Spomalené pc,kouše se prohlížeč
diky moc
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:33:15, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60343
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60343
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpyMng] C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe autorun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VPRWCHMGOZTSZZNEL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe
--
End of file - 8927 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 . Je podrobnější, než HijackThis.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
Logfile of random's system information tool 1.08 (written by random/random)
Run by fraňour at 2010-09-16 20:40:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 29 GB
Total RAM: 1022 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:30, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\fraňour.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60343
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60343
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpyMng] C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe autorun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VPRWCHMGOZTSZZNEL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe
--
End of file - 8977 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-07 1619296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SpyMng"=C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe [2007-07-27 66560]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-07 2065760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-05-15 322352]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
C:\Documents and Settings\fraňour\Nabídka Start\Programy\Po spuštění
Vesmír na dlani.lnk - C:\Program Files\Noční obloha\vesmir.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-09-07 12536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-25 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\dc strong\StrongDC.exe"="C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\dc strong\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\fraňour\Plocha\ptoka x\PtokaX.exe"="C:\Documents and Settings\fraňour\Plocha\ptoka x\PtokaX.exe:*:Enabled:Direct Connect hub server"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-09-16 20:40:07 ----D---- C:\rsit
2010-09-16 20:40:07 ----D---- C:\Program Files\trend micro
2010-09-16 20:04:23 ----D---- C:\Documents and Settings\fraňour\Data aplikací\DonationCoder
2010-09-16 20:03:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\DonationCoder
2010-09-16 20:03:51 ----D---- C:\Program Files\ScreenshotCaptor
2010-09-16 16:09:05 ----D---- C:\WINDOWS\LastGood
2010-09-15 21:11:26 ----D---- C:\Program Files\DesignSoft
2010-09-14 20:27:06 ----A---- C:\WINDOWS\system32\cmd.execf
2010-09-14 20:26:58 ----D---- C:\32788R22FWJFW
2010-09-13 20:11:13 ----D---- C:\Program Files\TrendMicro
2010-09-07 21:58:59 ----D---- C:\Documents and Settings\fraňour\Data aplikací\AVG9
2010-09-07 20:57:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-09-07 20:40:16 ----HD---- C:\$AVG
2010-09-07 20:39:34 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-09-07 20:39:09 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-09-07 20:38:33 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
2010-09-07 20:38:33 ----A---- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
2010-09-07 20:38:28 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-09-07 20:38:25 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-09-07 20:37:42 ----A---- C:\WINDOWS\system32\drivers\avgfwdx.sys
2010-09-07 20:37:42 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-09-07 20:37:33 ----D---- C:\Program Files\AVG
2010-09-07 20:37:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-09-06 19:14:29 ----D---- C:\Program Files\Media Show Pro
2010-08-31 20:53:03 ----D---- C:\Program Files\rajce
2010-08-28 12:19:00 ----D---- C:\Capitalism II
2010-08-28 12:10:20 ----D---- C:\Program Files\Alcohol Soft
2010-08-28 11:17:09 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maw800u.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maw800m.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maw800c.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\mavcomm.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maumss.sys
2010-08-24 22:34:02 ----A---- C:\WINDOWS\system32\drivers\MaVctrl.sys
2010-08-24 22:34:02 ----A---- C:\WINDOWS\system32\drivers\MaVc2K.sys
2010-08-24 22:34:01 ----A---- C:\WINDOWS\system32\drivers\mardpnp.sys
2010-08-24 22:34:01 ----A---- C:\WINDOWS\system32\drivers\mardp2k.sys
2010-08-24 22:26:55 ----D---- C:\WINDOWS\Application Data
2010-08-24 21:51:27 ----D---- C:\Program Files\Microsoft Windows Script
2010-08-24 21:50:44 ----D---- C:\Program Files\Fma 2
