Kámošky PC je velice zabržděné prosím o kontrolu logu, obávám se že údržba PC je taková žádná spíš. Díky.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Pepinka at 2011-01-07 16:59:45
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 856 MB (1%) free of 114 GB
Total RAM: 2047 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:59, on 7.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\Documents and Settings\Pepinka\Dokumenty\Downloads\QIP Infium bz™Pack\inf.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pepinka\Dokumenty\RSIT.exe
C:\Program Files\trend micro\Pepinka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [vypinac] C:\Program Files\Vypinac
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Badoo Desktop] "C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bw+0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {D6DD2696-36A6-4910-9542-54A77E571F42} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 25314 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1935655697-1957994488-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1935655697-1957994488-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Documents and Settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll [2010-12-23 48512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-23 141184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-23 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-23 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-03-29 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-23 149280]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ClientGW"= []
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-10-25 380928]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []
"NokiaMusic FastStart"=C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2010-03-04 2192672]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"Google Update"=C:\Documents and Settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-08-21 133104]
"vypinac"=C:\Program Files\Vypinac []
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-07-13 36864]
"Badoo Desktop"=C:\Documents and Settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe [2010-10-29 983552]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"QIP Internet Guardian"=C:\Documents and Settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe [2010-12-23 191360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Pepinka\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
======List of files/folders created in the last 1 months======
2011-01-07 16:59:45 ----D---- C:\rsit
2011-01-07 16:59:45 ----D---- C:\Program Files\trend micro
2011-01-05 15:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-01-05 15:46:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-01-05 15:41:47 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-05 02:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-01-05 02:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-01-05 02:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-01-05 02:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-01-05 02:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-01-05 02:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-01-05 02:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-01-05 02:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-01-05 01:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-01-05 01:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-01-05 01:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-01-05 01:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-01-05 01:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-01-05 01:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2011-01-05 01:58:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-01-05 01:58:51 ----D---- C:\WINDOWS\system32\KB905474
2011-01-05 01:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-01-05 01:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-01-05 01:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-01-05 01:58:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-01-05 01:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-01-05 01:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-01-05 01:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-01-05 01:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-01-05 01:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-01-05 01:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-01-05 01:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-01-05 01:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-01-05 01:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-01-05 01:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-01-05 01:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-01-05 01:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-01-05 01:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2011-01-05 01:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-01-05 01:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-01-05 01:41:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-01-05 01:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2011-01-05 01:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-01-05 01:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-01-05 01:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-01-05 01:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-01-05 01:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2011-01-05 01:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-01-05 01:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-01-05 01:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-01-05 01:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-01-05 01:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-01-05 01:39:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-01-05 01:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-01-05 01:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-01-05 01:38:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-01-05 01:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-01-05 01:37:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-01-05 01:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-01-05 01:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-01-05 01:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-01-05 01:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-01-05 01:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-01-05 01:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-01-05 01:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-01-05 01:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-01-05 01:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-01-05 01:35:49 ----D---- C:\WINDOWS\ServicePackFiles
2011-01-05 01:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2011-01-05 01:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-01-05 01:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-01-05 01:34:13 ----SHD---- C:\Config.Msi
