Prosím o kontrolu logu, mám totiž problém s instalací aktualizace .NET frameworku. Mimo to PC pracuje normálně.
Logfile of random's system information tool 1.07 (written by random/random)
Run by Reczek at 2010-06-20 12:42:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (5%) free of 114 GB
Total RAM: 1023 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:00, on 20.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QIP 2010\qip.exe
C:\Documents and Settings\Reczek\Plocha\Správa počítače\RSIT.exe
C:\Program Files\trend micro\Reczek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svátky a výročí] C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7227201806
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9823 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-15 262144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-03-15 262144]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-10 7311360]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-10 86016]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Svátky a výročí"=C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe [2004-12-12 960512]
"OscarEditor"=C:\Program Files\OSCAR Editor\OscarEditor.exe [2009-06-16 3330048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\Reczek\Data aplikací\mjusbsp\cdloader2.exe [2008-08-22 50520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-11-17 171464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -trayboot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
C:\Program Files\LowRateVoip\LowRateVoip.exe [2009-08-04 9147192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
C:\Program Files\MobMapUpdater\MobMapUpdater.exe [2008-11-05 1770624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\nbj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-05-22 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-11-02 1783808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-06-06 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2005-04-08 1179648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HD Tune.lnk]
C:\PROGRA~1\HDTUNE~1\HDTune.exe [2008-02-09 401408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Reczek^Plocha^Nepoužívané odkazy plochy^DivX^HDDlife.lnk]
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=2
"iPodService"=3
"BlueSoleil Hid Service"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Codemasters\Colin McRae Rally 04\cmr4.exe"="C:\Program Files\Codemasters\Colin McRae Rally 04\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Sdílení aplikací RTC"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe:*:Disabled:BfVietnam"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LowRateVoip\LowRateVoip.exe"="C:\Program Files\LowRateVoip\LowRateVoip.exe:*:Enabled:LowRateVoip"
"C:\Documents and Settings\Reczek\Data aplikací\mjusbsp\magicJack.exe"="C:\Documents and Settings\Reczek\Data aplikací\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Age of Empires II\age2_x1.exe"="C:\Program Files\Age of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Games\Rise of Nations\thrones.exe"="E:\Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27f33750-2409-11de-a574-001485926b0d}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6561757-70f5-11dd-a466-4d6564696130}]
shell\AutoRun\command - G:\autorun.exe
shell\phone\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d454b997-a1c1-11dd-a4b5-001485926b0d}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======File associations======
.txt - open - notepad.exe %1
======List of files/folders created in the last 1 months======
2010-06-20 12:42:44 ----D---- C:\rsit
2010-06-20 10:53:30 ----SHD---- C:\Config.Msi
2010-06-20 09:59:57 ----D---- C:\WINDOWS\system32\URTTEMP
2010-06-20 09:49:36 ----D---- C:\Program Files\MSBuild
2010-06-20 09:49:33 ----D---- C:\WINDOWS\system32\en-US
2010-06-19 11:50:28 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-06-19 11:50:16 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-06-10 00:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 00:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-09 23:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-09 23:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-09 23:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-09 23:53:42 ----A---- C:\WINDOWS\imsins.BAK
2010-06-09 23:53:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-05-28 18:21:33 ----D---- C:\Program Files\Bohemia Interactive
2010-05-26 13:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
======List of files/folders modified in the last 1 months======
2010-06-20 12:44:00 ----D---- C:\Program Files\Trend Micro
2010-06-20 12:21:31 ----D---- C:\Documents and Settings\Reczek\Data aplikací\Free Download Manager
2010-06-20 11:51:50 ----SHD---- C:\WINDOWS\Installer
2010-06-20 11:24:04 ----D---- C:\WINDOWS\Internet Logs
2010-06-20 11:19:06 ----D---- C:\WINDOWS\Temp
2010-06-20 11:12:04 ----D---- C:\Program Files\Mozilla Firefox
2010-06-20 11:10:57 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-20 11:10:54 ----RSD---- C:\WINDOWS\assembly
2010-06-20 11:02:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 10:59:59 ----D---- C:\WINDOWS\system32
2010-06-20 10:59:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-20 10:59:23 ----D---- C:\WINDOWS\WinSxS
2010-06-20 10:54:30 ----D---- C:\WINDOWS
2010-06-20 10:50:45 ----D---- C:\WINDOWS\Registration
2010-06-20 10:43:10 ----D---- C:\WINDOWS\Prefetch
2010-06-20 10:39:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 10:29:57 ----D---- C:\WINDOWS\inf
2010-06-20 10:29:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-20 10:25:49 ----D---- C:\WINDOWS\network diagnostic
2010-06-20 09:53:13 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-20 09:53:12 ----D---- C:\WINDOWS\system32\XPSViewer
2010-06-20 09:49:36 ----D---- C:\Program Files
2010-06-20 09:49:30 ----D---- C:\WINDOWS\Fonts
2010-06-20 09:47:19 ----D---- C:\WINDOWS\system32\mui
2010-06-10 00:01:45 ----DC---- C:\WINDOWS\system32\dllcache
2010-06-10 00:01:23 ----D---- C:\WINDOWS\$hf_mig$
2010-06-10 00:00:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-06-09 23:58:20 ----D---- C:\Program Files\Internet Explorer
2010-06-09 23:57:58 ----D---- C:\WINDOWS\ie8updates
2010-06-09 23:54:18 ----D---- C:\WINDOWS\Debug
2010-06-06 20:29:13 ----D---- C:\Documents and Settings\Reczek\Data aplikací\Canon
2010-06-05 18:45:32 ----D---- C:\Documents and Settings\Reczek\Data aplikací\Media Player Classic
2010-06-05 18:43:59 ----D---- C:\Program Files\CCleaner
2010-06-05 08:07:05 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-04 13:07:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-04-30 7582]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-10-07 80576]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\PStrip.sys [2004-11-09 21968]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-02-01 20096]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-07 11860]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NeroCd2k;NeroCd2k; C:\WINDOWS\system32\drivers\NeroCd2k.sys [2005-09-19 15584]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-10-11 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 NvNdis;NVIDIA NDIS IO Control Driver; \??\C:\WINDOWS\system32\Drivers\NvNdis.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys []
S3 azg4x2c9;azg4x2c9; C:\WINDOWS\system32\drivers\azg4x2c9.sys []
S3 BRIDGE;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-04-06 23000]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CA561;WEB-i; C:\WINDOWS\System32\Drivers\SPCA561.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 genmcmn;Genius NetScroll Optical Mouse Driver; C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2002-05-17 6656]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-04 25280]
S3 hSONYPVh;hSONYPVh; \??\C:\DOCUME~1\Reczek\LOCALS~1\Temp\hSONYPVh.sys []
S3 M1000Srv;M5603C USB2.0 Camera Driver; C:\WINDOWS\System32\Drivers\M1000KNT.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2005-04-07 11736]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2003-12-23 174464]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 71360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-10 131139]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-02 570880]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-08 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-27 75064]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
S4 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Tak tu je:
ComboFix 10-06-19.04 - Reczek 20.06.2010 20:30:31.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.673 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reczek\Plocha\Správa počítače\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.