2010-08-24 21:50:44 ----D---- C:\Documents and Settings\fraňour\Data aplikací\FMA
2010-08-24 21:50:02 ----D---- C:\Program Files\Sony Ericsson
2010-08-24 21:33:57 ----D---- C:\Documents and Settings\fraňour\Data aplikací\Carambis
======List of files/folders modified in the last 1 months======
2010-09-16 20:40:28 ----D---- C:\WINDOWS\Temp
2010-09-16 20:40:15 ----D---- C:\WINDOWS\Prefetch
2010-09-16 20:40:07 ----RD---- C:\Program Files
2010-09-16 20:26:29 ----D---- C:\Documents and Settings\fraňour\Data aplikací\Skype
2010-09-16 20:04:23 ----D---- C:\WINDOWS\system32
2010-09-16 20:01:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-16 19:09:54 ----D---- C:\Documents and Settings\fraňour\Data aplikací\vlc
2010-09-16 19:09:52 ----D---- C:\Program Files\Mozilla Firefox
2010-09-16 17:20:37 ----D---- C:\Documents and Settings\fraňour\Data aplikací\dvdcss
2010-09-16 16:11:13 ----HD---- C:\WINDOWS\inf
2010-09-16 16:09:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-16 16:09:54 ----D---- C:\WINDOWS
2010-09-16 16:05:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-16 16:04:14 ----A---- C:\WINDOWS\system32\mswrcrt.dll
2010-09-15 23:53:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-15 23:38:37 ----D---- C:\Documents and Settings\fraňour\Data aplikací\uTorrent
2010-09-15 16:00:35 ----D---- C:\Documents and Settings\fraňour\Data aplikací\skypePM
2010-09-15 01:27:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-14 20:45:26 ----SD---- C:\Documents and Settings\fraňour\Data aplikací\Microsoft
2010-09-14 20:36:41 ----SHD---- C:\WINDOWS\Installer
2010-09-13 20:06:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-13 20:06:49 ----D---- C:\Program Files\Common Files
2010-09-13 20:06:40 ----D---- C:\WINDOWS\system32\drivers
2010-09-07 23:57:21 ----D---- C:\Program Files\Guitar Pro 6
2010-09-06 16:09:42 ----D---- C:\Documents and Settings\fraňour\Data aplikací\esmska
2010-08-30 19:44:03 ----D---- C:\Program Files\Common Files\DivX Shared
2010-08-30 19:43:38 ----D---- C:\Program Files\DivX
2010-08-28 12:13:55 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-28 11:47:05 ----D---- C:\WINDOWS\Minidump
2010-08-24 22:28:15 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 21:35:19 ----D---- C:\Program Files\Carambis
2010-08-24 20:44:32 ----D---- C:\Program Files\Esmska
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-09-07 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-09-07 52872]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-28 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-09-07 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-09-07 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-09-07 243024]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 SpyMng;SpyMng; \??\C:\WINDOWS\system32\Drivers\SpyMng.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-09-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 at5t17mn;at5t17mn; C:\WINDOWS\system32\drivers\at5t17mn.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-09-07 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 maw800c;maw800c; C:\WINDOWS\System32\Drivers\maw800c.sys [2005-06-16 24784]
S3 maw800m;maw800m; C:\WINDOWS\System32\Drivers\maw800m.sys [2005-06-16 25044]
S3 maw800u;maw800u; C:\WINDOWS\System32\Drivers\maw800u.sys [2005-06-24 51797]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-07 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-09-07 2331032]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-07 5897808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 VPRWCHMGOZTSZZNEL;VPRWCHMGOZTSZZNEL; C:\DOCUME~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe [2010-06-20 400256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
diky
Run by fraňour at 2010-09-16 20:40:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 29 GB
Total RAM: 1022 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:30, on 16.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\fraňour.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60343
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60343
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SpyMng] C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe autorun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{250AF668-812B-400C-BF0D-86FE88E18075}: NameServer = 192.168.2.1,0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VPRWCHMGOZTSZZNEL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe
--
End of file - 8977 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-07 1619296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SpyMng"=C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe [2007-07-27 66560]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-07 2065760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-05-15 322352]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