2011-01-05 01:33:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-01-05 01:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2011-01-05 01:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-01-05 01:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-01-05 01:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2011-01-05 01:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-01-05 01:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2011-01-05 01:24:41 ----D---- C:\Program Files\MSXML 4.0
2011-01-05 01:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2011-01-05 01:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-01-05 01:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-01-05 01:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-01-04 22:55:34 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-01-04 22:31:43 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-01-04 22:00:53 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-01-04 21:59:49 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-01-04 21:42:56 ----D---- C:\WINDOWS\system32\PreInstall
2011-01-04 21:42:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-01-04 21:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-01-04 21:42:49 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-04 21:21:17 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-01-04 21:13:40 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-04 21:13:40 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-04 21:13:39 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-04 21:13:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-04 21:13:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-04 21:13:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-04 21:13:36 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-04 21:13:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-12-30 00:48:41 ----D---- C:\Documents and Settings\Pepinka\Data aplikací\QipGuard
2010-12-30 00:48:21 ----D---- C:\Program Files\QIP Infium
2010-12-18 18:03:42 ----D---- C:\Program Files\iPod
2010-12-18 17:49:19 ----D---- C:\Program Files\QuickTime
2010-12-09 06:32:36 ----D---- C:\Program Files\Common Files\Skype
2010-12-08 21:43:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
======List of files/folders modified in the last 1 months======
2011-01-07 16:59:57 ----D---- C:\WINDOWS\Prefetch
2011-01-07 16:59:45 ----RD---- C:\Program Files
2011-01-07 16:58:31 ----D---- C:\WINDOWS\Temp
2011-01-07 16:57:59 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-07 16:56:58 ----D---- C:\Documents and Settings\Pepinka\Data aplikací\Skype
2011-01-07 16:05:51 ----D---- C:\Documents and Settings\Pepinka\Data aplikací\skypePM
2011-01-07 10:38:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-07 07:40:05 ----A---- C:\WINDOWS\wincmd.ini
2011-01-07 06:35:08 ----D---- C:\WINDOWS
2011-01-06 21:55:03 ----D---- C:\WINDOWS\system32
2011-01-05 16:16:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-05 16:13:19 ----D---- C:\WINDOWS\system32\drivers
2011-01-05 15:49:24 ----HD---- C:\WINDOWS\inf
2011-01-05 15:49:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-05 15:49:06 ----SHD---- C:\WINDOWS\Installer
2011-01-05 15:46:31 ----A---- C:\WINDOWS\imsins.BAK
2011-01-05 15:41:57 ----D---- C:\WINDOWS\Debug
2011-01-05 07:11:20 ----D---- C:\WINDOWS\Microsoft.NET
2011-01-05 07:11:12 ----RSD---- C:\WINDOWS\assembly
2011-01-05 06:28:37 ----D---- C:\WINDOWS\system32\wbem
2011-01-05 06:28:37 ----D---- C:\WINDOWS\AppPatch
2011-01-05 06:28:34 ----D---- C:\WINDOWS\system32\Setup
2011-01-05 02:04:15 ----D---- C:\Program Files\Messenger
2011-01-05 02:03:07 ----D---- C:\WINDOWS\WinSxS
2011-01-05 01:58:51 ----SD---- C:\WINDOWS\Tasks
2011-01-05 01:57:23 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-05 01:43:46 ----D---- C:\Program Files\Movie Maker
2011-01-05 01:36:43 ----D---- C:\Program Files\Outlook Express
2011-01-05 01:35:18 ----D---- C:\WINDOWS\Registration
2011-01-05 01:25:05 ----D---- C:\Program Files\Internet Explorer
2011-01-04 21:22:11 ----D---- C:\WINDOWS\SoftwareDistribution
2011-01-04 21:21:56 ----D---- C:\WINDOWS\Help
2011-01-04 21:12:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-12-18 22:03:29 ----RD---- C:\MP3
2010-12-18 18:04:55 ----D---- C:\Program Files\iTunes
2010-12-18 18:03:39 ----D---- C:\Program Files\Common Files\Apple
2010-12-16 20:12:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-12-15 17:13:57 ----RD---- C:\Filmy
2010-12-09 06:32:37 ----RD---- C:\Program Files\Skype
2010-12-09 06:32:36 ----D---- C:\Program Files\Common Files
2010-12-09 06:32:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-10-18 36624]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-21 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-08 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-08 25416]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-29 1035264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2006-06-22 293808]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 a9yprckf;a9yprckf; C:\WINDOWS\system32\drivers\a9yprckf.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-29 360448]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-23 153376]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-03-29 516096]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalené PC
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
ComboFix 11-01-07.01 - Pepinka 07.01.2011 20:16:49.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1144 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pepinka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Pepinka\Data aplikací\Desktopicon
c:\documents and settings\Pepinka\Local Settings\Temp\IadHide5.dll
c:\windows\config.ini
c:\windows\system32\skinboxer43.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-07 15:59 . 2011-01-07 16:00 -------- d-----w- C:\rsit
2011-01-07 15:59 . 2011-01-07 15:59 -------- d-----w- c:\program files\trend micro
2011-01-05 00:58 . 2011-01-05 00:58 -------- d-----w- c:\windows\system32\KB905474
2011-01-05 00:35 . 2011-01-05 00:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-05 00:24 . 2011-01-05 00:24 -------- d-----w- c:\program files\MSXML 4.0
2011-01-04 21:55 . 2011-01-05 00:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-04 21:31 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-04 21:31 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-04 21:26 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-04 21:11 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-04 21:11 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-04 21:11 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-04 21:11 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-04 21:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-04 20:42 . 2011-01-05 14:29 -------- d--h--w- c:\windows\$hf_mig$
2011-01-04 20:13 . 2010-06-28 21:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-04 20:13 . 2010-06-28 21:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-04 20:13 . 2010-06-28 21:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-04 20:13 . 2010-06-28 21:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-04 20:13 . 2010-06-28 21:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-04 20:13 . 2010-06-28 21:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-04 20:13 . 2010-06-28 21:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-04 20:13 . 2010-06-28 21:57 38848 ----a-w- c:\windows\avastSS.scr