2010-06-20 18:01 . 2008-04-14 03:22 390144 ----a-w- c:\windows\system32\CF12619.exe
2010-06-20 10:42 . 2010-06-20 10:44 -------- d-----w- C:\rsit
2010-06-20 07:59 . 2010-06-20 07:59 -------- d-----w- c:\windows\system32\URTTEMP
2010-06-20 07:49 . 2010-06-20 07:49 -------- d-----w- c:\program files\MSBuild
2010-06-19 09:50 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-06-09 19:38 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 16:21 . 2010-05-28 16:21 -------- d-----w- c:\program files\Bohemia Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 10:44 . 2008-02-01 09:59 -------- d-----w- c:\program files\Trend Micro
2010-06-20 08:59 . 2004-08-18 12:00 78294 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 08:59 . 2004-08-18 12:00 429172 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 16:43 . 2006-08-11 08:54 -------- d-----w- c:\program files\CCleaner
2010-06-05 06:07 . 2009-10-11 16:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\QIP 2010
2010-05-06 20:59 . 2008-07-31 11:36 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-07-31 11:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-07-31 11:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-07-31 11:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-07-31 11:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-07-31 11:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-07-31 11:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-07-31 11:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2008-07-31 11:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-12-30 11:10 . 2004-12-30 11:10 11079 ---h--w- c:\program files\folder.htt
2005-09-25 10:09 . 2005-08-14 14:15 56 --sh--r- c:\windows\system32\656BFC94D6.sys
2005-09-25 10:09 . 2005-09-25 10:09 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2004-12-12 960512]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3330048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HD Tune.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HD Tune.lnk
backup=c:\windows\pss\HD Tune.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Reczek^Plocha^Nepoužívané odkazy plochy^DivX^HDDlife.lnk]
path=c:\documents and settings\Reczek\Plocha\Nepoužívané odkazy plochy\DivX\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2008-08-22 12:43 50520 ----a-w- c:\documents and settings\Reczek\Data aplikací\mjusbsp\cdloader2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-11-17 11:53 171464 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
2009-08-04 19:02 9147192 ----a-w- c:\program files\LowRateVoip\LowRateVoip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
2008-11-05 01:48 1770624 ----a-w- c:\program files\MobMapUpdater\MobMapUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-22 19:51 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-11-02 08:40 1783808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2006-06-06 08:07 40960 ----a-r- c:\program files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=2 (0x2)
"iPodService"=3 (0x3)
"BlueSoleil Hid Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Documents and Settings\\Reczek\\Data aplikací\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.7.2008 13:36 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.7.2008 13:36 19024]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [28.6.2005 12:26 8440]
R2 PStrip;PStrip;c:\windows\system32\drivers\PStrip.sys [9.11.2004 23:32 21968]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [14.1.2002 21:07 15584]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [27.7.2007 15:13 178913]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2006 23:05 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.txt=UltraEdit.txt