C:\Documents and Settings\fraňour\Nabídka Start\Programy\Po spuštění
Vesmír na dlani.lnk - C:\Program Files\Noční obloha\vesmir.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-09-07 12536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-25 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\dc strong\StrongDC.exe"="C:\Documents and Settings\fraňour\Dokumenty\Stažené soubory\dc strong\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\fraňour\Plocha\ptoka x\PtokaX.exe"="C:\Documents and Settings\fraňour\Plocha\ptoka x\PtokaX.exe:*:Enabled:Direct Connect hub server"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-09-16 20:40:07 ----D---- C:\rsit
2010-09-16 20:40:07 ----D---- C:\Program Files\trend micro
2010-09-16 20:04:23 ----D---- C:\Documents and Settings\fraňour\Data aplikací\DonationCoder
2010-09-16 20:03:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\DonationCoder
2010-09-16 20:03:51 ----D---- C:\Program Files\ScreenshotCaptor
2010-09-16 16:09:05 ----D---- C:\WINDOWS\LastGood
2010-09-15 21:11:26 ----D---- C:\Program Files\DesignSoft
2010-09-14 20:27:06 ----A---- C:\WINDOWS\system32\cmd.execf
2010-09-14 20:26:58 ----D---- C:\32788R22FWJFW
2010-09-13 20:11:13 ----D---- C:\Program Files\TrendMicro
2010-09-07 21:58:59 ----D---- C:\Documents and Settings\fraňour\Data aplikací\AVG9
2010-09-07 20:57:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-09-07 20:40:16 ----HD---- C:\$AVG
2010-09-07 20:39:34 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-09-07 20:39:09 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-09-07 20:38:33 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys
2010-09-07 20:38:33 ----A---- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
2010-09-07 20:38:28 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-09-07 20:38:25 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-09-07 20:37:42 ----A---- C:\WINDOWS\system32\drivers\avgfwdx.sys
2010-09-07 20:37:42 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-09-07 20:37:33 ----D---- C:\Program Files\AVG
2010-09-07 20:37:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-09-06 19:14:29 ----D---- C:\Program Files\Media Show Pro
2010-08-31 20:53:03 ----D---- C:\Program Files\rajce
2010-08-28 12:19:00 ----D---- C:\Capitalism II
2010-08-28 12:10:20 ----D---- C:\Program Files\Alcohol Soft
2010-08-28 11:17:09 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maw800u.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maw800m.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maw800c.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\mavcomm.sys
2010-08-24 22:34:19 ----A---- C:\WINDOWS\system32\drivers\maumss.sys
2010-08-24 22:34:02 ----A---- C:\WINDOWS\system32\drivers\MaVctrl.sys
2010-08-24 22:34:02 ----A---- C:\WINDOWS\system32\drivers\MaVc2K.sys
2010-08-24 22:34:01 ----A---- C:\WINDOWS\system32\drivers\mardpnp.sys
2010-08-24 22:34:01 ----A---- C:\WINDOWS\system32\drivers\mardp2k.sys
2010-08-24 22:26:55 ----D---- C:\WINDOWS\Application Data
2010-08-24 21:51:27 ----D---- C:\Program Files\Microsoft Windows Script
2010-08-24 21:50:44 ----D---- C:\Program Files\Fma 2
2010-08-24 21:50:44 ----D---- C:\Documents and Settings\fraňour\Data aplikací\FMA
2010-08-24 21:50:02 ----D---- C:\Program Files\Sony Ericsson
2010-08-24 21:33:57 ----D---- C:\Documents and Settings\fraňour\Data aplikací\Carambis
======List of files/folders modified in the last 1 months======
2010-09-16 20:40:28 ----D---- C:\WINDOWS\Temp
2010-09-16 20:40:15 ----D---- C:\WINDOWS\Prefetch
2010-09-16 20:40:07 ----RD---- C:\Program Files
2010-09-16 20:26:29 ----D---- C:\Documents and Settings\fraňour\Data aplikací\Skype
2010-09-16 20:04:23 ----D---- C:\WINDOWS\system32
2010-09-16 20:01:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-16 19:09:54 ----D---- C:\Documents and Settings\fraňour\Data aplikací\vlc
2010-09-16 19:09:52 ----D---- C:\Program Files\Mozilla Firefox
2010-09-16 17:20:37 ----D---- C:\Documents and Settings\fraňour\Data aplikací\dvdcss
2010-09-16 16:11:13 ----HD---- C:\WINDOWS\inf
2010-09-16 16:09:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-16 16:09:54 ----D---- C:\WINDOWS
2010-09-16 16:05:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-16 16:04:14 ----A---- C:\WINDOWS\system32\mswrcrt.dll
2010-09-15 23:53:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-15 23:38:37 ----D---- C:\Documents and Settings\fraňour\Data aplikací\uTorrent
2010-09-15 16:00:35 ----D---- C:\Documents and Settings\fraňour\Data aplikací\skypePM
2010-09-15 01:27:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-14 20:45:26 ----SD---- C:\Documents and Settings\fraňour\Data aplikací\Microsoft
2010-09-14 20:36:41 ----SHD---- C:\WINDOWS\Installer
2010-09-13 20:06:49 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-13 20:06:49 ----D---- C:\Program Files\Common Files
