exe
AV: F-Secure Anti-Virus 2006 6.10 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: TrustPort Antivirus *Disabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
FW: F-Secure Anti-Virus 2006 6.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\page
c:\documents and settings\All Users\Data aplikací\page\page.ico
c:\documents and settings\All Users\Data aplikací\page\page.URL
c:\documents and settings\Petr\Data aplikací\.#
c:\program files\\setup.exe
c:\program files\Setup.exe
C:\Thumbs.db
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\Oeminfo.ini
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-29 )))))))))))))))))))))))))))))))
.
2010-12-29 08:41 . 2010-12-29 08:41 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Quest3D
2010-12-29 08:41 . 2010-12-29 08:41 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Roaming
2010-12-28 15:09 . 2010-12-28 15:09 -------- d-----w- c:\program files\Secunia
2010-12-28 12:10 . 2010-12-28 12:10 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Malwarebytes
2010-12-28 12:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-28 12:10 . 2010-12-28 12:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-28 12:10 . 2010-12-28 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-28 12:10 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-28 09:21 . 2010-12-28 09:46 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-12-26 16:47 . 2008-04-22 21:20 1584149 ----a-w- c:\windows\system32\setupapinew.dll
2010-12-26 16:47 . 2008-03-09 06:25 236 ---ha-w- c:\program files\Common Files\dx.reg
2010-12-26 16:47 . 2008-05-04 16:42 789525 ----a-w- c:\windows\system32\rpcrt4new.dll
2010-12-26 16:47 . 2007-04-18 01:13 25037 ----a-w- c:\windows\system32\Nucleus.dll
2010-12-26 16:47 . 2006-11-02 11:47 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
2010-12-26 16:47 . 2004-12-08 16:57 376832 ----a-w- c:\windows\system32\M2000Twn.dll
2010-12-26 16:47 . 2006-11-29 13:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-12-26 16:47 . 2008-04-12 17:13 1029126 ----a-w- c:\windows\system32\d3d10.dll
2010-12-26 15:13 . 2010-12-26 15:13 -------- d-----w- c:\program files\18 Wheels of Steel American Long Haul
2010-12-26 14:55 . 2010-12-26 14:55 -------- d-----w- c:\program files\MSI Kombustor
2010-12-26 11:33 . 2010-12-29 14:17 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-26 11:33 . 2010-12-29 14:17 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-26 11:33 . 2010-12-29 14:17 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-26 11:28 . 2010-10-22 06:23 9623680 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-12-26 11:28 . 2010-10-22 06:23 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-12-26 11:28 . 2010-10-22 06:23 6359552 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-12-26 11:28 . 2010-10-22 06:23 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-12-26 11:07 . 2010-06-21 22:07 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-12-26 11:07 . 2010-12-29 14:15 -------- d-----w- C:\NVIDIA
2010-12-26 11:06 . 2010-12-26 11:06 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2010-12-26 09:56 . 2010-09-07 20:09 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-12-26 09:56 . 2010-09-07 20:08 100712 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2010-12-26 09:56 . 2010-10-22 06:23 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-26 09:56 . 2010-10-22 06:23 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-26 09:56 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-26 09:56 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-26 09:56 . 2010-10-22 06:23 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-26 09:56 . 2010-10-22 06:23 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-26 09:56 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-26 09:56 . 2010-10-22 06:23 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-26 09:56 . 2010-10-22 06:23 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-26 09:56 . 2010-10-22 06:23 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-23 11:05 . 2010-12-23 11:05 -------- d-----w- c:\program files\Elektromer2008
2010-12-23 11:01 . 2010-12-23 11:10 -------- d-----w- c:\program files\bluescreenview
2010-12-20 19:02 . 2010-12-20 19:02 -------- d-----w- c:\program files\VideoLAN
2010-12-20 18:54 . 2010-12-20 19:07 -------- d-----w- c:\program files\smplayer-portable-0.6.9