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnappau - c:\program files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\nbj.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-OpwareSE2 - c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 20:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1275210071-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1BE6C0818AAD6DC6701B0892EE497BB337953226DD606186173A93C71B00DC574F2F820D0D666E8A8BEABC6D542CC304C488D9D5F6D1BAAFB271D79A9A84EDD2D2D92DB1CE43D1AC770271BE6850667368D3936F6970F2949B4A1F2D7E7955C6EFAA94100BB8E0F185884EB4BC9B4D632027F6513E37B4D1941813286B122030D1B812BF9D4C29D3ED7D7B720B8A276A4A831E4928B5EE3BC87EDCA729929D3E8BF0024A8A98FA7E48AE26102CAA66D0A93FA79C78125556C2FB2EBD25D3E254131245AC76CAEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A2D97226D213B555C038D530D6EB34528EDD5E5BE2F6E667252E2C61FC6C48A4B668D785224BC64814F32A60E8F78F8882B1911527C338725B0D5B7927729BA0DF88ACABE37E73D8E149C7BB18F8CB3BB33DAAE19BF1C200F04DF1C208739AC40F9D1545C00B9A6EC6646BFBB5633A144047889D07732780A3D063836934173DDFF3C9C8ED6D6136DB9BB26A830E7461604E4F0259189703E561740A099D757A223DD6B496C882206D290ED339F1AC34FC3672CDF653D6DADFACC12317BD2F31D70F9A09D7E14DE3FC2CC10A00AFA36232473CC3B83DBD9F6AC0B9A438C2D1D6B9E14A4AC4A3A3773E27E6E4798A320853AB4B2B6913B82B14149F6586847E2BB293EC02E29B7B1B9A01E93A38E7C20265F3114DC9B2C61D21FC89408E79EAAB63E5DE3B2B7C5FCD2D020C6B41D45572A092D2F90EA0FE5906B961165040DF1D9DFD4F888C9A6CD447D962D612FC7BBFF35E2B835D0607076EE9684AC2193A89E965427C697156BAEC9AD56597B6DE94819407C055AC1C10B892AE44CDE7ECB9840A1031171DE2CB583B22FD3777395E9C53A88C83868E25779A9CEF4EB77B415C3C63C2DF61EC19F396580FC5595ACE509E26C46E2643B870CEEB3C1634FEF014313C528222E078E0E95D8C0F9C25DCD95DE7CC8C44B0819E612D9DE8AEA6640484EE8430EBC302F4586AE7D2231143ABDAAD8ACA3C647A31E4418B029BB2F4B7B0A3818EEAA99337670C1E42742A7EE8478769888E00640AD3DF818B9377C36D9954F4B7F0BD4DE30322AB87BA0ED26E355C581A5D3541C08793FEA854DF351C8353923B73BE166D7863133AC571C3461C65C8C7F2CCD71D42BB876D3E68F1E618428B990EFD96F6F9D6D76B089B1EB45930314CB92534A1288A24E257A2E4ACE21A9B4A7DE13BD81E5A069D1866EEAD29200E5AC2AB267D4286DE8746B23F7B58267DB524E4B420DF1E2A47B24308DA3068DC13C066BE987B8A484AD9D37497CC07713A88957A8D9D26D5D43433FE9A771520900DEDD58D26C5731203D13DF7F82EBD2AD2164215194D9E24214F30FDE7825F5DA16D072A743B78B5D48E95C7"
"OODEFRAG10.00.00.01WORKSTATION"="951A247356A9BDA1EDDE96649C4BCBAEF7AED2C08D2E9F54BF3BC835BD50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34522233A7E5E2DA99D819D70929E9B9EBAC6ED061B7CF4E7B48B810497BB58C59966943B991BCBC3EDAE87B0B400AE1AF3E09E9C7111F45FA643AAB4B6479837F8F1D1F33A30B33C15CDAD49F847A94D901D80645CF3DD2A6AAAB1F4A4677DB5B5FEADB798930BBD2F5CA71C29F5B173E9E07C80C00A7A49575A347CDAE264A692D772E88EF41347341067E0502FC1083BF307960F00B4D3520ADA7EFEE34E97C26597270480960F85C53528ADE678E241766871CB7CC3F438CC4E3DD1D81BAB6FD9CA6534B83E78DEAEAE38A2CD3016ED5AC82AB2C85D6D41F5D48DB90A11D13E93E6DE96FE3D5AD13F5CD53A5B23D06347E2092E8FD4F51BF5CC13EE7DED8DBA2328FFCF50E1A2C7F17D1434AA47BE26EC63863D0B7CB73DB9CE1F084359635E6DFF5EDDF1C072F5E6153CF5E02564DC46848C886E54FCD636BDD710A53E611F6A13030F35BD4B0635D5A80E753CFE4F8B6720072EE4641CB0B11D061203B3A9947F0C83BCD207D4507127132D94B9D537BF8DA40EF7C078CB17938B9B2E9CB98138FD58329E5B63D4DCAD44D05933CA17446BDE0B7A3AAA388B7DF83D82DB6C03D080560D58AD48B9478EC0BFCD1DD30D16821084A500C90AE9316F212A34163EE769928F2561F71363392829C196F55388D142E5EFC5ED8B6F4BD82924F8258489FEAF351F334B6FC363210F05BB467C10C378E5F86AA85256ACDEDC397E8765DEAE42275F105A4A9E24BD23E73C2C1FA5DBFAA6DAE4B2274A54E3742C5B31E336286D49A45598BEEBBF3ACF91B8745649EF6465C9AF04092FD6024DD88782EC5B3E1722DC3C83D7668D2C5CEF5BE55748EB9E833531E73626BB3BC1CF21F0F05349F25CEAAC2105CB6A4091B86FC589214795F2DC72D55398D104EB37B66A8D1D9FBDAD5188860AE15B9A5F1B428BB9CB73C39BA47C681E0244FE9147BDC6805BE44464B10AF8AF296F50E994EFB6DE3261B4B7E89EC1A18975FE5DA3268C068A1DBDCEB792272A1F453FA8D828562ACB0C2AC5025F2C39070445A5E41C128BC67BB58A99F1DFD250CDBE6FA662A92304B75BA3C1A80A5EFDB91A42530F596B395EC39AAB23319DE59311044721EF71B8F869581C7116C502D7366EEE7E50BF3D791BE4845C932228387FA80826D928FB9E0A09275F3CA405A280429B84407197BD97190501BBAB751A66D7A57F6E6A1AB8183194B4FF2C1FB8026F9D39C0EB2F40F99C2ACB4295B2F6BF3B0166CFCDBE9F9ACEE579720CA5164BBBACF4AAC43D90BC5D61B77F93C2CC4DBD4C5D65F381E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\OSCAR Editor\Win32Share.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2010-06-20 20:57:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-20 18:57
ComboFix2.txt 2008-07-10 18:49
ComboFix3.txt 2008-07-10 18:16
Před spuštěním: 5 628 387 328
Po spuštění: 5 729 972 224
- - End Of File - - 971B753A589B5190D3F7AC50939C16C6
ComboFix 10-06-19.04 - Reczek 20.06.2010 20:30:31.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.673 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reczek\Plocha\Správa počítače\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.