2010-09-13 20:06:40 ----D---- C:\WINDOWS\system32\drivers
2010-09-07 23:57:21 ----D---- C:\Program Files\Guitar Pro 6
2010-09-06 16:09:42 ----D---- C:\Documents and Settings\fraňour\Data aplikací\esmska
2010-08-30 19:44:03 ----D---- C:\Program Files\Common Files\DivX Shared
2010-08-30 19:43:38 ----D---- C:\Program Files\DivX
2010-08-28 12:13:55 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-28 11:47:05 ----D---- C:\WINDOWS\Minidump
2010-08-24 22:28:15 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-24 21:35:19 ----D---- C:\Program Files\Carambis
2010-08-24 20:44:32 ----D---- C:\Program Files\Esmska
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-09-07 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-09-07 52872]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-28 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-09-07 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-09-07 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-09-07 243024]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 SpyMng;SpyMng; \??\C:\WINDOWS\system32\Drivers\SpyMng.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-09-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 at5t17mn;at5t17mn; C:\WINDOWS\system32\drivers\at5t17mn.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-09-07 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 maw800c;maw800c; C:\WINDOWS\System32\Drivers\maw800c.sys [2005-06-16 24784]
S3 maw800m;maw800m; C:\WINDOWS\System32\Drivers\maw800m.sys [2005-06-16 25044]
S3 maw800u;maw800u; C:\WINDOWS\System32\Drivers\maw800u.sys [2005-06-24 51797]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-07 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-09-07 2331032]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-07 5897808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 VPRWCHMGOZTSZZNEL;VPRWCHMGOZTSZZNEL; C:\DOCUME~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe [2010-06-20 400256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
diky
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Je tam minimálně AdWare. Udělejte sken ComboFix a dejte log.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
combofix nelze spustit,jakmile ho pustim,chce to restart,po restartu nelze spustit a tak dokola
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Zkuste to v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
ani v nouzovem rezimu,uz jsem vypnul i avg pri startu,ale stale bezi,proste neznicitelne avg,co s tím,nejde udelat z neceho jineho ten log??
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
tak avpt tool,se mi kousne vzdy na 92 procentech,prosim o dalsi reseni,ted se mi i zaclo vypinat samo pc,dekuji
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Tak ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4791
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10.10.2010 21:57:50
mbam-log-2010-10-10 (21-57-50).txt
Typ skenu: Rychlý sken
Skenované objekty: 161562
Uplynulý čas: 17 minuta(y), 56 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
www.malwarebytes.org
Verze databáze: 4791
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10.10.2010 21:57:50
mbam-log-2010-10-10 (21-57-50).txt
Typ skenu: Rychlý sken
Skenované objekty: 161562
Uplynulý čas: 17 minuta(y), 56 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Vše smažte, co MBAM nalezl. Mimochodem, udělal jste rychlý sken, žádal jsem kompletní. Zkuste znovu ComboFix.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
tak se mi to podařilo spustit,ten kombofix,ale musel jsem odinstalovat avg 9,jinak ani prd,tady je log,diky
ComboFix 10-10-10.03 - fraňour 11.10.2010 17:31:16.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\fraňour\Plocha\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\system
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 15:13 . 2010-10-11 15:13 390144 ----a-w- c:\windows\system32\CF11791.exe
2010-10-11 14:31 . 2010-10-11 14:31 390144 ----a-w- c:\windows\system32\CF3552.exe
2010-10-10 18:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 18:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 19:34 . 2010-10-09 19:34 -------- d-----w- C:\totalcmd
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-09-28 08:04 . 2010-10-11 14:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\program files\Lavasoft
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-09-27 12:52 . 2010-09-28 07:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-19 10:17 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\93627462.sys
2010-09-19 10:17 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\9362746.sys
2010-09-19 10:17 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\93627461.sys
2010-09-19 10:02 . 2010-09-19 10:02 -------- d-----w- c:\program files\CleanUp!
