Re: pomalý internet
Napsal: 07 pro 2011 21:02
Tím by měl být rootkit pryč. Nyní bude třeba udělat něco s tím malým diskem, neboť 10GB je opravdu málo. Co rychlost internetu?
Stránka 4 z 6
Re: pomalý internet
Napsal: 07 pro 2011 21:04
asi nevymetlo nie je potrebný reštart ..rýchlosť pripojenia beží stale rovnako
Re: pomalý internet
Napsal: 07 pro 2011 21:54
OK. Spusťte tedy mbr takto: "%userprofile%\plocha\mbr" -t -s .
Re: pomalý internet
Napsal: 07 pro 2011 21:56
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C68C70]<<
_asm { JMP 0x4; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x82ED5AB8]
3 CLASSPNP[0xF865705B] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000008f[0x82EF3900]
5 ACPI[0xF846D620] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP1T0L0-e[0x82EE6940]
\Driver\atapi[0x82ED7760] -> IRP_MJ_CREATE -> 0x82C68C70
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x82c68c70
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Windows 5.1.2600 Disk: ST3120026A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82C68C70]<<
_asm { JMP 0x4; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x82ED5AB8]
3 CLASSPNP[0xF865705B] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000008f[0x82EF3900]
5 ACPI[0xF846D620] -> nt!IofCallDriver[0x804E37C5] -> \Device\Ide\IdeDeviceP1T0L0-e[0x82EE6940]
\Driver\atapi[0x82ED7760] -> IRP_MJ_CREATE -> 0x82C68C70
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x82c68c70
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Re: pomalý internet
Napsal: 07 pro 2011 22:07
Je tam stále, prevít. Pošli vám čistý soubor atapi.sys:
Stáhněte a rozbalte na plochu. Pak spusťte ComboFix skriptem:
Stáhněte a rozbalte na plochu. Pak spusťte ComboFix skriptem:
FCopy::
C:\documents and settings\marika\plocha\atapi.sys | c:\windows\system32\drivers\atapi sys
Re: pomalý internet
Napsal: 07 pro 2011 22:41
ComboFix 11-12-06.02 - marika 07.12.2011 22:26:35.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.266 [GMT 1:00]
Spuštěný z: c:\documents and settings\marika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\marika\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\documents and settings\marika\plocha\atapi.sys --> c:\windows\system32\drivers\atapi sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-06 14:57 . 2011-12-06 17:19 475736 ------w- c:\windows\system32\drivers\7634080drv.sys
2011-12-06 08:44 . 2011-12-06 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DrivingSpeed2
2011-12-03 19:00 . 2011-12-03 19:00 -------- d-----w- c:\program files\MSXML 4.0
2011-12-03 18:14 . 2011-12-03 18:14 -------- d-----w- c:\documents and settings\marika\Local Settings\Data aplikací\Threat Expert
2011-12-02 15:14 . 2011-12-04 11:29 -------- d-----w- c:\program files\trend micro
2011-12-02 15:14 . 2011-12-02 15:14 -------- d-----w- C:\rsit
2011-11-29 14:53 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-29 14:18 . 2011-11-29 14:44 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-29 14:18 . 2011-11-22 18:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-29 14:17 . 2011-11-29 14:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-11-29 14:17 . 2011-11-29 14:17 -------- d-----w- c:\documents and settings\marika\Data aplikací\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-07-25 13:21 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-25 13:21 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-25 13:22 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-25 13:22 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-25 13:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-25 13:22 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-25 13:22 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-07-25 13:22 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-07-25 13:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-07-25 13:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-22 10:52 . 2011-09-22 08:52 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 22:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
.