2010-06-20 18:01 . 2008-04-14 03:22 390144 ----a-w- c:\windows\system32\CF12619.exe
2010-06-20 10:42 . 2010-06-20 10:44 -------- d-----w- C:\rsit
2010-06-20 07:59 . 2010-06-20 07:59 -------- d-----w- c:\windows\system32\URTTEMP
2010-06-20 07:49 . 2010-06-20 07:49 -------- d-----w- c:\program files\MSBuild
2010-06-19 09:50 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-06-09 19:38 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 16:21 . 2010-05-28 16:21 -------- d-----w- c:\program files\Bohemia Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 10:44 . 2008-02-01 09:59 -------- d-----w- c:\program files\Trend Micro
2010-06-20 08:59 . 2004-08-18 12:00 78294 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 08:59 . 2004-08-18 12:00 429172 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 16:43 . 2006-08-11 08:54 -------- d-----w- c:\program files\CCleaner
2010-06-05 06:07 . 2009-10-11 16:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\QIP 2010
2010-05-06 20:59 . 2008-07-31 11:36 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-07-31 11:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-07-31 11:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-07-31 11:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-07-31 11:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-07-31 11:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-07-31 11:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-07-31 11:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2008-07-31 11:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-12-30 11:10 . 2004-12-30 11:10 11079 ---h--w- c:\program files\folder.htt
2005-09-25 10:09 . 2005-08-14 14:15 56 --sh--r- c:\windows\system32\656BFC94D6.sys
2005-09-25 10:09 . 2005-09-25 10:09 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2004-12-12 960512]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3330048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HD Tune.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HD Tune.lnk
backup=c:\windows\pss\HD Tune.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Reczek^Plocha^Nepoužívané odkazy plochy^DivX^HDDlife.lnk]
path=c:\documents and settings\Reczek\Plocha\Nepoužívané odkazy plochy\DivX\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2008-08-22 12:43 50520 ----a-w- c:\documents and settings\Reczek\Data aplikací\mjusbsp\cdloader2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-11-17 11:53 171464 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
2009-08-04 19:02 9147192 ----a-w- c:\program files\LowRateVoip\LowRateVoip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
2008-11-05 01:48 1770624 ----a-w- c:\program files\MobMapUpdater\MobMapUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-22 19:51 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-11-02 08:40 1783808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2006-06-06 08:07 40960 ----a-r- c:\program files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=2 (0x2)
"iPodService"=3 (0x3)
"BlueSoleil Hid Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Documents and Settings\\Reczek\\Data aplikací\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.7.2008 13:36 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.7.2008 13:36 19024]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [28.6.2005 12:26 8440]
R2 PStrip;PStrip;c:\windows\system32\drivers\PStrip.sys [9.11.2004 23:32 21968]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [14.1.2002 21:07 15584]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [27.7.2007 15:13 178913]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2006 23:05 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.txt=UltraEdit.txt
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnappau - c:\program files\MSN Apps\Updater\01.02.3000.1001\cs-cz\msnappau.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\nbj.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-OpwareSE2 - c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 20:45
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1275210071-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1BE6C0818AAD6DC6701B0892EE497BB337953226DD606186173A93C71B00DC574F2F820D0D666E8A8BEABC6D542CC304C488D9D5F6D1BAAFB271D79A9A84EDD2D2D92DB1CE43D1AC770271BE6850667368D3936F6970F2949B4A1F2D7E7955C6EFAA94100BB8E0F185884EB4BC9B4D632027F6513E37B4D1941813286B122030D1B812BF9D4C29D3ED7D7B720B8A276A4A831E4928B5EE3BC87EDCA729929D3E8BF0024A8A98FA7E48AE26102CAA66D0A93FA79C78125556C2FB2EBD25D3E254131245AC76CAEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A2D97226D213B555C038D530D6EB34528EDD5E5BE2F6E667252E2C61FC6C48A4B668D785224BC64814F32A60E8F78F8882B1911527C338725B0D5B7927729BA0DF88ACABE37E73D8E149C7BB18F8CB3BB33DAAE19BF1C200F04DF1C208739AC40F9D1545C00B9A6EC6646BFBB5633A144047889D07732780A3D063836934173DDFF3C9C8ED6D6136DB9BB26A830E7461604E4F0259189703E561740A099D757A223DD6B496C882206D290ED339F1AC34FC3672CDF653D6DADFACC12317BD2F31D70F9A09D7E14DE3FC2CC10A00AFA36232473CC3B83DBD9F6AC0B9A438C2D1D6B9E14A4AC4A3A3773E27E6E4798A320853AB4B2B6913B82B14149F6586847E2BB293EC02E29B7B1B9A01E93A38E7C20265F3114DC9B2C61D21FC89408E79EAAB63E5DE3B2B7C5FCD2D020C6B41D45572A092D2F90EA0FE5906B961165040DF1D9DFD4F888C9A6CD447D962D612FC7BBFF35E2B835D0607076EE9684AC2193A89E965427C697156BAEC9AD56597B6DE94819407C055AC1C10B892AE44CDE7ECB9840A1031171DE2CB583B22FD3777395E9C53A88C83868E25779A9CEF4EB77B415C3C63C2DF61EC19F396580FC5595ACE509E26C46E2643B870CEEB3C1634FEF014313C528222E078E0E95D8C0F9C25DCD95DE7CC8C44B0819E612D9DE8AEA6640484EE8430EBC302F4586AE7D2231143ABDAAD8ACA3C647A31E4418B029BB2F4B7B0A3818EEAA99337670C1E42742A7EE8478769888E00640AD3DF818B9377C36D9954F4B7F0BD4DE30322AB87BA0ED26E355C581A5D3541C08793FEA854DF351C8353923B73BE166D7863133AC571C3461C65C8C7F2CCD71D42BB876D3E68F1E618428B990EFD96F6F9D6D76B089B1EB45930314CB92534A1288A24E257A2E4ACE21A9B4A7DE13BD81E5A069D1866EEAD29200E5AC2AB267D4286DE8746B23F7B58267DB524E4B420DF1E2A47B24308DA3068DC13C066BE987B8A484AD9D37497CC07713A88957A8D9D26D5D43433FE9A771520900DEDD58D26C5731203D13DF7F82EBD2AD2164215194D9E24214F30FDE7825F5DA16D072A743B78B5D48E95C7"