2010-12-20 17:05 . 2010-09-08 08:09 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-20 17:05 . 2010-09-08 08:07 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-18 10:08 . 2010-12-18 10:08 -------- d-----w- c:\program files\AVIcodec
2010-12-14 19:18 . 2010-12-14 19:18 -------- d-----w- c:\documents and settings\Petr\Data aplikací\NVIDIA 3D Vision Video Player
2010-12-09 19:21 . 2010-12-28 10:40 -------- d-----w- c:\program files\MSI Afterburner
2010-12-09 19:17 . 2010-12-09 19:17 -------- d-----w- c:\documents and settings\Petr\Data aplikací\NVIDIA
2010-12-09 18:35 . 2010-12-26 11:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2010-12-09 18:35 . 2010-12-29 14:16 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-05 08:54 . 2010-12-05 08:59 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\GIANTS Editor 4.1.7
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-20 10:47 . 2010-11-20 10:47 339991 ----a-w- c:\program files\RSIT.exe
2010-11-19 08:11 . 2010-11-19 08:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-19 08:11 . 2010-04-24 09:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:15 . 2005-10-25 18:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2001-10-25 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-10-25 18:38 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2001-10-25 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 11:05 . 2010-10-16 11:05 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 11:05 . 2010-10-16 11:05 335872 ----a-w- c:\windows\system32\nvrsar.dll
2010-10-16 11:05 . 2010-10-16 11:05 331776 ----a-w- c:\windows\system32\nvrshe.dll
2010-10-16 11:05 . 2010-10-16 11:05 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrses.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsel.dll
2010-10-16 11:05 . 2010-10-16 11:05 278528 ----a-w- c:\windows\system32\nvrsde.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsru.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2010-10-16 11:05 . 2010-10-16 11:05 266240 ----a-w- c:\windows\system32\nvrsko.dll
2010-10-16 11:05 . 2010-10-16 11:05 262144 ----a-w- c:\windows\system32\nvrshu.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrstr.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssl.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrssk.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrssv.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsda.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrseng.dll
2010-10-16 11:05 . 2010-10-16 11:05 249856 ----a-w- c:\windows\system32\nvrscs.dll
2010-10-16 11:05 . 2010-10-16 11:05 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-10-16 11:05 . 2010-10-16 11:05 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-10-16 11:05 . 2010-10-16 11:05 282624 ----a-w- c:\windows\system32\nvrsit.dll
2010-10-16 11:05 . 2010-10-16 11:05 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 11:05 . 2010-10-16 11:05 274432 ----a-w- c:\windows\system32\nvrspt.dll
2010-10-16 11:05 . 2010-10-16 11:05 270336 ----a-w- c:\windows\system32\nvrsja.dll
2010-10-16 11:05 . 2010-10-16 11:05 258048 ----a-w- c:\windows\system32\nvrspl.dll
2010-10-16 11:05 . 2010-10-16 11:05 253952 ----a-w- c:\windows\system32\nvrsno.dll
2010-10-16 11:05 . 2010-10-16 11:05 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 11:05 . 2010-10-16 11:05 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 11:05 . 2010-10-16 11:05 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 11:05 . 2010-10-16 11:05 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-10 13:37 . 2010-06-10 13:37 3074560 ----a-w- c:\program files\openofficeorg32.msi
2009-12-29 13:34 . 2009-12-29 13:34 2363360 ----a-w- c:\program files\SysInspector.exe
2009-12-26 15:04 . 2009-12-26 15:04 1507328 ----a-w- c:\program files\cpuz.exe
2009-10-12 12:33 . 2009-12-19 17:27 9330448 ----a-w- c:\program files\winoptimizer_2010_6.50_chip_full.exe
2008-07-15 16:05 . 2008-07-15 16:05 532616 ----a-w- c:\program files\ImageResizerPowertoySetup.exe
2007-05-25 20:08 . 2007-07-22 11:14 221184 ----a-w- c:\program files\ITNConv.exe
2004-10-26 18:39 . 2009-01-07 08:31 3530752 ----a-w- c:\program files\Monitor_Test.exe
2004-04-21 08:38 . 2009-04-01 18:53 446464 ----a-w- c:\program files\HPUSBFW.EXE
2003-11-13 10:00 . 2009-04-01 18:53 450560 ----a-w- c:\program files\HPUSBF.EXE
