RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by Comp at 2011-01-29 13:27:34
Microsoft Windows 7 Home Premium
System drive C: has 294 GB (62%) free of 477 GB
Total RAM: 3318 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:45, on 29.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Karlíček\Documents\My Completed Downloads\OperaPortable11.01\OperaPortable 11.01\opera.exe
C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Údržba\xp-AntiSpy_czech\xp-AntiSpy.exe
C:\Users\Comp\Documents\RSIT.exe
C:\Program Files\trend micro\Comp.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\system32\ZiepodOneClicker.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ASuite] C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 9546 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57A30D1E-08B9-4EF4-B273-AAEA1C234A5B}]
Ziepod One-Click Helper - C:\Windows\system32\ZiepodOneClicker.dll [2007-01-25 47616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-17 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-22 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2010-06-23 230448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2010-10-15 163128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-17 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-12-26 6707744]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-12-26 1833504]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2010-06-26 167936]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ASuite"=C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe [2008-08-11 516608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\Sidebar.exe [2009-07-14 1173504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"=C:\Windows\System32\mctadmin.exe [2009-07-14 93696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
C:\Program Files\ipla\ipla.exe [2010-11-22 18630656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPlayerForWindows_UpdateReminder]
C:\Program Files\MPlayer for Windows\AutoUpdate.exe /L=1033 /TASK []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-01-29 12:16:40 ----D---- C:\Users\Comp\AppData\Roaming\Malwarebytes
2011-01-28 14:38:11 ----A---- C:\Program Files\unicows.dll
2011-01-28 14:38:11 ----A---- C:\Program Files\setup.ini
2011-01-28 14:38:11 ----A---- C:\Program Files\Setup.exe
2011-01-28 14:38:11 ----A---- C:\Program Files\instmsiw.exe
2011-01-28 14:38:03 ----A---- C:\Program Files\AutoRun.exe
2011-01-28 14:38:03 ----A---- C:\Program Files\AdminSetup.ini
2011-01-28 14:38:03 ----A---- C:\Program Files\AdminSetup.exe
2011-01-28 14:38:02 ----D---- C:\Program Files\ReadMe
2011-01-28 14:37:58 ----D---- C:\Program Files\License Server
2011-01-28 14:37:57 ----D---- C:\Program Files\Common
2011-01-28 14:37:57 ----D---- C:\Program Files\AutoRun
2011-01-28 13:31:41 ----D---- C:\FR90PE_VOL
2011-01-28 11:25:01 ----D---- C:\Users\Comp\AppData\Roaming\Macromedia
2011-01-28 11:24:57 ----D---- C:\Users\Comp\AppData\Roaming\HP
2011-01-27 11:49:18 ----D---- C:\Users\Comp\AppData\Roaming\Foxit Software
2011-01-27 11:39:51 ----D---- C:\Program Files\Common Files\Adobe
2011-01-27 11:39:49 ----D---- C:\Users\Comp\AppData\Roaming\ABBYY
2011-01-26 14:46:24 ----A---- C:\Windows\system32\nitrolocalui.dll
2011-01-26 14:46:24 ----A---- C:\Windows\system32\nitrolocalmon.dll
2011-01-26 14:46:19 ----D---- C:\ProgramData\Nitro PDF
2011-01-25 11:55:02 ----D---- C:\ProgramData\ABBYY
2011-01-25 11:23:10 ----D---- C:\Users\Comp\AppData\Roaming\Thinstall
2011-01-20 11:20:08 ----RD---- C:\Sandbox
2011-01-20 11:18:44 ----A---- C:\Windows\Sandboxie.ini
2011-01-20 11:18:01 ----D---- C:\Program Files\Sandboxie
2011-01-17 20:50:09 ----D---- C:\Users\Comp\AppData\Roaming\Adobe
2011-01-17 20:49:04 ----D---- C:\Users\Comp\AppData\Roaming\Google
2011-01-17 20:34:46 ----D---- C:\Users\Comp\AppData\Roaming\Mozilla
2011-01-17 20:22:48 ----D---- C:\Users\Comp\AppData\Roaming\OpenOffice.org
2011-01-17 20:21:51 ----D---- C:\Users\Comp\AppData\Roaming\Identities
2011-01-17 20:21:44 ----D---- C:\Users\Comp\AppData\Roaming\Media Center Programs
2011-01-17 20:21:43 ----SD---- C:\Users\Comp\AppData\Roaming\Microsoft
2011-01-14 17:09:49 ----D---- C:\Ashampoo
2011-01-13 21:20:20 ----D---- C:\Program Files\1Time
2011-01-13 13:17:59 ----D---- C:\Windows\Mozilla
2011-01-13 13:17:49 ----D---- C:\ProgramData\ashampoo
2011-01-13 13:17:36 ----D---- C:\Program Files\Ashampoo
2011-01-12 08:59:53 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 08:59:51 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-12 08:59:51 ----A---- C:\Windows\system32\d2d1.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\FntCache.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\DWrite.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-12 08:59:50 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-12 08:59:50 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\cdd.dll
2011-01-09 15:13:25 ----D---- C:\ProgramData\Canneverbe Limited
2011-01-06 22:55:02 ----D---- C:\emoticons
2011-01-06 20:13:16 ----D---- C:\ProgramData\FacebookDiscovery
2011-01-06 12:03:41 ----D---- C:\Program Files\IDoser v4
2011-01-04 17:48:27 ----D---- C:\SAM
2010-12-31 12:39:59 ----D---- C:\ProgramData\Yahoo! Companion
2010-12-31 12:39:43 ----D---- C:\ProgramData\Yahoo!