"OODEFRAG10.00.00.01WORKSTATION"="951A247356A9BDA1EDDE96649C4BCBAEF7AED2C08D2E9F54BF3BC835BD50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34522233A7E5E2DA99D819D70929E9B9EBAC6ED061B7CF4E7B48B810497BB58C59966943B991BCBC3EDAE87B0B400AE1AF3E09E9C7111F45FA643AAB4B6479837F8F1D1F33A30B33C15CDAD49F847A94D901D80645CF3DD2A6AAAB1F4A4677DB5B5FEADB798930BBD2F5CA71C29F5B173E9E07C80C00A7A49575A347CDAE264A692D772E88EF41347341067E0502FC1083BF307960F00B4D3520ADA7EFEE34E97C26597270480960F85C53528ADE678E241766871CB7CC3F438CC4E3DD1D81BAB6FD9CA6534B83E78DEAEAE38A2CD3016ED5AC82AB2C85D6D41F5D48DB90A11D13E93E6DE96FE3D5AD13F5CD53A5B23D06347E2092E8FD4F51BF5CC13EE7DED8DBA2328FFCF50E1A2C7F17D1434AA47BE26EC63863D0B7CB73DB9CE1F084359635E6DFF5EDDF1C072F5E6153CF5E02564DC46848C886E54FCD636BDD710A53E611F6A13030F35BD4B0635D5A80E753CFE4F8B6720072EE4641CB0B11D061203B3A9947F0C83BCD207D4507127132D94B9D537BF8DA40EF7C078CB17938B9B2E9CB98138FD58329E5B63D4DCAD44D05933CA17446BDE0B7A3AAA388B7DF83D82DB6C03D080560D58AD48B9478EC0BFCD1DD30D16821084A500C90AE9316F212A34163EE769928F2561F71363392829C196F55388D142E5EFC5ED8B6F4BD82924F8258489FEAF351F334B6FC363210F05BB467C10C378E5F86AA85256ACDEDC397E8765DEAE42275F105A4A9E24BD23E73C2C1FA5DBFAA6DAE4B2274A54E3742C5B31E336286D49A45598BEEBBF3ACF91B8745649EF6465C9AF04092FD6024DD88782EC5B3E1722DC3C83D7668D2C5CEF5BE55748EB9E833531E73626BB3BC1CF21F0F05349F25CEAAC2105CB6A4091B86FC589214795F2DC72D55398D104EB37B66A8D1D9FBDAD5188860AE15B9A5F1B428BB9CB73C39BA47C681E0244FE9147BDC6805BE44464B10AF8AF296F50E994EFB6DE3261B4B7E89EC1A18975FE5DA3268C068A1DBDCEB792272A1F453FA8D828562ACB0C2AC5025F2C39070445A5E41C128BC67BB58A99F1DFD250CDBE6FA662A92304B75BA3C1A80A5EFDB91A42530F596B395EC39AAB23319DE59311044721EF71B8F869581C7116C502D7366EEE7E50BF3D791BE4845C932228387FA80826D928FB9E0A09275F3CA405A280429B84407197BD97190501BBAB751A66D7A57F6E6A1AB8183194B4FF2C1FB8026F9D39C0EB2F40F99C2ACB4295B2F6BF3B0166CFCDBE9F9ACEE579720CA5164BBBACF4AAC43D90BC5D61B77F93C2CC4DBD4C5D65F381E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\OSCAR Editor\Win32Share.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2010-06-20 20:57:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-20 18:57
ComboFix2.txt 2008-07-10 18:49
ComboFix3.txt 2008-07-10 18:16
Před spuštěním: 5 628 387 328
Po spuštění: 5 729 972 224
- - End Of File - - 971B753A589B5190D3F7AC50939C16C6
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\656BFC94D6.sys
c:\windows\system32\zwebauth.dll
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27f33750-2409-11de-a574-001485926b0d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d454b997-a1c1-11dd-a4b5-001485926b0d}]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Hotovo, vkládám nový log:
ComboFix 10-06-19.04 - Reczek 20.06.2010 21:32:35.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.592 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reczek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Reczek\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
file zipped: c:\windows\system32\656BFC94D6.sys
file zipped: c:\windows\system32\zwebauth.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\656BFC94D6.sys
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\UNWISE.EXE
c:\windows\system32\zwebauth.dll
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.
2010-06-20 18:01 . 2008-04-14 03:22 390144 ----a-w- c:\windows\system32\CF12619.exe
2010-06-20 10:42 . 2010-06-20 10:44 -------- d-----w- C:\rsit
2010-06-20 07:59 . 2010-06-20 07:59 -------- d-----w- c:\windows\system32\URTTEMP
2010-06-20 07:49 . 2010-06-20 07:49 -------- d-----w- c:\program files\MSBuild
2010-06-19 09:50 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-06-09 19:38 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 16:21 . 2010-05-28 16:21 -------- d-----w- c:\program files\Bohemia Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 10:44 . 2008-02-01 09:59 -------- d-----w- c:\program files\Trend Micro
2010-06-20 08:59 . 2004-08-18 12:00 78294 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 08:59 . 2004-08-18 12:00 429172 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 16:43 . 2006-08-11 08:54 -------- d-----w- c:\program files\CCleaner
2010-06-05 06:07 . 2009-10-11 16:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\QIP 2010
2010-05-07 05:29 . 2008-10-02 07:31 33828018 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-05-06 20:59 . 2008-07-31 11:36 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-07-31 11:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-07-31 11:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-07-31 11:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-07-31 11:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-07-31 11:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-07-31 11:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-07-31 11:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2008-07-31 11:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-12-30 11:10 . 2004-12-30 11:10 11079 ---h--w- c:\program files\folder.htt
2005-09-25 10:09 . 2005-09-25 10:09 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2004-12-12 960512]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3330048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HD Tune.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HD Tune.lnk
backup=c:\windows\pss\HD Tune.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Reczek^Plocha^Nepoužívané odkazy plochy^DivX^HDDlife.lnk]
path=c:\documents and settings\Reczek\Plocha\Nepoužívané odkazy plochy\DivX\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2008-08-22 12:43 50520 ----a-w- c:\documents and settings\Reczek\Data aplikací\mjusbsp\cdloader2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-11-17 11:53 171464 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
2009-08-04 19:02 9147192 ----a-w- c:\program files\LowRateVoip\LowRateVoip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