2011-01-04 20:13 . 2010-06-28 21:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-29 23:48 . 2010-12-29 23:48 -------- d-----w- c:\documents and settings\Pepinka\Data aplikací\QipGuard
2010-12-29 23:48 . 2010-12-23 16:52 48512 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-12-29 23:48 . 2010-12-23 16:52 141184 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-29 23:48 . 2011-01-04 22:15 -------- d-----w- c:\program files\QIP Infium
2010-12-18 17:03 . 2010-12-18 17:03 -------- d-----w- c:\program files\iPod
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 -------- d-----w- c:\program files\QuickTime
2010-12-09 05:32 . 2010-12-09 05:32 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 20:43 . 2010-12-08 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-12-17 22:25 . 2009-08-21 16:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-08-21 16:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-08-21 16:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-08-21 16:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-08-21 16:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vypinac"="c:\program files\Vypinac" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-13 36864]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe" [2010-10-29 983552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"QIP Internet Guardian"="c:\documents and settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe" [2010-12-23 191360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-29 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-8-21 962663]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-29 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-13 196608]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 14:42 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 21:13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 21:13 17744]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
2011-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-01-05 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Pepinka\Data aplikací\Mozilla\Firefox\Profiles\uzcr6n4j.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-ClientGW - (no file)
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 20:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3804)
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 20:41:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 19:41
Před spuštěním: 800 792 576
Po spuštění: 3 074 617 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7F992CAB3484EC5481C1CE4CB493FEA2
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1144 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pepinka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Pepinka\Data aplikací\Desktopicon
c:\documents and settings\Pepinka\Local Settings\Temp\IadHide5.dll
c:\windows\config.ini
c:\windows\system32\skinboxer43.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-07 15:59 . 2011-01-07 16:00 -------- d-----w- C:\rsit
2011-01-07 15:59 . 2011-01-07 15:59 -------- d-----w- c:\program files\trend micro
2011-01-05 00:58 . 2011-01-05 00:58 -------- d-----w- c:\windows\system32\KB905474
2011-01-05 00:35 . 2011-01-05 00:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-05 00:24 . 2011-01-05 00:24 -------- d-----w- c:\program files\MSXML 4.0
2011-01-04 21:55 . 2011-01-05 00:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-04 21:31 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-04 21:31 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-04 21:26 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-04 21:11 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-04 21:11 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-04 21:11 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-04 21:11 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-04 21:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-04 20:42 . 2011-01-05 14:29 -------- d--h--w- c:\windows\$hf_mig$
2011-01-04 20:13 . 2010-06-28 21:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-04 20:13 . 2010-06-28 21:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-04 20:13 . 2010-06-28 21:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-04 20:13 . 2010-06-28 21:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-04 20:13 . 2010-06-28 21:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-04 20:13 . 2010-06-28 21:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-04 20:13 . 2010-06-28 21:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-04 20:13 . 2010-06-28 21:57 38848 ----a-w- c:\windows\avastSS.scr
2011-01-04 20:13 . 2010-06-28 21:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-29 23:48 . 2010-12-29 23:48 -------- d-----w- c:\documents and settings\Pepinka\Data aplikací\QipGuard
2010-12-29 23:48 . 2010-12-23 16:52 48512 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-12-29 23:48 . 2010-12-23 16:52 141184 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-29 23:48 . 2011-01-04 22:15 -------- d-----w- c:\program files\QIP Infium
2010-12-18 17:03 . 2010-12-18 17:03 -------- d-----w- c:\program files\iPod
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 -------- d-----w- c:\program files\QuickTime
2010-12-09 05:32 . 2010-12-09 05:32 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 20:43 . 2010-12-08 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-12-17 22:25 . 2009-08-21 16:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-08-21 16:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-08-21 16:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-08-21 16:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-08-21 16:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vypinac"="c:\program files\Vypinac" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-13 36864]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe" [2010-10-29 983552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"QIP Internet Guardian"="c:\documents and settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe" [2010-12-23 191360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-29 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-8-21 962663]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-29 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-13 196608]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 14:42 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 21:13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 21:13 17744]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
2011-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-01-05 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Pepinka\Data aplikací\Mozilla\Firefox\Profiles\uzcr6n4j.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-ClientGW - (no file)
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 20:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3804)
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 20:41:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 19:41