======List of files/folders modified in the last 1 months======
2011-01-29 13:27:45 ----D---- C:\Windows\Temp
2011-01-29 13:27:45 ----D---- C:\Windows\Prefetch
2011-01-29 13:27:44 ----D---- C:\Windows\Internet Logs
2011-01-29 13:27:40 ----D---- C:\Program Files\trend micro
2011-01-29 12:17:29 ----D---- C:\Windows\system32\drivers
2011-01-29 12:17:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-29 08:42:51 ----D---- C:\Windows\System32
2011-01-29 08:42:51 ----D---- C:\Windows\inf
2011-01-29 08:42:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-29 08:37:51 ----D---- C:\Windows\system32\config
2011-01-28 22:48:06 ----D---- C:\Windows
2011-01-28 22:47:57 ----HD---- C:\Config.Msi
2011-01-28 22:23:50 ----SHD---- C:\System Volume Information
2011-01-28 15:05:25 ----SHD---- C:\Windows\Installer
2011-01-28 15:05:20 ----RD---- C:\Program Files
2011-01-28 15:05:17 ----D---- C:\Program Files\Common Files
2011-01-28 14:46:03 ----D---- C:\TEMP
2011-01-27 14:15:16 ----D---- C:\Windows\Minidump
2011-01-27 14:15:16 ----D---- C:\Windows\debug
2011-01-26 14:46:19 ----HD---- C:\ProgramData
2011-01-25 23:23:28 ----D---- C:\Windows\system32\catroot2
2011-01-20 11:18:36 ----D---- C:\Windows\system32\Tasks
2011-01-17 20:37:36 ----D---- C:\Program Files\Google
2011-01-17 20:21:50 ----SHD---- C:\$Recycle.Bin
2011-01-17 20:21:43 ----RD---- C:\Users
2011-01-13 09:47:32 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-12 17:28:01 ----D---- C:\Windows\winsxs
2011-01-12 17:21:52 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 08:59:46 ----D---- C:\Windows\system32\catroot
2011-01-06 22:55:15 ----D---- C:\Program Files\ipla
2011-01-06 22:54:10 ----D---- C:\ProgramData\ipla
2011-01-06 20:13:16 ----D---- C:\Program Files\FacebookDiscovery
2010-12-31 12:40:05 ----D---- C:\Program Files\Yahoo!
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 461400]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-12-26 2259296]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 PAC207;Webcam 1200; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2011-01-12 125672]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-06-16 32768]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz134;cpuz134; \??\C:\Users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-03 133120]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 25216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-01-12 69864]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-22 655624]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-15 182768]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
S4 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2010-07-27 247808]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2010-07-26 57640]
S4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
-----------------EOF-----------------
MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org
Database version: 5633
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29.1.2011 13:15:50
mbam-log-2011-01-29 (13-15-36).txt
Scan type: Full scan (C:\|)
Objects scanned: 463301
Time elapsed: 49 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Comp\AppData\Roaming\thinstall\abbyy finereader10\%local appdata%\thinstall\Cache\Stubs\bc4238498f7d918aaf22306033ff19d613d5e02e\networklicenseserver.exe.61ceb4.tmp (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Local\thinstall\Cache\Stubs\22763fd55bddb789c6d385bcf45bb1a14a639\systeminfo.exe (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Local\thinstall\Cache\Stubs\2b3c53eeef91551f96ba62d87f24e7075f52318\ipswitcher.exe (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Local\thinstall\Cache\Stubs\2dba22ba643fe28afff5f2649de7486296664b\sigcheck.exe (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Local\thinstall\Cache\Stubs\caaac76a52f765e094c9e6c19fe3615e26fd243\optimizationwizard.exe (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Local\thinstall\Cache\Stubs\e7606ec9648725c0908fdce4f4e7d5c79881fab3\processmanager.exe (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Local\thinstall\Cache\Stubs\f36b5917854eb7a088ce38de61ad587a117527b9\startupmanager.exe (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Roaming\thinstall\abbyy finereader10\%local appdata%\thinstall\Cache\Stubs\bc4238498f7d918aaf22306033ff19d613d5e02e\networklicenseserver.exe.440e3c.tmp (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Roaming\thinstall\abbyy finereader10\%local appdata%\thinstall\Cache\Stubs\bc4238498f7d918aaf22306033ff19d613d5e02e\networklicenseserver.exe.c1442c.tmp (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Roaming\thinstall\recovery toolbox for rar 1.1\%local appdata%\thinstall\Cache\Stubs\f3b5484cd345b8449f73e74638e18f581826a\recoverytoolboxforrar.exe.136c13c4.tmp (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Roaming\thinstall\recovery toolbox for rar 1.1\%local appdata%\thinstall\Cache\Stubs\f3b5484cd345b8449f73e74638e18f581826a\recoverytoolboxforrar.exe.151070c.tmp (Trojan.Backdoor) -> No action taken.
c:\Users\Karlíček\AppData\Roaming\thinstall\recovery toolbox for rar 1.1\%local appdata%\thinstall\Cache\Stubs\f3b5484cd345b8449f73e74638e18f581826a\recoverytoolboxforrar.exe.90c7a4.tmp (Trojan.Backdoor) -> No action taken.
c:\Windows\System32\secushr.dat (Malware.Trace) -> No action taken.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola logů
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola logů
Hezké dopoledne 
V mbamu vše smažte.