[-] 2008-04-05 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-12-04_18.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-17 13:49 . 2009-07-14 01:14 88576 c:\windows\system32\wiaacmgr.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"FamilyKeyLogger"="c:\program files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe" [2003-01-31 70144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\marika\Nabídka Start\Programy\Po spuštění\
Kalendár.lnk - c:\windows\MENINY.EXE [2009-8-7 49312]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-6-12 1183744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\ROUTE66\\ROUTE66Sync.exe"=
"c:\program files\MSN Gaming Zone\Windows\bckgzm.exe"= c:\program files\MSN Gaming Zone\Windows\bckgzm.exe:192.168.1.2/255.255.255.255:Enabled:Backgammon v Internetu
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Ferguson\\18 Wheels of Steel Haulin\\Aphex.exe"=
"c:\\Documents and Settings\\marika\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:smtp.azet.sk
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12.2.2009 12:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12.2.2009 12:07 5248]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2009 15:33 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 14:22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.7.2011 14:22 314456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 115008]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12.2.2009 12:18 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.7.2011 14:22 20568]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1.3.2010 17:32 36608]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [10.3.2009 8:52 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.2.2010 20:49 27632]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 22:36
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-12-07 22:39:28
ComboFix-quarantined-files.txt 2011-12-07 21:39
ComboFix2.txt 2011-12-05 20:57
ComboFix3.txt 2011-12-05 20:19
ComboFix4.txt 2011-12-05 17:45
ComboFix5.txt 2011-12-07 21:24
.
Před spuštěním: 1 810 112 512
Po spuštění: 1 843 245 056
.
- - End Of File - - 0167A56FB450510B4D46246EB3E2FF84
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.266 [GMT 1:00]
Spuštěný z: c:\documents and settings\marika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\marika\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\documents and settings\marika\plocha\atapi.sys --> c:\windows\system32\drivers\atapi sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-06 14:57 . 2011-12-06 17:19 475736 ------w- c:\windows\system32\drivers\7634080drv.sys
2011-12-06 08:44 . 2011-12-06 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DrivingSpeed2
2011-12-03 19:00 . 2011-12-03 19:00 -------- d-----w- c:\program files\MSXML 4.0
2011-12-03 18:14 . 2011-12-03 18:14 -------- d-----w- c:\documents and settings\marika\Local Settings\Data aplikací\Threat Expert
2011-12-02 15:14 . 2011-12-04 11:29 -------- d-----w- c:\program files\trend micro
2011-12-02 15:14 . 2011-12-02 15:14 -------- d-----w- C:\rsit
2011-11-29 14:53 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-29 14:18 . 2011-11-29 14:44 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-29 14:18 . 2011-11-22 18:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-29 14:17 . 2011-11-29 14:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-11-29 14:17 . 2011-11-29 14:17 -------- d-----w- c:\documents and settings\marika\Data aplikací\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-07-25 13:21 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-25 13:21 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-25 13:22 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-25 13:22 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-25 13:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-25 13:22 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-25 13:22 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-07-25 13:22 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-07-25 13:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-07-25 13:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-22 10:52 . 2011-09-22 08:52 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 22:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
.
[-] 2008-04-05 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-12-04_18.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-17 13:49 . 2009-07-14 01:14 88576 c:\windows\system32\wiaacmgr.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"FamilyKeyLogger"="c:\program files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe" [2003-01-31 70144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\marika\Nabídka Start\Programy\Po spuštění\
Kalendár.lnk - c:\windows\MENINY.EXE [2009-8-7 49312]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-6-12 1183744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\ROUTE66\\ROUTE66Sync.exe"=
"c:\program files\MSN Gaming Zone\Windows\bckgzm.exe"= c:\program files\MSN Gaming Zone\Windows\bckgzm.exe:192.168.1.2/255.255.255.255:Enabled:Backgammon v Internetu
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Ferguson\\18 Wheels of Steel Haulin\\Aphex.exe"=
"c:\\Documents and Settings\\marika\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:smtp.azet.sk
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12.2.2009 12:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12.2.2009 12:07 5248]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2009 15:33 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 14:22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.7.2011 14:22 314456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 115008]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12.2.2009 12:18 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.7.2011 14:22 20568]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1.3.2010 17:32 36608]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [10.3.2009 8:52 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.2.2010 20:49 27632]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 22:36
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-12-07 22:39:28
ComboFix-quarantined-files.txt 2011-12-07 21:39
ComboFix2.txt 2011-12-05 20:57
ComboFix3.txt 2011-12-05 20:19
ComboFix4.txt 2011-12-05 17:45
ComboFix5.txt 2011-12-07 21:24
.