Před spuštěním: 800 792 576
Po spuštění: 3 074 617 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7F992CAB3484EC5481C1CE4CB493FEA2
Re: Zpomalené PC
ComboFix 11-01-07.01 - Pepinka 07.01.2011 20:16:49.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1144 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pepinka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Pepinka\Data aplikací\Desktopicon
c:\documents and settings\Pepinka\Local Settings\Temp\IadHide5.dll
c:\windows\config.ini
c:\windows\system32\skinboxer43.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-07 15:59 . 2011-01-07 16:00 -------- d-----w- C:\rsit
2011-01-07 15:59 . 2011-01-07 15:59 -------- d-----w- c:\program files\trend micro
2011-01-05 00:58 . 2011-01-05 00:58 -------- d-----w- c:\windows\system32\KB905474
2011-01-05 00:35 . 2011-01-05 00:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-05 00:24 . 2011-01-05 00:24 -------- d-----w- c:\program files\MSXML 4.0
2011-01-04 21:55 . 2011-01-05 00:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-04 21:31 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-04 21:31 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-04 21:26 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-04 21:11 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-04 21:11 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-04 21:11 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-04 21:11 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-04 21:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-04 20:42 . 2011-01-05 14:29 -------- d--h--w- c:\windows\$hf_mig$
2011-01-04 20:13 . 2010-06-28 21:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-04 20:13 . 2010-06-28 21:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-04 20:13 . 2010-06-28 21:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-04 20:13 . 2010-06-28 21:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-04 20:13 . 2010-06-28 21:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-04 20:13 . 2010-06-28 21:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-04 20:13 . 2010-06-28 21:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-04 20:13 . 2010-06-28 21:57 38848 ----a-w- c:\windows\avastSS.scr
2011-01-04 20:13 . 2010-06-28 21:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-29 23:48 . 2010-12-29 23:48 -------- d-----w- c:\documents and settings\Pepinka\Data aplikací\QipGuard
2010-12-29 23:48 . 2010-12-23 16:52 48512 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-12-29 23:48 . 2010-12-23 16:52 141184 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-29 23:48 . 2011-01-04 22:15 -------- d-----w- c:\program files\QIP Infium
2010-12-18 17:03 . 2010-12-18 17:03 -------- d-----w- c:\program files\iPod
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 -------- d-----w- c:\program files\QuickTime
2010-12-09 05:32 . 2010-12-09 05:32 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 20:43 . 2010-12-08 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-12-17 22:25 . 2009-08-21 16:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-08-21 16:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-08-21 16:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-08-21 16:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-08-21 16:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vypinac"="c:\program files\Vypinac" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-13 36864]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe" [2010-10-29 983552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"QIP Internet Guardian"="c:\documents and settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe" [2010-12-23 191360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-29 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-8-21 962663]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-29 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-13 196608]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 14:42 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 21:13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 21:13 17744]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
2011-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-01-05 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Pepinka\Data aplikací\Mozilla\Firefox\Profiles\uzcr6n4j.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-ClientGW - (no file)
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 20:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3804)
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 20:41:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 19:41
Před spuštěním: 800 792 576
Po spuštění: 3 074 617 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7F992CAB3484EC5481C1CE4CB493FEA2
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1144 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pepinka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Pepinka\Data aplikací\Desktopicon
c:\documents and settings\Pepinka\Local Settings\Temp\IadHide5.dll
c:\windows\config.ini
c:\windows\system32\skinboxer43.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-07 15:59 . 2011-01-07 16:00 -------- d-----w- C:\rsit
2011-01-07 15:59 . 2011-01-07 15:59 -------- d-----w- c:\program files\trend micro
2011-01-05 00:58 . 2011-01-05 00:58 -------- d-----w- c:\windows\system32\KB905474
2011-01-05 00:35 . 2011-01-05 00:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-05 00:24 . 2011-01-05 00:24 -------- d-----w- c:\program files\MSXML 4.0
2011-01-04 21:55 . 2011-01-05 00:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-04 21:31 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-04 21:31 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-04 21:26 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-04 21:11 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-04 21:11 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-04 21:11 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-04 21:11 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-04 21:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-04 20:42 . 2011-01-05 14:29 -------- d--h--w- c:\windows\$hf_mig$
2011-01-04 20:13 . 2010-06-28 21:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-04 20:13 . 2010-06-28 21:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-04 20:13 . 2010-06-28 21:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-04 20:13 . 2010-06-28 21:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-04 20:13 . 2010-06-28 21:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-04 20:13 . 2010-06-28 21:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-04 20:13 . 2010-06-28 21:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-04 20:13 . 2010-06-28 21:57 38848 ----a-w- c:\windows\avastSS.scr
2011-01-04 20:13 . 2010-06-28 21:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-29 23:48 . 2010-12-29 23:48 -------- d-----w- c:\documents and settings\Pepinka\Data aplikací\QipGuard
2010-12-29 23:48 . 2010-12-23 16:52 48512 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-12-29 23:48 . 2010-12-23 16:52 141184 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-29 23:48 . 2011-01-04 22:15 -------- d-----w- c:\program files\QIP Infium