2003-10-10 11:22 . 2006-03-26 17:39 470528 ----a-w- c:\program files\msi.exe
2002-03-19 15:30 . 2002-03-19 15:30 21504 ----a-w- c:\program files\phototoys.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProcessExplorer"=c:\program files\ProcessExplorer\procexp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Games\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"c:\\Games\\Landwirtschafts Simulator 2011\\game.exe"=
"c:\\Games\\Farming Simulator 2011\\FarmingSimulator2011.exe"=
"c:\\Games\\Farming Simulator 2011\\game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2006 10:18 639224]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [28.12.2009 17:17 159600]
R2 Ndiskio;Ndiskio;c:\program files\TrustPort\Antivirus\engines\nvc\nse\ndiskio.sys [13.5.2003 9:38 18432]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [28.12.2009 17:17 73840]
R2 tdifw;TrustPort PGTW driver;c:\windows\system32\drivers\tdifw.sys [29.12.2009 9:52 39768]
R2 tpsec;TrustPort Security Filter;c:\windows\system32\drivers\tpsec.sys [29.12.2009 9:52 20824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [26.12.2010 10:56 100712]
S2 avmgma_service;TrustPort Antivirus Management Agent;c:\program files\TrustPort\Antivirus\bin\avmgma.exe [29.12.2009 9:52 292360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c99e8893d47ecc;Google Update Service (gupdate1c99e8893d47ecc);c:\program files\Google\Update\GoogleUpdate.exe [2.5.2010 12:50 136176]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent;c:\program files\TrustPort\Antivirus\bin\avas.exe [29.12.2009 9:52 368472]
S3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;c:\windows\system32\drivers\avasdmft.sys [29.12.2009 9:52 33624]
S3 avss_service;TrustPort Antivirus Service Scanner Provider;c:\program files\TrustPort\Antivirus\bin\avss.exe [29.12.2009 9:52 212824]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010\DfSdkS.exe [28.3.2010 7:37 406016]
S3 esihdrv;esihdrv;\??\c:\docume~1\Petr\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Petr\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [31.1.2010 19:08 9216]
S3 gozer;TrustPort Personal GTW;c:\program files\TrustPort\Antivirus\bin\gozer.exe [29.12.2009 9:52 372568]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [28.12.2009 17:16 95640]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7.7.2010 15:05 14904]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 tpavdrw_service;TrustPort Antivirus DrWeb scanner service;c:\program files\TrustPort\Antivirus\engines\drweb\dwengine.exe [21.1.2009 16:09 886072]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [26.12.2009 18:05 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - PROCEXP141
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9615e000a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 11:50]
2010-11-19 c:\windows\Tasks\SymInstallStub.job
- c:\windows\system32\Adobe\Shockwave 11\syminstallstub.exe [2010-11-19 07:59]
2009-12-29 c:\windows\Tasks\TrustPort Updater.job
- c:\program files\Common Files\TrustPort\bin\tpupdate.exe [2009-12-29 11:52]
2009-04-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word
IE: ????3??
IE: ????3??????
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links
IE: Cached Snapshot of Page
IE: Download all by FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Similar Pages
IE: Stahnou vse FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Stáhnout položku pomocí FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: Stáhnout všechny položky pomocí FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Translate Page into English
IE: ????3?? - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Petr\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
LSP: winsflt.dll
Trusted Zone: imageshack.us\toolbar
Trusted Zone: kuaiche.com\software
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.droxi.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader.dll
DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} - hxxp://www.cenia.cz/3dmodel/mzp/plugin/gvista31.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/4764/defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\eizk9brl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60040&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ÄŚeskĂ© slovnĂky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.blink_allowed - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{11D54ACE-09A9-11D4-8ACE-00C04F542830} - (no file)