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
V mbamu vše smažte.
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivní kontrola logů
Zdravím
Tak jsem vše v MBAM smazal a tady je log z ComboFix:
ComboFix 11-01-29.02 - Comp 30.01.2011 12:28:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3318.2388 [GMT 1:00]
Spuštěný z: c:\users\Comp\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\\setup.exe
c:\program files\autorun.inf
c:\program files\Setup.exe
c:\users\Karlíček\AppData\Roaming\EurekaLog
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Návštěvník\AppData\Local\temp
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Maminka\AppData\Local\temp
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Karlíček\AppData\Local\temp
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 11:34 . 2011-01-30 11:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-29 15:05 . 2011-01-29 15:05 -------- d-----w- c:\users\Maminka\AppData\Roaming\Malwarebytes
2011-01-29 13:58 . 2011-01-29 13:58 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Malwarebytes
2011-01-28 13:38 . 2009-07-07 16:12 245408 ----a-w- c:\program files\unicows.dll
2011-01-28 13:38 . 2009-07-07 16:12 1822520 ----a-w- c:\program files\instmsiw.exe
2011-01-28 13:38 . 2009-12-21 13:53 7028224 ----a-w- c:\program files\ABBYY FineReader 10 Corporate Edition.msi
2011-01-28 13:38 . 2009-12-20 09:11 555784 ----a-w- c:\program files\AdminSetup.exe
2011-01-28 13:38 . 2009-12-21 12:36 -------- d-----w- c:\program files\ReadMe
2011-01-28 13:37 . 2009-12-21 13:40 -------- d-----w- c:\program files\License Server
2011-01-28 13:37 . 2009-12-21 12:35 -------- d-----w- c:\program files\Common
2011-01-28 13:37 . 2009-12-21 12:35 -------- d-----w- c:\program files\AutoRun
2011-01-28 12:31 . 2008-05-16 04:51 -------- d-----w- C:\FR90PE_VOL
2011-01-28 05:46 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5536E8FB-9426-4DD9-BEC3-012E099AF877}\mpengine.dll
2011-01-27 10:39 . 2011-01-27 10:39 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-26 13:46 . 2011-01-26 13:46 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Nitro PDF
2011-01-26 13:46 . 2011-01-14 12:35 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-01-26 13:46 . 2011-01-14 12:35 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-01-26 13:46 . 2011-01-26 13:46 -------- d-----w- c:\programdata\Nitro PDF
2011-01-26 13:45 . 2011-01-26 13:45 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Downloaded Installations
2011-01-25 10:55 . 2011-01-27 10:42 -------- d-----w- c:\programdata\ABBYY
2011-01-25 10:52 . 2011-01-26 14:21 -------- d-----w- c:\users\Karlíček\AppData\Local\Adobe
2011-01-25 10:52 . 2011-01-25 10:56 -------- d-----w- c:\users\Karlíček\AppData\Local\ABBYY
2011-01-25 10:52 . 2011-01-25 10:52 -------- d-----w- c:\users\Karlíček\AppData\Roaming\ABBYY
2011-01-20 10:20 . 2011-01-20 10:20 -------- d-----r- C:\Sandbox
2011-01-20 10:18 . 2011-01-20 10:18 -------- d-----w- c:\program files\Sandboxie
2011-01-18 19:05 . 2011-01-19 11:46 -------- d-----w- c:\users\Karlíček\PsiData
2011-01-17 19:21 . 2011-01-28 13:37 -------- d-----w- c:\users\Comp
2011-01-14 16:09 . 2011-01-14 16:09 -------- d-----w- C:\Ashampoo
2011-01-13 20:20 . 2011-01-13 20:20 -------- d-----w- c:\program files\1Time
2011-01-13 12:20 . 2011-01-13 14:35 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Ashampoo
2011-01-13 12:17 . 2011-01-13 12:17 -------- d-----w- c:\windows\Mozilla
2011-01-13 12:17 . 2011-01-13 12:17 -------- d-----w- c:\programdata\ashampoo
2011-01-13 12:17 . 2011-01-13 12:17 -------- d-----w- c:\program files\Ashampoo
2011-01-11 13:57 . 2011-01-11 13:57 -------- d-----w- c:\users\Karlíček\AppData\Roaming\DeepBurner
2011-01-10 17:16 . 2011-01-10 17:16 -------- d-----w- c:\users\Maminka\AppData\Roaming\RDRM
2011-01-09 14:13 . 2011-01-09 14:13 -------- d-----w- c:\programdata\Canneverbe Limited
2011-01-06 21:55 . 2011-01-06 21:55 -------- d-----w- C:\emoticons
2011-01-06 19:13 . 2011-01-06 19:13 -------- d-----w- c:\programdata\FacebookDiscovery
2011-01-06 11:03 . 2011-01-06 11:04 -------- d-----w- c:\program files\IDoser v4
2011-01-04 16:48 . 2011-01-04 16:48 -------- d-----w- C:\SAM
2010-12-31 11:39 . 2010-12-31 11:40 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-31 11:39 . 2010-12-31 11:40 -------- d-----w- c:\programdata\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-15 13:59 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-15 13:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-15 13:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-15 13:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-15 13:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-15 13:59 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-15 13:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-20 17:09 . 2010-12-15 10:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-15 10:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 13:49 . 2010-11-14 13:49 15256 ----a-w- c:\users\Karlíček\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-14 13:49 . 2010-11-14 13:49 15256 ----a-w- c:\users\Karlíček\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-12 17:53 . 