Před spuštěním: 1 810 112 512
Po spuštění: 1 843 245 056
.
- - End Of File - - 0167A56FB450510B4D46246EB3E2FF84
Re: pomalý internet
Napsal: 07 pro 2011 22:48
Je to tam stále, navíc se tam objevilo něco nového. Spusťte znovu s tímto skriptem:
KillAll::
FCopy::
c:\documents and settings\marika\plocha\atapi.sys | c:\windows\system32\drivers\atapi sys
Collect::
c:\windows\system32\drivers\7634080drv.sys
Driver::
7634080drv
Re: pomalý internet
Napsal: 07 pro 2011 23:52
ComboFix 11-12-06.02 - marika 07.12.2011 23:11:14.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.142 [GMT 1:00]
Spuštěný z: c:\documents and settings\marika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\marika\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\drivers\7634080drv.sys
.
.
--------------- FCopy ---------------
.
c:\documents and settings\marika\plocha\atapi.sys --> c:\windows\system32\drivers\atapi sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_7634080DRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-06 08:44 . 2011-12-06 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DrivingSpeed2
2011-12-03 19:00 . 2011-12-03 19:00 -------- d-----w- c:\program files\MSXML 4.0
2011-12-03 18:14 . 2011-12-03 18:14 -------- d-----w- c:\documents and settings\marika\Local Settings\Data aplikací\Threat Expert
2011-12-02 15:14 . 2011-12-04 11:29 -------- d-----w- c:\program files\trend micro
2011-12-02 15:14 . 2011-12-02 15:14 -------- d-----w- C:\rsit
2011-11-29 14:53 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-29 14:18 . 2011-11-29 14:44 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-29 14:18 . 2011-11-22 18:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-29 14:17 . 2011-11-29 14:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-11-29 14:17 . 2011-11-29 14:17 -------- d-----w- c:\documents and settings\marika\Data aplikací\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-07-25 13:21 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-25 13:21 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-25 13:22 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-25 13:22 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-25 13:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-25 13:22 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-25 13:22 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-07-25 13:22 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-07-25 13:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-07-25 13:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-22 10:52 . 2011-09-22 08:52 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 22:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
.
[-] 2008-04-05 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-12-04_18.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-17 13:49 . 2009-07-14 01:14 88576 c:\windows\system32\wiaacmgr.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"FamilyKeyLogger"="c:\program files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe" [2003-01-31 70144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\marika\Nabídka Start\Programy\Po spuštění\
Kalendár.lnk - c:\windows\MENINY.EXE [2009-8-7 49312]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-6-12 1183744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\ROUTE66\\ROUTE66Sync.exe"=
"c:\program files\MSN Gaming Zone\Windows\bckgzm.exe"= c:\program files\MSN Gaming Zone\Windows\bckgzm.exe:192.168.1.2/255.255.255.255:Enabled:Backgammon v Internetu
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Ferguson\\18 Wheels of Steel Haulin\\Aphex.exe"=
"c:\\Documents and Settings\\marika\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:smtp.azet.sk
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12.2.2009 12:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12.2.2009 12:07 5248]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2009 15:33 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 14:22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.7.2011 14:22 314456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 115008]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12.2.2009 12:18 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.7.2011 14:22 20568]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1.3.2010 17:32 36608]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [10.3.2009 8:52 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.2.2010 20:49 27632]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 23:23
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-12-07 23:26:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-07 22:26
ComboFix2.txt 2011-12-07 21:39
ComboFix3.txt 2011-12-05 20:57
ComboFix4.txt 2011-12-05 20:19
ComboFix5.txt 2011-12-07 21:52
.
Před spuštěním: 1 840 693 248
Po spuštění: 1 824 575 488
.
- - End Of File - - 4DFF8C0FC552AA93827CC3A2AC75AD4C
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.142 [GMT 1:00]
Spuštěný z: c:\documents and settings\marika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\marika\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\drivers\7634080drv.sys
.
.