2008-11-05 01:48 1770624 ----a-w- c:\program files\MobMapUpdater\MobMapUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-22 19:51 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-11-02 08:40 1783808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2006-06-06 08:07 40960 ----a-r- c:\program files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=2 (0x2)
"iPodService"=3 (0x3)
"BlueSoleil Hid Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Documents and Settings\\Reczek\\Data aplikací\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.7.2008 13:36 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.7.2008 13:36 19024]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [28.6.2005 12:26 8440]
R2 PStrip;PStrip;c:\windows\system32\drivers\PStrip.sys [9.11.2004 23:32 21968]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [14.1.2002 21:07 15584]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [27.7.2007 15:13 178913]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2006 23:05 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 22:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1275210071-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1BE6C0818AAD6DC6701B0892EE497BB337953226DD606186173A93C71B00DC574F2F820D0D666E8A8BEABC6D542CC304C488D9D5F6D1BAAFB271D79A9A84EDD2D2D92DB1CE43D1AC770271BE6850667368D3936F6970F2949B4A1F2D7E7955C6EFAA94100BB8E0F185884EB4BC9B4D632027F6513E37B4D1941813286B122030D1B812BF9D4C29D3ED7D7B720B8A276A4A831E4928B5EE3BC87EDCA729929D3E8BF0024A8A98FA7E48AE26102CAA66D0A93FA79C78125556C2FB2EBD25D3E254131245AC76CAEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A2D97226D213B555C038D530D6EB34528EDD5E5BE2F6E667252E2C61FC6C48A4B668D785224BC64814F32A60E8F78F8882B1911527C338725B0D5B7927729BA0DF88ACABE37E73D8E149C7BB18F8CB3BB33DAAE19BF1C200F04DF1C208739AC40F9D1545C00B9A6EC6646BFBB5633A144047889D07732780A3D063836934173DDFF3C9C8ED6D6136DB9BB26A830E7461604E4F0259189703E561740A099D757A223DD6B496C882206D290ED339F1AC34FC3672CDF653D6DADFACC12317BD2F31D70F9A09D7E14DE3FC2CC10A00AFA36232473CC3B83DBD9F6AC0B9A438C2D1D6B9E14A4AC4A3A3773E27E6E4798A320853AB4B2B6913B82B14149F6586847E2BB293EC02E29B7B1B9A01E93A38E7C20265F3114DC9B2C61D21FC89408E79EAAB63E5DE3B2B7C5FCD2D020C6B41D45572A092D2F90EA0FE5906B961165040DF1D9DFD4F888C9A6CD447D962D612FC7BBFF35E2B835D0607076EE9684AC2193A89E965427C697156BAEC9AD56597B6DE94819407C055AC1C10B892AE44CDE7ECB9840A1031171DE2CB583B22FD3777395E9C53A88C83868E25779A9CEF4EB77B415C3C63C2DF61EC19F396580FC5595ACE509E26C46E2643B870CEEB3C1634FEF014313C528222E078E0E95D8C0F9C25DCD95DE7CC8C44B0819E612D9DE8AEA6640484EE8430EBC302F4586AE7D2231143ABDAAD8ACA3C647A31E4418B029BB2F4B7B0A3818EEAA99337670C1E42742A7EE8478769888E00640AD3DF818B9377C36D9954F4B7F0BD4DE30322AB87BA0ED26E355C581A5D3541C08793FEA854DF351C8353923B73BE166D7863133AC571C3461C65C8C7F2CCD71D42BB876D3E68F1E618428B990EFD96F6F9D6D76B089B1EB45930314CB92534A1288A24E257A2E4ACE21A9B4A7DE13BD81E5A069D1866EEAD29200E5AC2AB267D4286DE8746B23F7B58267DB524E4B420DF1E2A47B24308DA3068DC13C066BE987B8A484AD9D37497CC07713A88957A8D9D26D5D43433FE9A771520900DEDD58D26C5731203D13DF7F82EBD2AD2164215194D9E24214F30FDE7825F5DA16D072A743B78B5D48E95C7"
"OODEFRAG10.00.00.01WORKSTATION"="951A247356A9BDA1EDDE96649C4BCBAEF7AED2C08D2E9F54BF3BC835BD50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34522233A7E5E2DA99D819D70929E9B9EBAC6ED061B7CF4E7B48B810497BB58C59966943B991BCBC3EDAE87B0B400AE1AF3E09E9C7111F45FA643AAB4B6479837F8F1D1F33A30B33C15CDAD49F847A94D901D80645CF3DD2A6AAAB1F4A4677DB5B5FEADB798930BBD2F5CA71C29F5B173E9E07C80C00A7A49575A347CDAE264A692D772E88EF41347341067E0502FC1083BF307960F00B4D3520ADA7EFEE34E97C26597270480960F85C53528ADE678E241766871CB7CC3F438CC4E3DD1D81BAB6FD9CA6534B83E78DEAEAE38A2CD3016ED5AC82AB2C85D6D41F5D48DB90A11D13E93E6DE96FE3D5AD13F5CD53A5B23D06347E2092E8FD4F51BF5CC13EE7DED8DBA2328FFCF50E1A2C7F17D1434AA47BE26EC63863D0B7CB73DB9CE1F084359635E6DFF5EDDF1C072F5E6153CF5E02564DC46848C886E54FCD636BDD710A53E611F6A13030F35BD4B0635D5A80E753CFE4F8B6720072EE4641CB0B11D061203B3A9947F0C83BCD207D4507127132D94B9D537BF8DA40EF7C078CB17938B9B2E9CB98138FD58329E5B63D4DCAD44D05933CA17446BDE0B7A3AAA388B7DF83D82DB6C03D080560D58AD48B9478EC0BFCD1DD30D16821084A500C90AE9316F212A34163EE769928F2561F71363392829C196F55388D142E5EFC5ED8B6F4BD82924F8258489FEAF351F334B6FC363210F05BB467C10C378E5F86AA85256ACDEDC397E8765DEAE42275F105A4A9E24BD23E73C2C1FA5DBFAA6DAE4B2274A54E3742C5B31E336286D49A45598BEEBBF3ACF91B8745649EF6465C9AF04092FD6024DD88782EC5B3E1722DC3C83D7668D2C5CEF5BE55748EB9E833531E73626BB3BC1CF21F0F05349F25CEAAC2105CB6A4091B86FC589214795F2DC72D55398D104EB37B66A8D1D9FBDAD5188860AE15B9A5F1B428BB9CB73C39BA47C681E0244FE9147BDC6805BE44464B10AF8AF296F50E994EFB6DE3261B4B7E89EC1A18975FE5DA3268C068A1DBDCEB792272A1F453FA8D828562ACB0C2AC5025F2C39070445A5E41C128BC67BB58A99F1DFD250CDBE6FA662A92304B75BA3C1A80A5EFDB91A42530F596B395EC39AAB23319DE59311044721EF71B8F869581C7116C502D7366EEE7E50BF3D791BE4845C932228387FA80826D928FB9E0A09275F3CA405A280429B84407197BD97190501BBAB751A66D7A57F6E6A1AB8183194B4FF2C1FB8026F9D39C0EB2F40F99C2ACB4295B2F6BF3B0166CFCDBE9F9ACEE579720CA5164BBBACF4AAC43D90BC5D61B77F93C2CC4DBD4C5D65F381E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\OSCAR Editor\Win32Share.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2010-06-20 22:22:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-20 20:22
ComboFix2.txt 2010-06-20 18:57
ComboFix3.txt 2008-07-10 18:49
ComboFix4.txt 2008-07-10 18:16
Před spuštěním: 5 701 513 216
Po spuštění: 5 663 690 752
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - FCF9A1E9FF089722543C3BFB2DFD8C7C
ComboFix 10-06-19.04 - Reczek 20.06.2010 21:32:35.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.592 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reczek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Reczek\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
file zipped: c:\windows\system32\656BFC94D6.sys
file zipped: c:\windows\system32\zwebauth.dll
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\656BFC94D6.sys
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\UNWISE.EXE
c:\windows\system32\zwebauth.dll
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.