2010-07-17 12:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 11:24 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 11:24 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 11:24 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 11:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 11:24 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 11:24 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 11:24 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 11:24 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 11:24 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 11:24 179712 ----a-w- c:\windows\system32\schtasks.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ASuite"="c:\users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe" [2008-08-11 516608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
c:\users\Karlˇźek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
SAM.lnk - c:\program files\SAM\SAM.exe [2006-12-27 1765376]
c:\users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-11-22 12:15 18630656 ----a-w- c:\program files\ipla\ipla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 15:22]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 15:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\6x1w7b09.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Sidebar - %ProgramFiles%\Windows Sidebar\Sidebar.exe
MSConfigStartUp-MPlayerForWindows_UpdateReminder - c:\program files\MPlayer for Windows\AutoUpdate.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-30 12:37:23
ComboFix-quarantined-files.txt 2011-01-30 11:37
Před spuštěním: Volných bajtů: 313 778 954 240
Po spuštění: Volných bajtů: 317 717 540 864
- - End Of File - - DF03E898FCB89363CE4D33DEC77ECFFE
Tak jsem vše v MBAM smazal a tady je log z ComboFix:
ComboFix 11-01-29.02 - Comp 30.01.2011 12:28:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3318.2388 [GMT 1:00]
Spuštěný z: c:\users\Comp\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\\setup.exe
c:\program files\autorun.inf
c:\program files\Setup.exe
c:\users\Karlíček\AppData\Roaming\EurekaLog
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Návštěvník\AppData\Local\temp
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Maminka\AppData\Local\temp
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Karlíček\AppData\Local\temp
2011-01-30 11:35 . 2011-01-30 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 11:34 . 2011-01-30 11:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-29 15:05 . 2011-01-29 15:05 -------- d-----w- c:\users\Maminka\AppData\Roaming\Malwarebytes
2011-01-29 13:58 . 2011-01-29 13:58 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Malwarebytes
2011-01-28 13:38 . 2009-07-07 16:12 245408 ----a-w- c:\program files\unicows.dll
2011-01-28 13:38 . 2009-07-07 16:12 1822520 ----a-w- c:\program files\instmsiw.exe
2011-01-28 13:38 . 2009-12-21 13:53 7028224 ----a-w- c:\program files\ABBYY FineReader 10 Corporate Edition.msi
2011-01-28 13:38 . 2009-12-20 09:11 555784 ----a-w- c:\program files\AdminSetup.exe
2011-01-28 13:38 . 2009-12-21 12:36 -------- d-----w- c:\program files\ReadMe
2011-01-28 13:37 . 2009-12-21 13:40 -------- d-----w- c:\program files\License Server
2011-01-28 13:37 . 2009-12-21 12:35 -------- d-----w- c:\program files\Common
2011-01-28 13:37 . 2009-12-21 12:35 -------- d-----w- c:\program files\AutoRun
2011-01-28 12:31 . 2008-05-16 04:51 -------- d-----w- C:\FR90PE_VOL
2011-01-28 05:46 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5536E8FB-9426-4DD9-BEC3-012E099AF877}\mpengine.dll
2011-01-27 10:39 . 2011-01-27 10:39 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-26 13:46 . 2011-01-26 13:46 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Nitro PDF
2011-01-26 13:46 . 2011-01-14 12:35 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-01-26 13:46 . 2011-01-14 12:35 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-01-26 13:46 . 2011-01-26 13:46 -------- d-----w- c:\programdata\Nitro PDF
2011-01-26 13:45 . 2011-01-26 13:45 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Downloaded Installations
2011-01-25 10:55 . 2011-01-27 10:42 -------- d-----w- c:\programdata\ABBYY
2011-01-25 10:52 . 2011-01-26 14:21 -------- d-----w- c:\users\Karlíček\AppData\Local\Adobe
2011-01-25 10:52 . 2011-01-25 10:56 -------- d-----w- c:\users\Karlíček\AppData\Local\ABBYY
2011-01-25 10:52 . 2011-01-25 10:52 -------- d-----w- c:\users\Karlíček\AppData\Roaming\ABBYY
2011-01-20 10:20 . 2011-01-20 10:20 -------- d-----r- C:\Sandbox
2011-01-20 10:18 . 2011-01-20 10:18 -------- d-----w- c:\program files\Sandboxie
2011-01-18 19:05 . 2011-01-19 11:46 -------- d-----w- c:\users\Karlíček\PsiData
2011-01-17 19:21 . 2011-01-28 13:37 -------- d-----w- c:\users\Comp
2011-01-14 16:09 . 2011-01-14 16:09 -------- d-----w- C:\Ashampoo
2011-01-13 20:20 . 2011-01-13 20:20 -------- d-----w- c:\program files\1Time
2011-01-13 12:20 . 2011-01-13 14:35 -------- d-----w- c:\users\Karlíček\AppData\Roaming\Ashampoo
2011-01-13 12:17 . 2011-01-13 12:17 -------- d-----w- c:\windows\Mozilla
2011-01-13 12:17 . 2011-01-13 12:17 -------- d-----w- c:\programdata\ashampoo