--------------- FCopy ---------------
.
c:\documents and settings\marika\plocha\atapi.sys --> c:\windows\system32\drivers\atapi sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_7634080DRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-07 do 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-06 08:44 . 2011-12-06 08:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DrivingSpeed2
2011-12-03 19:00 . 2011-12-03 19:00 -------- d-----w- c:\program files\MSXML 4.0
2011-12-03 18:14 . 2011-12-03 18:14 -------- d-----w- c:\documents and settings\marika\Local Settings\Data aplikací\Threat Expert
2011-12-02 15:14 . 2011-12-04 11:29 -------- d-----w- c:\program files\trend micro
2011-12-02 15:14 . 2011-12-02 15:14 -------- d-----w- C:\rsit
2011-11-29 14:53 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-29 14:18 . 2011-11-29 14:44 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-29 14:18 . 2011-11-22 18:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-29 14:17 . 2011-11-29 14:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-11-29 14:17 . 2011-11-29 14:17 -------- d-----w- c:\documents and settings\marika\Data aplikací\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-07-25 13:21 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-25 13:21 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-25 13:22 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-25 13:22 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-25 13:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-25 13:22 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-25 13:22 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-07-25 13:22 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-07-25 13:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-07-25 13:22 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-22 10:52 . 2011-09-22 08:52 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 22:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
.
[-] 2008-04-05 . 0C2F6B6366E23D7362EB2C2EC29262F6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-12-04_18.35.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-17 13:49 . 2009-07-14 01:14 88576 c:\windows\system32\wiaacmgr.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"FamilyKeyLogger"="c:\program files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe" [2003-01-31 70144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\marika\Nabídka Start\Programy\Po spuštění\
Kalendár.lnk - c:\windows\MENINY.EXE [2009-8-7 49312]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-6-12 1183744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\ROUTE66\\ROUTE66Sync.exe"=
"c:\program files\MSN Gaming Zone\Windows\bckgzm.exe"= c:\program files\MSN Gaming Zone\Windows\bckgzm.exe:192.168.1.2/255.255.255.255:Enabled:Backgammon v Internetu
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Ferguson\\18 Wheels of Steel Haulin\\Aphex.exe"=
"c:\\Documents and Settings\\marika\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:smtp.azet.sk
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12.2.2009 12:07 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12.2.2009 12:07 5248]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2009 15:33 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 14:22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.7.2011 14:22 314456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 115008]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [12.2.2009 12:18 51072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.7.2011 14:22 20568]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 11:44 30088]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1.3.2010 17:32 36608]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [10.3.2009 8:52 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.2.2010 20:49 27632]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1392740
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 23:23
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-12-07 23:26:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-07 22:26
ComboFix2.txt 2011-12-07 21:39
ComboFix3.txt 2011-12-05 20:57
ComboFix4.txt 2011-12-05 20:19
ComboFix5.txt 2011-12-07 21:52
.
Před spuštěním: 1 840 693 248
Po spuštění: 1 824 575 488
.
- - End Of File - - 4DFF8C0FC552AA93827CC3A2AC75AD4C
Re: pomalý internet
Napsal: 08 pro 2011 10:59
k tejto teme - skus este - citat:
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.
Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte
Re: pomalý internet
Napsal: 08 pro 2011 11:20
posielam log aswMBR
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-08 11:07:32
-----------------------------
11:07:32.593 OS Version: Windows 5.1.2600 Service Pack 2
11:07:32.593 Number of processors: 1 586 0x801
11:07:32.593 ComputerName: MARIKA UserName: marika
11:07:32.781 Initialize success
11:07:32.890 AVAST engine defs: 11120701
11:07:34.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:07:34.937 Disk 0 Vendor: ST3120026A 8.01 Size: 114473MB BusType: 3
11:07:34.953 Device \Driver\atapi -> DriverStartIo f84007c6
11:07:34.953 Device \Driver\atapi -> MajorFunction 82c76f00
11:07:36.968 Disk 0 MBR read successfully
11:07:36.968 Disk 0 MBR scan
11:07:36.968 Disk 0 Windows XP default MBR code
11:07:36.968 Disk 0 scanning sectors +234436545
11:07:37.046 Disk 0 scanning C:\WINDOWS\system32\drivers
11:07:50.234 Service scanning
11:07:50.781 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
11:07:50.890 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
11:07:51.125 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:07:52.078 Modules scanning
11:08:01.828 Disk 0 trace - called modules:
11:08:01.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82c76f00]<<
11:08:01.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f3dab8]
11:08:01.843 3 CLASSPNP.SYS[f865705b] -> nt!IofCallDriver -> \Device\0000008f[0x82f2b9e8]
11:08:01.843 5 ACPI.sys[f846d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82eaf940]
11:08:01.843 \Driver\atapi[0x82f398c8] -> IRP_MJ_CREATE -> 0x82c76f00
11:08:02.000 AVAST engine scan C:\WINDOWS
11:08:06.375 AVAST engine scan C:\WINDOWS\system32
11:09:36.578 AVAST engine scan C:\WINDOWS\system32\drivers
11:09:48.140 AVAST engine scan C:\Documents and Settings\marika
11:12:11.390 AVAST engine scan C:\Documents and Settings\All Users
11:13:01.953 Scan finished successfully
11:18:53.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\marika\Plocha\MBR.dat"
11:18:53.718 The log file has been saved successfully to "C:\Documents and Settings\marika\Plocha\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-08 11:07:32
-----------------------------
11:07:32.593 OS Version: Windows 5.1.2600 Service Pack 2
11:07:32.593 Number of processors: 1 586 0x801
11:07:32.593 ComputerName: MARIKA UserName: marika
11:07:32.781 Initialize success
11:07:32.890 AVAST engine defs: 11120701
11:07:34.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:07:34.937 Disk 0 Vendor: ST3120026A 8.01 Size: 114473MB BusType: 3
11:07:34.953 Device \Driver\atapi -> DriverStartIo f84007c6
11:07:34.953 Device \Driver\atapi -> MajorFunction 82c76f00
11:07:36.968 Disk 0 MBR read successfully
11:07:36.968 Disk 0 MBR scan
11:07:36.968 Disk 0 Windows XP default MBR code
11:07:36.968 Disk 0 scanning sectors +234436545
11:07:37.046 Disk 0 scanning C:\WINDOWS\system32\drivers
11:07:50.234 Service scanning
11:07:50.781 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32
11:07:50.890 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
11:07:51.125 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:07:52.078 Modules scanning
11:08:01.828 Disk 0 trace - called modules:
11:08:01.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82c76f00]<<
11:08:01.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f3dab8]
11:08:01.843 3 CLASSPNP.SYS[f865705b] -> nt!IofCallDriver -> \Device\0000008f[0x82f2b9e8]
11:08:01.843 5 ACPI.sys[f846d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82eaf940]
11:08:01.843 \Driver\atapi[0x82f398c8] -> IRP_MJ_CREATE -> 0x82c76f00
11:08:02.000 AVAST engine scan C:\WINDOWS
11:08:06.375 AVAST engine scan C:\WINDOWS\system32
11:09:36.578 AVAST engine scan C:\WINDOWS\system32\drivers
11:09:48.140 AVAST engine scan C:\Documents and Settings\marika
11:12:11.390 AVAST engine scan C:\Documents and Settings\All Users
11:13:01.953 Scan finished successfully
11:18:53.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\marika\Plocha\MBR.dat"
11:18:53.718 The log file has been saved successfully to "C:\Documents and Settings\marika\Plocha\aswMBR.txt"
Re: pomalý internet
Napsal: 08 pro 2011 11:59
odinstaluj nie nevyhnutne potrebne programy:
C:\Program Files\PC Tools\PC Tools Security
C:\Program Files\Spyware Terminator
+
restart a vloz kolegom aktualny log RSIT - odomna vsetko
C:\Program Files\PC Tools\PC Tools Security
C:\Program Files\Spyware Terminator
+
restart a vloz kolegom aktualny log RSIT - odomna vsetko
Re: pomalý internet
Napsal: 08 pro 2011 12:39
Vše smazáno. Ty programy, které vám navrhl JaRon, odinstalujte.