2010-12-18 17:03 . 2010-12-18 17:03 -------- d-----w- c:\program files\iPod
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 -------- d-----w- c:\program files\QuickTime
2010-12-09 05:32 . 2010-12-09 05:32 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 20:43 . 2010-12-08 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-12-17 22:25 . 2009-08-21 16:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-08-21 16:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-08-21 16:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-08-21 16:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-08-21 16:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vypinac"="c:\program files\Vypinac" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-13 36864]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe" [2010-10-29 983552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"QIP Internet Guardian"="c:\documents and settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe" [2010-12-23 191360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-29 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-8-21 962663]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-29 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-13 196608]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 14:42 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 21:13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 21:13 17744]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
2011-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-01-05 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Pepinka\Data aplikací\Mozilla\Firefox\Profiles\uzcr6n4j.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-ClientGW - (no file)
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 20:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3804)
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 20:41:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 19:41
Před spuštěním: 800 792 576
Po spuštění: 3 074 617 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7F992CAB3484EC5481C1CE4CB493FEA2
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalené PC
ComboFix 11-01-07.01 - Pepinka 07.01.2011 20:57:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1339 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pepinka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pepinka\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Pepinka\Local Settings\Temp\IadHide5.dll
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_aea.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-07 15:59 . 2011-01-07 16:00 -------- d-----w- C:\rsit
2011-01-07 15:59 . 2011-01-07 15:59 -------- d-----w- c:\program files\trend micro
2011-01-05 00:58 . 2011-01-05 00:58 -------- d-----w- c:\windows\system32\KB905474
2011-01-05 00:35 . 2011-01-05 00:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-05 00:24 . 2011-01-05 00:24 -------- d-----w- c:\program files\MSXML 4.0
2011-01-04 21:55 . 2011-01-05 00:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-04 21:31 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-04 21:31 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-04 21:26 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-04 21:11 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-04 21:11 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-04 21:11 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-04 21:11 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-04 21:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-04 20:42 . 2011-01-05 14:29 -------- d--h--w- c:\windows\$hf_mig$
2011-01-04 20:13 . 2010-06-28 21:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-04 20:13 . 2010-06-28 21:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-04 20:13 . 2010-06-28 21:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-04 20:13 . 2010-06-28 21:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-04 20:13 . 2010-06-28 21:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-04 20:13 . 2010-06-28 21:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-04 20:13 . 2010-06-28 21:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-04 20:13 . 2010-06-28 21:57 38848 ----a-w- c:\windows\avastSS.scr
2011-01-04 20:13 . 2010-06-28 21:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-29 23:48 . 2010-12-29 23:48 -------- d-----w- c:\documents and settings\Pepinka\Data aplikací\QipGuard
2010-12-29 23:48 . 2010-12-23 16:52 48512 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-12-29 23:48 . 2010-12-23 16:52 141184 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-29 23:48 . 2011-01-04 22:15 -------- d-----w- c:\program files\QIP Infium
2010-12-18 17:03 . 2010-12-18 17:03 -------- d-----w- c:\program files\iPod
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 -------- d-----w- c:\program files\QuickTime
2010-12-09 05:32 . 2010-12-09 05:32 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 20:43 . 2010-12-08 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-12-17 22:25 . 2009-08-21 16:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-08-21 16:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-08-21 16:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-08-21 16:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-08-21 16:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vypinac"="c:\program files\Vypinac" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-13 36864]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe" [2010-10-29 983552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"QIP Internet Guardian"="c:\documents and settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe" [2010-12-23 191360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-29 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-8-21 962663]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-29 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-13 196608]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 14:42 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 21:13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 21:13 17744]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-01-05 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Pepinka\Data aplikací\Mozilla\Firefox\Profiles\uzcr6n4j.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 21:08
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(7136)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 21:13:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 20:13
ComboFix2.txt 2011-01-07 19:42
Před spuštěním: 3 071 623 168
Po spuštění: 3 063 885 824
- - End Of File - - AA041305554058CAECD17A6660D8C89D
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1339 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pepinka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pepinka\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Pepinka\Local Settings\Temp\IadHide5.dll
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_aea.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.