2011-01-13 12:17 . 2011-01-13 12:17 -------- d-----w- c:\program files\Ashampoo
2011-01-11 13:57 . 2011-01-11 13:57 -------- d-----w- c:\users\Karlíček\AppData\Roaming\DeepBurner
2011-01-10 17:16 . 2011-01-10 17:16 -------- d-----w- c:\users\Maminka\AppData\Roaming\RDRM
2011-01-09 14:13 . 2011-01-09 14:13 -------- d-----w- c:\programdata\Canneverbe Limited
2011-01-06 21:55 . 2011-01-06 21:55 -------- d-----w- C:\emoticons
2011-01-06 19:13 . 2011-01-06 19:13 -------- d-----w- c:\programdata\FacebookDiscovery
2011-01-06 11:03 . 2011-01-06 11:04 -------- d-----w- c:\program files\IDoser v4
2011-01-04 16:48 . 2011-01-04 16:48 -------- d-----w- C:\SAM
2010-12-31 11:39 . 2010-12-31 11:40 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-31 11:39 . 2010-12-31 11:40 -------- d-----w- c:\programdata\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-15 13:59 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-15 13:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-15 13:59 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-15 13:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-15 13:59 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-15 13:59 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-15 13:59 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-20 17:09 . 2010-12-15 10:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-15 10:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 13:49 . 2010-11-14 13:49 15256 ----a-w- c:\users\Karlíček\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-14 13:49 . 2010-11-14 13:49 15256 ----a-w- c:\users\Karlíček\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-12 17:53 . 2010-07-17 12:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 11:24 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 11:24 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 11:24 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 11:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 11:24 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 11:24 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 11:24 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 11:24 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 11:24 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 11:24 179712 ----a-w- c:\windows\system32\schtasks.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ASuite"="c:\users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe" [2008-08-11 516608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
c:\users\Karlˇźek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
SAM.lnk - c:\program files\SAM\SAM.exe [2006-12-27 1765376]
c:\users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-11-22 12:15 18630656 ----a-w- c:\program files\ipla\ipla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 15:22]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 15:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\6x1w7b09.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Sidebar - %ProgramFiles%\Windows Sidebar\Sidebar.exe
MSConfigStartUp-MPlayerForWindows_UpdateReminder - c:\program files\MPlayer for Windows\AutoUpdate.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-30 12:37:23
ComboFix-quarantined-files.txt 2011-01-30 11:37
Před spuštěním: Volných bajtů: 313 778 954 240
Po spuštění: Volných bajtů: 317 717 540 864
- - End Of File - - DF03E898FCB89363CE4D33DEC77ECFFE
Re: Preventivní kontrola logů
Jak to vypadá s počítačem?
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivní kontrola logů
Tady je ten log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Comp at 2011-01-30 16:02:22
Microsoft Windows 7 Home Premium
System drive C: has 305 GB (64%) free of 477 GB
Total RAM: 3318 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:02:26, on 30.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Comp\Desktop\RSIT.exe
C:\Program Files\trend micro\Comp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\system32\ZiepodOneClicker.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ASuite] C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7987 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57A30D1E-08B9-4EF4-B273-AAEA1C234A5B}]
Ziepod One-Click Helper - C:\Windows\system32\ZiepodOneClicker.dll [2007-01-25 47616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-17 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-22 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2010-10-15 163128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-17 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-12-26 6707744]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2010-06-26 167936]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ASuite"=C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe [2008-08-11 516608]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
C:\Program Files\ipla\ipla.exe [2010-11-22 18630656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2011-01-30 15:58:34 ----D---- C:\rsit
2011-01-30 12:37:28 ----SHD---- C:\$RECYCLE.BIN
2011-01-30 12:15:55 ----D---- C:\Windows\ERDNT
2011-01-30 10:22:32 ----A---- C:\Windows\system32\javaws.exe
2011-01-30 10:22:32 ----A---- C:\Windows\system32\javaw.exe