Re: pomalý internet
Napsal: 08 pro 2011 14:33
toho terninátora som odinštaloval ale to C:\Program Files\PC Tools\PC Tools Security
nemôžem nájsť je tu len : c:\Program Files\Common Files\PC Tools\KDS.exe
a c:\Program Files\Common Files\PC Tools\pctEFA.exe
tu je log RSIT :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:23:41, on 8.12.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\opera.exe
c:\Program Files\trend micro\marika.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FamilyKeyLogger] c:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4232 bytes
nemôžem nájsť je tu len : c:\Program Files\Common Files\PC Tools\KDS.exe
a c:\Program Files\Common Files\PC Tools\pctEFA.exe
tu je log RSIT :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:23:41, on 8.12.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\opera.exe
c:\Program Files\trend micro\marika.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FamilyKeyLogger] c:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4232 bytes
Re: pomalý internet
Napsal: 08 pro 2011 14:50
toto je log HijackThis - skus RSIT
Re: pomalý internet
Napsal: 08 pro 2011 14:57
tak znova
Logfile of random's system information tool 1.09 (written by random/random)
Run by marika at 2011-12-08 14:56:05
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (15%) free of 10 GB
Total RAM: 511 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:56:09, on 8.12.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\marika\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\marika.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FamilyKeyLogger] c:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4302 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"FamilyKeyLogger"=c:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe [2003-01-31 70144]
"reset"=regedit /s reset.reg []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\marika\Nabídka Start\Programy\Po spuštění
Kalendár.lnk - C:\WINDOWS\MENINY.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\ROUTE66\ROUTE66Sync.exe"="D:\Program Files\ROUTE66\ROUTE66Sync.exe:*:Disabled:ROUTE 66 Sync"
"C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"="C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe:192.168.1.2/255.255.255.255:Enabled:Backgammon v Internetu"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Ferguson\18 Wheels of Steel Haulin\Aphex.exe"="D:\Ferguson\18 Wheels of Steel Haulin\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Documents and Settings\marika\Local Settings\Data aplikací\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Documents and Settings\marika\Local Settings\Data aplikací\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-12-08 10:42:21 ----D---- C:\WINDOWS\temp
2011-12-08 10:42:18 ----A---- C:\ComboFix.txt
2011-12-07 17:26:31 ----ASH---- C:\pagefile.sys
2011-12-06 09:44:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\DrivingSpeed2
2011-12-05 21:14:15 ----ASH---- C:\hiberfil.sys
2011-12-05 17:29:08 ----A---- C:\TDSSKiller.2.6.21.0_05.12.2011_17.29.08_log.txt
2011-12-05 17:08:27 ----A---- C:\WINDOWS\NIRCMD.exe
2011-12-03 20:00:08 ----D---- C:\Program Files\MSXML 4.0
2011-12-02 16:14:20 ----D---- C:\Program Files\trend micro
2011-12-02 16:14:18 ----D---- C:\rsit
2011-11-30 21:23:57 ----A---- C:\Boot.bak
2011-11-30 21:23:50 ----RASHD---- C:\cmdcons
2011-11-30 21:20:30 ----A---- C:\WINDOWS\zip.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\SWSC.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\SWREG.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\sed.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\PEV.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\MBR.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\grep.exe
2011-11-30 21:18:34 ----D---- C:\WINDOWS\ERDNT
2011-11-30 21:18:25 ----D---- C:\Qoobox
2011-11-29 15:53:23 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-11-29 15:20:08 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2011-11-29 15:18:53 ----D---- C:\Program Files\Common Files\PC Tools
2011-11-29 15:18:53 ----A---- C:\WINDOWS\system32\drivers\PCTSD.sys
2011-11-29 15:17:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-11-29 15:17:55 ----D---- C:\Documents and Settings\marika\Data aplikací\TestApp
======List of files/folders modified in the last 1 month======