2011-01-07 15:59 . 2011-01-07 16:00 -------- d-----w- C:\rsit
2011-01-07 15:59 . 2011-01-07 15:59 -------- d-----w- c:\program files\trend micro
2011-01-05 00:58 . 2011-01-05 00:58 -------- d-----w- c:\windows\system32\KB905474
2011-01-05 00:35 . 2011-01-05 00:35 -------- d-----w- c:\windows\ServicePackFiles
2011-01-05 00:24 . 2011-01-05 00:24 -------- d-----w- c:\program files\MSXML 4.0
2011-01-04 21:55 . 2011-01-05 00:50 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-04 21:31 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-04 21:31 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-04 21:26 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-04 21:11 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-04 21:11 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-04 21:11 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-04 21:11 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-04 21:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-01-04 20:42 . 2011-01-05 14:29 -------- d--h--w- c:\windows\$hf_mig$
2011-01-04 20:13 . 2010-06-28 21:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-04 20:13 . 2010-06-28 21:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-04 20:13 . 2010-06-28 21:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-04 20:13 . 2010-06-28 21:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-04 20:13 . 2010-06-28 21:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-04 20:13 . 2010-06-28 21:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-04 20:13 . 2010-06-28 21:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-04 20:13 . 2010-06-28 21:57 38848 ----a-w- c:\windows\avastSS.scr
2011-01-04 20:13 . 2010-06-28 21:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-29 23:48 . 2010-12-29 23:48 -------- d-----w- c:\documents and settings\Pepinka\Data aplikací\QipGuard
2010-12-29 23:48 . 2010-12-23 16:52 48512 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-12-29 23:48 . 2010-12-23 16:52 141184 ----a-w- c:\documents and settings\Pepinka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-12-29 23:48 . 2011-01-04 22:15 -------- d-----w- c:\program files\QIP Infium
2010-12-18 17:03 . 2010-12-18 17:03 -------- d-----w- c:\program files\iPod
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-18 16:50 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-18 16:49 . 2010-12-18 16:49 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-18 16:49 . 2010-12-18 16:49 -------- d-----w- c:\program files\QuickTime
2010-12-09 05:32 . 2010-12-09 05:32 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 20:43 . 2010-12-08 20:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-12-17 22:25 . 2009-08-21 16:33 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 22:25 . 2009-08-21 16:33 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 22:25 . 2009-08-21 16:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 22:25 . 2009-08-21 16:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 22:25 . 2009-08-21 16:33 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vypinac"="c:\program files\Vypinac" [X]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-21 133104]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-13 36864]
"Badoo Desktop"="c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.2.22.828\Badoo.Desktop.exe" [2010-10-29 983552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"QIP Internet Guardian"="c:\documents and settings\Pepinka\Data aplikací\QipGuard\QipGuard.exe" [2010-12-23 191360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-29 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-8-21 962663]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-3-29 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-13 196608]
Software Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
c:\documents and settings\Pepinka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.8.2009 14:42 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.1.2011 21:13 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.1.2011 21:13 17744]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-01-05 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Pepinka\Data aplikací\Mozilla\Firefox\Profiles\uzcr6n4j.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 21:08
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(7136)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\Pepinka\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\Pepinka\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2011-01-07 21:13:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-07 20:13
ComboFix2.txt 2011-01-07 19:42
Před spuštěním: 3 071 623 168
Po spuštění: 3 063 885 824
- - End Of File - - AA041305554058CAECD17A6660D8C89D
-
Rudy
- Site Admin
- Příspěvky: 119320
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalené PC
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?