2011-01-30 10:22:32 ----A---- C:\Windows\system32\java.exe
2011-01-29 12:16:40 ----D---- C:\Users\Comp\AppData\Roaming\Malwarebytes
2011-01-28 14:38:11 ----A---- C:\Program Files\unicows.dll
2011-01-28 14:38:11 ----A---- C:\Program Files\setup.ini
2011-01-28 14:38:11 ----A---- C:\Program Files\instmsiw.exe
2011-01-28 14:38:03 ----A---- C:\Program Files\AutoRun.exe
2011-01-28 14:38:03 ----A---- C:\Program Files\AdminSetup.ini
2011-01-28 14:38:03 ----A---- C:\Program Files\AdminSetup.exe
2011-01-28 14:38:02 ----D---- C:\Program Files\ReadMe
2011-01-28 14:37:58 ----D---- C:\Program Files\License Server
2011-01-28 14:37:57 ----D---- C:\Program Files\Common
2011-01-28 14:37:57 ----D---- C:\Program Files\AutoRun
2011-01-28 13:31:41 ----D---- C:\FR90PE_VOL
2011-01-28 11:25:01 ----D---- C:\Users\Comp\AppData\Roaming\Macromedia
2011-01-28 11:24:57 ----D---- C:\Users\Comp\AppData\Roaming\HP
2011-01-27 11:49:18 ----D---- C:\Users\Comp\AppData\Roaming\Foxit Software
2011-01-27 11:39:51 ----D---- C:\Program Files\Common Files\Adobe
2011-01-26 14:46:24 ----A---- C:\Windows\system32\nitrolocalui.dll
2011-01-26 14:46:24 ----A---- C:\Windows\system32\nitrolocalmon.dll
2011-01-26 14:46:19 ----D---- C:\ProgramData\Nitro PDF
2011-01-25 11:55:02 ----D---- C:\ProgramData\ABBYY
2011-01-25 11:23:10 ----D---- C:\Users\Comp\AppData\Roaming\Thinstall
2011-01-20 11:20:08 ----RD---- C:\Sandbox
2011-01-20 11:18:44 ----A---- C:\Windows\Sandboxie.ini
2011-01-20 11:18:01 ----D---- C:\Program Files\Sandboxie
2011-01-17 20:50:09 ----D---- C:\Users\Comp\AppData\Roaming\Adobe
2011-01-17 20:49:04 ----D---- C:\Users\Comp\AppData\Roaming\Google
2011-01-17 20:34:46 ----D---- C:\Users\Comp\AppData\Roaming\Mozilla
2011-01-17 20:22:48 ----D---- C:\Users\Comp\AppData\Roaming\OpenOffice.org
2011-01-17 20:21:51 ----D---- C:\Users\Comp\AppData\Roaming\Identities
2011-01-17 20:21:44 ----D---- C:\Users\Comp\AppData\Roaming\Media Center Programs
2011-01-17 20:21:43 ----SD---- C:\Users\Comp\AppData\Roaming\Microsoft
2011-01-14 17:09:49 ----D---- C:\Ashampoo
2011-01-13 21:20:20 ----D---- C:\Program Files\1Time
2011-01-13 13:17:59 ----D---- C:\Windows\Mozilla
2011-01-13 13:17:49 ----D---- C:\ProgramData\ashampoo
2011-01-13 13:17:36 ----D---- C:\Program Files\Ashampoo
2011-01-12 08:59:53 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 08:59:51 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-12 08:59:51 ----A---- C:\Windows\system32\d2d1.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\FntCache.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\DWrite.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-12 08:59:50 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-12 08:59:50 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\cdd.dll
2011-01-09 15:13:25 ----D---- C:\ProgramData\Canneverbe Limited
2011-01-06 22:55:02 ----D---- C:\emoticons
2011-01-06 20:13:16 ----D---- C:\ProgramData\FacebookDiscovery
2011-01-06 12:03:41 ----D---- C:\Program Files\IDoser v4
2011-01-04 17:48:27 ----D---- C:\SAM
2010-12-31 12:39:59 ----D---- C:\ProgramData\Yahoo! Companion
2010-12-31 12:39:43 ----D---- C:\ProgramData\Yahoo!
======List of files/folders modified in the last 1 months======
2011-01-30 16:02:25 ----D---- C:\Program Files\trend micro
2011-01-30 16:02:24 ----D---- C:\Windows\Temp
2011-01-30 16:00:19 ----D---- C:\Windows\System32
2011-01-30 16:00:19 ----D---- C:\Windows\inf
2011-01-30 16:00:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-30 15:58:43 ----D---- C:\Windows\Internet Logs
2011-01-30 15:58:33 ----D---- C:\Windows\system32\config
2011-01-30 15:57:28 ----D---- C:\Windows
2011-01-30 12:36:58 ----D---- C:\Windows\Tasks
2011-01-30 12:36:58 ----D---- C:\Windows\system32\Tasks
2011-01-30 12:35:25 ----A---- C:\Windows\system.ini
2011-01-30 12:35:19 ----D---- C:\Windows\system32\drivers\etc
2011-01-30 12:34:34 ----RD---- C:\Program Files
2011-01-30 12:32:27 ----D---- C:\Windows\system32\drivers
2011-01-30 12:32:27 ----D---- C:\Windows\AppPatch
2011-01-30 12:32:26 ----D---- C:\Program Files\Common Files
2011-01-30 10:22:34 ----SHD---- C:\Windows\Installer
2011-01-30 10:22:34 ----D---- C:\Config.Msi
2011-01-30 10:22:20 ----D---- C:\Program Files\Java
2011-01-30 10:21:44 ----SHD---- C:\System Volume Information
2011-01-29 21:34:54 ----D---- C:\Windows\Prefetch
2011-01-29 12:17:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-28 14:46:03 ----D---- C:\TEMP
2011-01-27 14:15:16 ----D---- C:\Windows\Minidump
2011-01-27 14:15:16 ----D---- C:\Windows\debug
2011-01-26 14:46:19 ----D---- C:\ProgramData
2011-01-25 23:23:28 ----D---- C:\Windows\system32\catroot2
2011-01-17 20:37:36 ----D---- C:\Program Files\Google
2011-01-17 20:21:43 ----RD---- C:\Users
2011-01-13 09:47:32 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-12 17:28:01 ----D---- C:\Windows\winsxs
2011-01-12 17:21:52 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 08:59:46 ----D---- C:\Windows\system32\catroot
2011-01-06 22:55:15 ----D---- C:\Program Files\ipla
2011-01-06 22:54:10 ----D---- C:\ProgramData\ipla
2011-01-06 20:13:16 ----D---- C:\Program Files\FacebookDiscovery
2010-12-31 12:40:05 ----D---- C:\Program Files\Yahoo!