2010-06-20 18:01 . 2008-04-14 03:22 390144 ----a-w- c:\windows\system32\CF12619.exe
2010-06-20 10:42 . 2010-06-20 10:44 -------- d-----w- C:\rsit
2010-06-20 07:59 . 2010-06-20 07:59 -------- d-----w- c:\windows\system32\URTTEMP
2010-06-20 07:49 . 2010-06-20 07:49 -------- d-----w- c:\program files\MSBuild
2010-06-19 09:50 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-06-09 19:38 . 2010-05-06 10:35 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 16:21 . 2010-05-28 16:21 -------- d-----w- c:\program files\Bohemia Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 10:44 . 2008-02-01 09:59 -------- d-----w- c:\program files\Trend Micro
2010-06-20 08:59 . 2004-08-18 12:00 78294 ----a-w- c:\windows\system32\perfc005.dat
2010-06-20 08:59 . 2004-08-18 12:00 429172 ----a-w- c:\windows\system32\perfh005.dat
2010-06-05 16:43 . 2006-08-11 08:54 -------- d-----w- c:\program files\CCleaner
2010-06-05 06:07 . 2009-10-11 16:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\QIP 2010
2010-05-07 05:29 . 2008-10-02 07:31 33828018 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-05-06 20:59 . 2008-07-31 11:36 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-07-31 11:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-07-31 11:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-07-31 11:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-07-31 11:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-07-31 11:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-07-31 11:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-07-31 11:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2004-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 16:47 . 2008-07-31 11:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2004-12-30 11:10 . 2004-12-30 11:10 11079 ---h--w- c:\program files\folder.htt
2005-09-25 10:09 . 2005-09-25 10:09 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2004-12-12 960512]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-06-16 3330048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HD Tune.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HD Tune.lnk
backup=c:\windows\pss\HD Tune.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Reczek^Plocha^Nepoužívané odkazy plochy^DivX^HDDlife.lnk]
path=c:\documents and settings\Reczek\Plocha\Nepoužívané odkazy plochy\DivX\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2008-08-22 12:43 50520 ----a-w- c:\documents and settings\Reczek\Data aplikací\mjusbsp\cdloader2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-11-17 11:53 171464 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]
2009-08-04 19:02 9147192 ----a-w- c:\program files\LowRateVoip\LowRateVoip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
2008-11-05 01:48 1770624 ----a-w- c:\program files\MobMapUpdater\MobMapUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-22 19:51 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-11-02 08:40 1783808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2006-06-06 08:07 40960 ----a-r- c:\program files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=2 (0x2)
"iPodService"=3 (0x3)
"BlueSoleil Hid Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Codemasters\\Colin McRae Rally 04\\cmr4.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"c:\\Documents and Settings\\Reczek\\Data aplikací\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.7.2008 13:36 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.7.2008 13:36 19024]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [28.6.2005 12:26 8440]
R2 PStrip;PStrip;c:\windows\system32\drivers\PStrip.sys [9.11.2004 23:32 21968]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [14.1.2002 21:07 15584]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [27.7.2007 15:13 178913]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys --> c:\windows\system32\Drivers\M1000KNT.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2006 23:05 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Reczek\Data aplikací\Mozilla\Firefox\Profiles\8genlgog.