Notify-AtiExtEvent - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 16:17
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tpavdrw_service]
"ImagePath"="\"c:\program files\TrustPort\Antivirus\engines\drweb\dwengine.exe\" -rpcpr:lpc -rpcep:tpav_drweb_rpc -name:tpavdrw_service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Acronis\DiskDirector\geReadY*]
"TOPSTATE"="0"
"WIDTHNORMAL"="628"
"HEIGHTNORMAL"="508"
"XNORMAL"="192"
"YNORMAL"="103"
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\Petr\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Petr\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{26793A53-BC94-B810-C9E8-37A985794921}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-823518204-839522115-699448104-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2773A2F2-42DE-F080-AF3E-7651FAE72BAE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="0F7F9B56A37C4E98B1A548F0EB6C627EB887E6627946D57C253FBFF67756EB558885DB077B6C679C9685F727818325EA7A4ABFDFAA6D7FA808B7E484549B0DE138977C0DFCED252C72B0AE817694B99D2C733800EA0600555433BCC735FE679090F3E153009664FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5558EDD5E5BE2F6E6675D575E7D6A3B9808E45D074B7987B7E960034CE26F96BCADDB8E3E21F6B3E75F72E8F4510400CBE52DBC9129151664E820310CEE5026359E07F98FE53073E0DF0130DD8FC312E193D9FED2BCFCFC4DE3D9A4686D107EA1CB333BD002DEDFAB6972D2A9BC7C6DF7AC8765298DB5D0D74BDE8BF43AB3AFEF0A838CF3C7AAA4DE57D6BBBE3F157D6CB15B2595BA07574CE20285EC49057FF2021C9C8A207C24F7D547462A94BA618374FB673BF37C0ED8411EAA2F21126362B1A710CB8403F35568DDC09ACCDAEA671C1648657FE8220F538E05BB5BA98BD56854FA118531DD3A6338F0E58C2820A3A3585A0036DC78655A3411BA2663D54E4B526CDBC5BBDECE70798F818A1B3C28D977209B063429B267F2C274C396582CD3D65F4DFB9D299D8F48458B946E2EC960A996ECEE88FDB662347FD68A61D9B7CE9EC92D7514221610CFB5438A2118C0AE2CA64D083AF79189659F73E42459995CE311E58FA2620C983E720C6175D0AA8F3EB33A78ED4B486AF57381518505E1F0EA91873E0E38B6234685EDA0756285A2A21253FE8CDCC56A5B3C5A626D4381D57718C209E125B2FC9EE915E4690B37D9220B5FEC414AD6BF0D307BBC092CCF28D3E96F0BEADEFC49020F515DE0BD087B07DBC4267CE1AC778977879D490B0658CD3E0972BCCD7A7B2F59164F30A125A2A2B491A5F1295C6F50B3C3CF646144ABB73DAE04AC91F25FE722FB136D101D3F473C78779A55DF5EE5731B3853E30CB9E5092296D4F9901274B33E94741866924D09CABD3253944952BE99CA53FAC4EFB2344B95148C64859D4FBED464FCD6B4902A05ADB8413B8D240F729464C1B68F7B4334800B84607EB3A77EE620B32E0FEF20410FF1F479DAEA52FBB14C0B91ACA2340DE9A14DDB1909E526F3CEE70AE04F5F42C167F359B43BEAAE5514DA67318C75A7F80089134073A604B75B7770BE96516C3564F9C8F12EAEA9C50AE82FD7A3E77BE9960FA5B74D7784837576C88CB15348EE787817C0DFE6AD5D3DA1C334D6E4220B9666169477DE3EBA9029DE0690360388F8907A9E7153A28A04A5612895B65CC0F54D4C4051D46856E28C653BA43F6CAFFD9B0EDF87A48F4E784A2D6ED59C0C81EEB5937945435DE0674DEF8D68267B24E223CD2DCA01254076972B13134938587F451B513A8B1FFB5E4E7534D519C8BC47681A8067"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F03\4&1b121af8&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\winsflt.dll
.
Celkový čas: 2010-12-29 16:20:10
ComboFix-quarantined-files.txt 2010-12-29 15:20
Před spuštěním: Volných bajtů: 40 514 703 360
Po spuštění: Volných bajtů: 40 491 466 752
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
;timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4FB8ED58F6A0C2015A5F8B37EC917CA8
Re: Preventivní kontrola
Něco málo ještě domažeme.
Který antivir používáte?
AV: F-Secure Anti-Virus 2006 6.10 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: TrustPort Antivirus *Disabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
FW: F-Secure Anti-Virus 2006 6.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
Který antivir používáte?
AV: F-Secure Anti-Virus 2006 6.10 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: TrustPort Antivirus *Disabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
FW: F-Secure Anti-Virus 2006 6.10 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivní kontrola
Používám TrustPort Antivirus.
Re: Preventivní kontrola
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
SecCenter::
{E7512ED5-4245-4B4D-AF3A-382D3F313F15}
{D4747503-0346-49EB-9262-997542F79BF4}
Restore::
c:\windows\system32\drivers\tcpip.sys
Driver::
esihdrv
File::
c:\docume~1\Petr\LOCALS~1\Temp\esihdrv.sys
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?