2011-12-08 14:22:08 ----D---- C:\WINDOWS\Prefetch
2011-12-08 14:07:34 ----A---- C:\WINDOWS\WINCMD.INI
2011-12-08 13:51:10 ----RD---- C:\Program Files
2011-12-08 13:44:43 ----D---- C:\WINDOWS
2011-12-08 13:44:31 ----A---- C:\WINDOWS\win.ini
2011-12-08 11:45:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-08 11:45:21 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-08 10:42:25 ----D---- C:\WINDOWS\system32\drivers
2011-12-08 10:39:05 ----A---- C:\WINDOWS\system.ini
2011-12-08 10:38:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-12-08 10:32:37 ----D---- C:\WINDOWS\system32
2011-12-08 10:32:37 ----D---- C:\WINDOWS\AppPatch
2011-12-08 10:32:31 ----D---- C:\Program Files\Common Files
2011-12-07 23:03:08 ----D---- C:\WINDOWS\system32\config
2011-12-07 17:36:05 ----D---- C:\Program Files\Opera
2011-12-06 18:05:18 ----SHD---- C:\System Volume Information
2011-12-06 15:58:10 ----HD---- C:\WINDOWS\inf
2011-12-06 15:26:07 ----SHD---- C:\WINDOWS\Installer
2011-12-06 09:50:54 ----D---- C:\Program Files\EA GAMES
2011-12-05 21:44:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-05 19:16:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-05 19:15:44 ----D---- C:\Program Files\Mozilla Thunderbird
2011-12-05 19:15:09 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-05 19:13:48 ----D---- C:\WINDOWS\WinSxS
2011-12-05 16:45:36 ----D---- C:\Documents and Settings
2011-12-04 19:39:10 ----SD---- C:\WINDOWS\Tasks
2011-12-04 19:34:22 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2011-12-04 19:34:22 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem.txt
2011-12-04 19:34:22 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem #2.txt
2011-12-04 17:10:20 ----D---- C:\WINDOWS\system32\ias
2011-12-04 11:45:50 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-12-03 20:01:39 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-12-03 19:08:25 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-30 21:36:17 ----D---- C:\WINDOWS\system32\wbem
2011-11-30 21:35:44 ----D---- C:\WINDOWS\CSC
2011-11-30 21:23:57 ----RASH---- C:\boot.ini
2011-11-29 16:26:38 ----D---- C:\WINDOWS\afbgc
2011-11-28 19:01:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-25 19:25:09 ----A---- C:\WINDOWS\NeroDigital.ini
2011-11-14 20:15:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-03-07 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-03-26 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-12-23 40704]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-12-23 316672]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-09-22 17480]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ICDUSB2;Sony IC Recorder (ST); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys []
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by marika at 2011-12-08 14:56:05
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (15%) free of 10 GB
Total RAM: 511 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:56:09, on 8.12.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\marika\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\marika.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FamilyKeyLogger] c:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4302 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"FamilyKeyLogger"=c:\Program Files\Windows XP Fun Pack\Winter 2003\Family\cisvc.exe [2003-01-31 70144]
"reset"=regedit /s reset.reg []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\marika\Nabídka Start\Programy\Po spuštění
Kalendár.lnk - C:\WINDOWS\MENINY.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\ROUTE66\ROUTE66Sync.exe"="D:\Program Files\ROUTE66\ROUTE66Sync.exe:*:Disabled:ROUTE 66 Sync"
"C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"="C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe:192.168.1.2/255.255.255.255:Enabled:Backgammon v Internetu"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Ferguson\18 Wheels of Steel Haulin\Aphex.exe"="D:\Ferguson\18 Wheels of Steel Haulin\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Documents and Settings\marika\Local Settings\Data aplikací\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Documents and Settings\marika\Local Settings\Data aplikací\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-12-08 10:42:21 ----D---- C:\WINDOWS\temp
2011-12-08 10:42:18 ----A---- C:\ComboFix.txt