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 461400]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-12-26 2259296]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 PAC207;Webcam 1200; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2011-01-12 125672]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-06-16 32768]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Comp\AppData\Local\Temp\catchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-03 133120]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 25216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-01-12 69864]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-22 655624]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-15 182768]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
S4 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2010-07-27 247808]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2010-07-26 57640]
S4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
-----------------EOF-----------------
Jinak stránka T-cleaneru je nefunkční. A počítač se zatím chová, tak jak by měl.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Comp at 2011-01-30 16:02:22
Microsoft Windows 7 Home Premium
System drive C: has 305 GB (64%) free of 477 GB
Total RAM: 3318 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:02:26, on 30.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Comp\Desktop\RSIT.exe
C:\Program Files\trend micro\Comp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\system32\ZiepodOneClicker.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ASuite] C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7987 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57A30D1E-08B9-4EF4-B273-AAEA1C234A5B}]
Ziepod One-Click Helper - C:\Windows\system32\ZiepodOneClicker.dll [2007-01-25 47616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-17 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-22 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2010-10-15 163128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-17 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-12-26 6707744]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2010-06-26 167936]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ASuite"=C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Portable Starts\asuite152\asuite.exe [2008-08-11 516608]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
C:\Program Files\ipla\ipla.exe [2010-11-22 18630656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2011-01-30 15:58:34 ----D---- C:\rsit
2011-01-30 12:37:28 ----SHD---- C:\$RECYCLE.BIN
2011-01-30 12:15:55 ----D---- C:\Windows\ERDNT
2011-01-30 10:22:32 ----A---- C:\Windows\system32\javaws.exe
2011-01-30 10:22:32 ----A---- C:\Windows\system32\javaw.exe
2011-01-30 10:22:32 ----A---- C:\Windows\system32\java.exe
2011-01-29 12:16:40 ----D---- C:\Users\Comp\AppData\Roaming\Malwarebytes
2011-01-28 14:38:11 ----A---- C:\Program Files\unicows.dll
2011-01-28 14:38:11 ----A---- C:\Program Files\setup.ini
2011-01-28 14:38:11 ----A---- C:\Program Files\instmsiw.exe
2011-01-28 14:38:03 ----A---- C:\Program Files\AutoRun.exe
2011-01-28 14:38:03 ----A---- C:\Program Files\AdminSetup.ini
2011-01-28 14:38:03 ----A---- C:\Program Files\AdminSetup.exe
2011-01-28 14:38:02 ----D---- C:\Program Files\ReadMe
2011-01-28 14:37:58 ----D---- C:\Program Files\License Server
2011-01-28 14:37:57 ----D---- C:\Program Files\Common
2011-01-28 14:37:57 ----D---- C:\Program Files\AutoRun
2011-01-28 13:31:41 ----D---- C:\FR90PE_VOL
2011-01-28 11:25:01 ----D---- C:\Users\Comp\AppData\Roaming\Macromedia
2011-01-28 11:24:57 ----D---- C:\Users\Comp\AppData\Roaming\HP
2011-01-27 11:49:18 ----D---- C:\Users\Comp\AppData\Roaming\Foxit Software
2011-01-27 11:39:51 ----D---- C:\Program Files\Common Files\Adobe
2011-01-26 14:46:24 ----A---- C:\Windows\system32\nitrolocalui.dll
2011-01-26 14:46:24 ----A---- C:\Windows\system32\nitrolocalmon.dll
2011-01-26 14:46:19 ----D---- C:\ProgramData\Nitro PDF
2011-01-25 11:55:02 ----D---- C:\ProgramData\ABBYY
2011-01-25 11:23:10 ----D---- C:\Users\Comp\AppData\Roaming\Thinstall
2011-01-20 11:20:08 ----RD---- C:\Sandbox
2011-01-20 11:18:44 ----A---- C:\Windows\Sandboxie.ini
2011-01-20 11:18:01 ----D---- C:\Program Files\Sandboxie
2011-01-17 20:50:09 ----D---- C:\Users\Comp\AppData\Roaming\Adobe
2011-01-17 20:49:04 ----D---- C:\Users\Comp\AppData\Roaming\Google
2011-01-17 20:34:46 ----D---- C:\Users\Comp\AppData\Roaming\Mozilla
2011-01-17 20:22:48 ----D---- C:\Users\Comp\AppData\Roaming\OpenOffice.org
2011-01-17 20:21:51 ----D---- C:\Users\Comp\AppData\Roaming\Identities
2011-01-17 20:21:44 ----D---- C:\Users\Comp\AppData\Roaming\Media Center Programs
2011-01-17 20:21:43 ----SD---- C:\Users\Comp\AppData\Roaming\Microsoft
2011-01-14 17:09:49 ----D---- C:\Ashampoo
2011-01-13 21:20:20 ----D---- C:\Program Files\1Time
2011-01-13 13:17:59 ----D---- C:\Windows\Mozilla
2011-01-13 13:17:49 ----D---- C:\ProgramData\ashampoo
2011-01-13 13:17:36 ----D---- C:\Program Files\Ashampoo
2011-01-12 08:59:53 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 08:59:51 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-12 08:59:51 ----A---- C:\Windows\system32\d2d1.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\FntCache.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\DWrite.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-12 08:59:50 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-12 08:59:50 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-12 08:59:50 ----A---- C:\Windows\system32\cdd.dll
2011-01-09 15:13:25 ----D---- C:\ProgramData\Canneverbe Limited
2011-01-06 22:55:02 ----D---- C:\emoticons
2011-01-06 20:13:16 ----D---- C:\ProgramData\FacebookDiscovery
2011-01-06 12:03:41 ----D---- C:\Program Files\IDoser v4
2011-01-04 17:48:27 ----D---- C:\SAM
2010-12-31 12:39:59 ----D---- C:\ProgramData\Yahoo! Companion
2010-12-31 12:39:43 ----D---- C:\ProgramData\Yahoo!