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 22:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1275210071-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1BE6C0818AAD6DC6701B0892EE497BB337953226DD606186173A93C71B00DC574F2F820D0D666E8A8BEABC6D542CC304C488D9D5F6D1BAAFB271D79A9A84EDD2D2D92DB1CE43D1AC770271BE6850667368D3936F6970F2949B4A1F2D7E7955C6EFAA94100BB8E0F185884EB4BC9B4D632027F6513E37B4D1941813286B122030D1B812BF9D4C29D3ED7D7B720B8A276A4A831E4928B5EE3BC87EDCA729929D3E8BF0024A8A98FA7E48AE26102CAA66D0A93FA79C78125556C2FB2EBD25D3E254131245AC76CAEBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A2D97226D213B555C038D530D6EB34528EDD5E5BE2F6E667252E2C61FC6C48A4B668D785224BC64814F32A60E8F78F8882B1911527C338725B0D5B7927729BA0DF88ACABE37E73D8E149C7BB18F8CB3BB33DAAE19BF1C200F04DF1C208739AC40F9D1545C00B9A6EC6646BFBB5633A144047889D07732780A3D063836934173DDFF3C9C8ED6D6136DB9BB26A830E7461604E4F0259189703E561740A099D757A223DD6B496C882206D290ED339F1AC34FC3672CDF653D6DADFACC12317BD2F31D70F9A09D7E14DE3FC2CC10A00AFA36232473CC3B83DBD9F6AC0B9A438C2D1D6B9E14A4AC4A3A3773E27E6E4798A320853AB4B2B6913B82B14149F6586847E2BB293EC02E29B7B1B9A01E93A38E7C20265F3114DC9B2C61D21FC89408E79EAAB63E5DE3B2B7C5FCD2D020C6B41D45572A092D2F90EA0FE5906B961165040DF1D9DFD4F888C9A6CD447D962D612FC7BBFF35E2B835D0607076EE9684AC2193A89E965427C697156BAEC9AD56597B6DE94819407C055AC1C10B892AE44CDE7ECB9840A1031171DE2CB583B22FD3777395E9C53A88C83868E25779A9CEF4EB77B415C3C63C2DF61EC19F396580FC5595ACE509E26C46E2643B870CEEB3C1634FEF014313C528222E078E0E95D8C0F9C25DCD95DE7CC8C44B0819E612D9DE8AEA6640484EE8430EBC302F4586AE7D2231143ABDAAD8ACA3C647A31E4418B029BB2F4B7B0A3818EEAA99337670C1E42742A7EE8478769888E00640AD3DF818B9377C36D9954F4B7F0BD4DE30322AB87BA0ED26E355C581A5D3541C08793FEA854DF351C8353923B73BE166D7863133AC571C3461C65C8C7F2CCD71D42BB876D3E68F1E618428B990EFD96F6F9D6D76B089B1EB45930314CB92534A1288A24E257A2E4ACE21A9B4A7DE13BD81E5A069D1866EEAD29200E5AC2AB267D4286DE8746B23F7B58267DB524E4B420DF1E2A47B24308DA3068DC13C066BE987B8A484AD9D37497CC07713A88957A8D9D26D5D43433FE9A771520900DEDD58D26C5731203D13DF7F82EBD2AD2164215194D9E24214F30FDE7825F5DA16D072A743B78B5D48E95C7"
"OODEFRAG10.00.00.01WORKSTATION"="951A247356A9BDA1EDDE96649C4BCBAEF7AED2C08D2E9F54BF3BC835BD50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34522233A7E5E2DA99D819D70929E9B9EBAC6ED061B7CF4E7B48B810497BB58C59966943B991BCBC3EDAE87B0B400AE1AF3E09E9C7111F45FA643AAB4B6479837F8F1D1F33A30B33C15CDAD49F847A94D901D80645CF3DD2A6AAAB1F4A4677DB5B5FEADB798930BBD2F5CA71C29F5B173E9E07C80C00A7A49575A347CDAE264A692D772E88EF41347341067E0502FC1083BF307960F00B4D3520ADA7EFEE34E97C26597270480960F85C53528ADE678E241766871CB7CC3F438CC4E3DD1D81BAB6FD9CA6534B83E78DEAEAE38A2CD3016ED5AC82AB2C85D6D41F5D48DB90A11D13E93E6DE96FE3D5AD13F5CD53A5B23D06347E2092E8FD4F51BF5CC13EE7DED8DBA2328FFCF50E1A2C7F17D1434AA47BE26EC63863D0B7CB73DB9CE1F084359635E6DFF5EDDF1C072F5E6153CF5E02564DC46848C886E54FCD636BDD710A53E611F6A13030F35BD4B0635D5A80E753CFE4F8B6720072EE4641CB0B11D061203B3A9947F0C83BCD207D4507127132D94B9D537BF8DA40EF7C078CB17938B9B2E9CB98138FD58329E5B63D4DCAD44D05933CA17446BDE0B7A3AAA388B7DF83D82DB6C03D080560D58AD48B9478EC0BFCD1DD30D16821084A500C90AE9316F212A34163EE769928F2561F71363392829C196F55388D142E5EFC5ED8B6F4BD82924F8258489FEAF351F334B6FC363210F05BB467C10C378E5F86AA85256ACDEDC397E8765DEAE42275F105A4A9E24BD23E73C2C1FA5DBFAA6DAE4B2274A54E3742C5B31E336286D49A45598BEEBBF3ACF91B8745649EF6465C9AF04092FD6024DD88782EC5B3E1722DC3C83D7668D2C5CEF5BE55748EB9E833531E73626BB3BC1CF21F0F05349F25CEAAC2105CB6A4091B86FC589214795F2DC72D55398D104EB37B66A8D1D9FBDAD5188860AE15B9A5F1B428BB9CB73C39BA47C681E0244FE9147BDC6805BE44464B10AF8AF296F50E994EFB6DE3261B4B7E89EC1A18975FE5DA3268C068A1DBDCEB792272A1F453FA8D828562ACB0C2AC5025F2C39070445A5E41C128BC67BB58A99F1DFD250CDBE6FA662A92304B75BA3C1A80A5EFDB91A42530F596B395EC39AAB23319DE59311044721EF71B8F869581C7116C502D7366EEE7E50BF3D791BE4845C932228387FA80826D928FB9E0A09275F3CA405A280429B84407197BD97190501BBAB751A66D7A57F6E6A1AB8183194B4FF2C1FB8026F9D39C0EB2F40F99C2ACB4295B2F6BF3B0166CFCDBE9F9ACEE579720CA5164BBBACF4AAC43D90BC5D61B77F93C2CC4DBD4C5D65F381E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\program files\OSCAR Editor\Win32Share.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2010-06-20 22:22:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-20 20:22
ComboFix2.txt 2010-06-20 18:57
ComboFix3.txt 2008-07-10 18:49
ComboFix4.txt 2008-07-10 18:16
Před spuštěním: 5 701 513 216
Po spuštění: 5 663 690 752
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - FCF9A1E9FF089722543C3BFB2DFD8C7C
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Děkuji moc za pomoc, aktualizace už teď šly nainstalovat bez problémů 
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?