2011-12-07 17:26:31 ----ASH---- C:\pagefile.sys
2011-12-06 09:44:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\DrivingSpeed2
2011-12-05 21:14:15 ----ASH---- C:\hiberfil.sys
2011-12-05 17:29:08 ----A---- C:\TDSSKiller.2.6.21.0_05.12.2011_17.29.08_log.txt
2011-12-05 17:08:27 ----A---- C:\WINDOWS\NIRCMD.exe
2011-12-03 20:00:08 ----D---- C:\Program Files\MSXML 4.0
2011-12-02 16:14:20 ----D---- C:\Program Files\trend micro
2011-12-02 16:14:18 ----D---- C:\rsit
2011-11-30 21:23:57 ----A---- C:\Boot.bak
2011-11-30 21:23:50 ----RASHD---- C:\cmdcons
2011-11-30 21:20:30 ----A---- C:\WINDOWS\zip.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\SWSC.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\SWREG.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\sed.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\PEV.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\MBR.exe
2011-11-30 21:20:30 ----A---- C:\WINDOWS\grep.exe
2011-11-30 21:18:34 ----D---- C:\WINDOWS\ERDNT
2011-11-30 21:18:25 ----D---- C:\Qoobox
2011-11-29 15:53:23 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-11-29 15:20:08 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2011-11-29 15:18:53 ----D---- C:\Program Files\Common Files\PC Tools
2011-11-29 15:18:53 ----A---- C:\WINDOWS\system32\drivers\PCTSD.sys
2011-11-29 15:17:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-11-29 15:17:55 ----D---- C:\Documents and Settings\marika\Data aplikací\TestApp
======List of files/folders modified in the last 1 month======
2011-12-08 14:22:08 ----D---- C:\WINDOWS\Prefetch
2011-12-08 14:07:34 ----A---- C:\WINDOWS\WINCMD.INI
2011-12-08 13:51:10 ----RD---- C:\Program Files
2011-12-08 13:44:43 ----D---- C:\WINDOWS
2011-12-08 13:44:31 ----A---- C:\WINDOWS\win.ini
2011-12-08 11:45:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-08 11:45:21 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-08 10:42:25 ----D---- C:\WINDOWS\system32\drivers
2011-12-08 10:39:05 ----A---- C:\WINDOWS\system.ini
2011-12-08 10:38:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-12-08 10:32:37 ----D---- C:\WINDOWS\system32
2011-12-08 10:32:37 ----D---- C:\WINDOWS\AppPatch
2011-12-08 10:32:31 ----D---- C:\Program Files\Common Files
2011-12-07 23:03:08 ----D---- C:\WINDOWS\system32\config
2011-12-07 17:36:05 ----D---- C:\Program Files\Opera
2011-12-06 18:05:18 ----SHD---- C:\System Volume Information
2011-12-06 15:58:10 ----HD---- C:\WINDOWS\inf
2011-12-06 15:26:07 ----SHD---- C:\WINDOWS\Installer
2011-12-06 09:50:54 ----D---- C:\Program Files\EA GAMES
2011-12-05 21:44:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-05 19:16:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-12-05 19:15:44 ----D---- C:\Program Files\Mozilla Thunderbird
2011-12-05 19:15:09 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-05 19:13:48 ----D---- C:\WINDOWS\WinSxS
2011-12-05 16:45:36 ----D---- C:\Documents and Settings
2011-12-04 19:39:10 ----SD---- C:\WINDOWS\Tasks
2011-12-04 19:34:22 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2011-12-04 19:34:22 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem.txt
2011-12-04 19:34:22 ----A---- C:\WINDOWS\ModemLog_Bluetooth LAP Modem #2.txt
2011-12-04 17:10:20 ----D---- C:\WINDOWS\system32\ias
2011-12-04 11:45:50 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-12-03 20:01:39 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-12-03 19:08:25 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-30 21:36:17 ----D---- C:\WINDOWS\system32\wbem
2011-11-30 21:35:44 ----D---- C:\WINDOWS\CSC
2011-11-30 21:23:57 ----RASH---- C:\boot.ini
2011-11-29 16:26:38 ----D---- C:\WINDOWS\afbgc
2011-11-28 19:01:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-11-25 19:25:09 ----A---- C:\WINDOWS\NeroDigital.ini
2011-11-14 20:15:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-03-07 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-03-26 51072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-12-23 40704]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-12-23 316672]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-09-22 17480]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ICDUSB2;Sony IC Recorder (ST); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys []
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
-----------------EOF-----------------