======List of files/folders modified in the last 1 months======
2011-01-30 16:02:25 ----D---- C:\Program Files\trend micro
2011-01-30 16:02:24 ----D---- C:\Windows\Temp
2011-01-30 16:00:19 ----D---- C:\Windows\System32
2011-01-30 16:00:19 ----D---- C:\Windows\inf
2011-01-30 16:00:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-30 15:58:43 ----D---- C:\Windows\Internet Logs
2011-01-30 15:58:33 ----D---- C:\Windows\system32\config
2011-01-30 15:57:28 ----D---- C:\Windows
2011-01-30 12:36:58 ----D---- C:\Windows\Tasks
2011-01-30 12:36:58 ----D---- C:\Windows\system32\Tasks
2011-01-30 12:35:25 ----A---- C:\Windows\system.ini
2011-01-30 12:35:19 ----D---- C:\Windows\system32\drivers\etc
2011-01-30 12:34:34 ----RD---- C:\Program Files
2011-01-30 12:32:27 ----D---- C:\Windows\system32\drivers
2011-01-30 12:32:27 ----D---- C:\Windows\AppPatch
2011-01-30 12:32:26 ----D---- C:\Program Files\Common Files
2011-01-30 10:22:34 ----SHD---- C:\Windows\Installer
2011-01-30 10:22:34 ----D---- C:\Config.Msi
2011-01-30 10:22:20 ----D---- C:\Program Files\Java
2011-01-30 10:21:44 ----SHD---- C:\System Volume Information
2011-01-29 21:34:54 ----D---- C:\Windows\Prefetch
2011-01-29 12:17:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-28 14:46:03 ----D---- C:\TEMP
2011-01-27 14:15:16 ----D---- C:\Windows\Minidump
2011-01-27 14:15:16 ----D---- C:\Windows\debug
2011-01-26 14:46:19 ----D---- C:\ProgramData
2011-01-25 23:23:28 ----D---- C:\Windows\system32\catroot2
2011-01-17 20:37:36 ----D---- C:\Program Files\Google
2011-01-17 20:21:43 ----RD---- C:\Users
2011-01-13 09:47:32 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-12 17:28:01 ----D---- C:\Windows\winsxs
2011-01-12 17:21:52 ----A---- C:\Windows\system32\MRT.exe
2011-01-12 08:59:46 ----D---- C:\Windows\system32\catroot
2011-01-06 22:55:15 ----D---- C:\Program Files\ipla
2011-01-06 22:54:10 ----D---- C:\ProgramData\ipla
2011-01-06 20:13:16 ----D---- C:\Program Files\FacebookDiscovery
2010-12-31 12:40:05 ----D---- C:\Program Files\Yahoo!
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 461400]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-12-26 2259296]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 PAC207;Webcam 1200; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2011-01-12 125672]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-06-16 32768]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Comp\AppData\Local\Temp\catchme.sys []
S3 cpuz134;cpuz134; \??\C:\Users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-04-28 54632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-03 133120]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 25216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2011-01-12 69864]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-22 655624]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-15 182768]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-15 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-15 135664]
S4 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2010-07-27 247808]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2010-07-26 57640]
S4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-06-23 322608]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
-----------------EOF-----------------
Jinak stránka T-cleaneru je nefunkční. A počítač se zatím chová, tak jak by měl.
Re: Preventivní kontrola logů
Děkuji za upozornění
Otevřete si Poznámkový blok a zkopírujte do něj text
-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
Tuto složku znáte?
C:\emoticons
Pokud nejsou problémy, je to vše
Otevřete si Poznámkový blok a zkopírujte do něj text Kód: Vybrat vše
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
Tuto složku znáte?C:\emoticons
Pokud nejsou problémy, je to vše
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivní kontrola logů
Ta složka C:\emoticons byla prázdná, tak jsem sí smazal. Klíč registru jsem taky dle návodu smazal. Takže ted už stačí jen poděkovat. Díky za pomoc.
Re: Preventivní kontrola logů
Není zač
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?