2010-09-17 19:11 . 2010-09-17 19:11 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-09-17 19:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\32439992.sys
2010-09-17 19:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3243999.sys
2010-09-17 19:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\32439991.sys
2010-09-16 20:58 . 2010-09-16 20:56 390144 ----a-w- c:\windows\system32\CF4942.exe
2010-09-16 18:40 . 2010-09-16 18:41 -------- d-----w- C:\rsit
2010-09-16 18:40 . 2010-09-16 18:40 -------- d-----w- c:\program files\trend micro
2010-09-16 18:03 . 2010-09-16 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2010-09-16 18:03 . 2010-09-16 21:27 -------- d-----w- c:\program files\ScreenshotCaptor
2010-09-15 19:11 . 2010-09-15 19:11 -------- d-----w- c:\program files\DesignSoft
2010-09-13 18:11 . 2010-09-13 18:11 388096 ----a-r- c:\documents and settings\fraňour\Data aplikací\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-09-13 18:11 . 2010-09-13 18:11 -------- d-----w- c:\program files\TrendMicro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2010-05-16 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpyMng"="c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe" [2007-07-27 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-07 18:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fraňour^Nabídka Start^Programy^Po spuštění^Vesmír na dlani.lnk]
path=c:\documents and settings\fraňour\Nabídka Start\Programy\Po spuštění\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-09-30 18:55 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 12:04 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\fraňour\\Dokumenty\\Stažené soubory\\dc strong\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 32439992;32439992 Boot Guard Driver;c:\windows\system32\drivers\32439992.sys [17.9.2010 21:08 37392]
R0 93627462;93627462 Boot Guard Driver;c:\windows\system32\drivers\93627462.sys [19.9.2010 12:17 37392]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7.9.2010 20:38 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 20:38 52872]
R1 32439991;32439991;c:\windows\system32\drivers\32439991.sys [17.9.2010 21:08 128016]
R1 93627461;93627461;c:\windows\system32\drivers\93627461.sys [19.9.2010 12:17 128016]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 20:38 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 20:38 243024]
R1 setup_9.0.0.722_17.09.2010_22-24drv;setup_9.0.0.722_17.09.2010_22-24drv;c:\windows\system32\drivers\9362746.sys [19.9.2010 12:17 315408]
R1 SpyMng;SpyMng;c:\windows\system32\drivers\SpyMng.sys [14.6.2010 16:41 7552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2010 19:43 380928]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.9.2010 20:57 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.9.2010 20:56 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7.9.2010 20:38 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7.9.2010 20:38 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7.9.2010 20:38 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7.9.2010 20:56 5897808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
S3 maw800c;maw800c;c:\windows\system32\drivers\maw800c.sys [24.8.2010 22:34 24784]
S3 maw800m;maw800m;c:\windows\system32\drivers\maw800m.sys [24.8.2010 22:34 25044]
S3 maw800u;maw800u;c:\windows\system32\drivers\maw800u.sys [24.8.2010 22:34 51797]
S3 VPRWCHMGOZTSZZNEL;VPRWCHMGOZTSZZNEL;c:\docume~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe --> c:\docume~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 11:17 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-10-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {250AF668-812B-400C-BF0D-86FE88E18075} = 192.168.2.1,0.0.0.0
TCP: {69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7} = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://radiobar.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-11 17:48:32
ComboFix-quarantined-files.txt 2010-10-11 15:48
ComboFix2.txt 2010-06-18 20:27
ComboFix3.txt 2010-05-09 07:19
Před spuštěním: 7 704 178 688
Po spuštění: 8 579 653 632
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 5349489B21695708A3AE0EA5635336D5
ComboFix 10-10-10.03 - fraňour 11.10.2010 17:31:16.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\fraňour\Plocha\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\system
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 15:13 . 2010-10-11 15:13 390144 ----a-w- c:\windows\system32\CF11791.exe
2010-10-11 14:31 . 2010-10-11 14:31 390144 ----a-w- c:\windows\system32\CF3552.exe
2010-10-10 18:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 18:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 19:34 . 2010-10-09 19:34 -------- d-----w- C:\totalcmd
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-09-28 08:04 . 2010-10-11 14:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\program files\Lavasoft
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-09-27 12:52 . 2010-09-28 07:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-19 10:17 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\93627462.sys
2010-09-19 10:17 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\9362746.sys
2010-09-19 10:17 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\93627461.sys
2010-09-19 10:02 . 2010-09-19 10:02 -------- d-----w- c:\program files\CleanUp!
2010-09-17 19:11 . 2010-09-17 19:11 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-09-17 19:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\32439992.sys
2010-09-17 19:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3243999.sys
2010-09-17 19:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\32439991.sys
2010-09-16 20:58 . 2010-09-16 20:56 390144 ----a-w- c:\windows\system32\CF4942.exe
2010-09-16 18:40 . 2010-09-16 18:41 -------- d-----w- C:\rsit
2010-09-16 18:40 . 2010-09-16 18:40 -------- d-----w- c:\program files\trend micro
2010-09-16 18:03 . 2010-09-16 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2010-09-16 18:03 . 2010-09-16 21:27 -------- d-----w- c:\program files\ScreenshotCaptor
2010-09-15 19:11 . 2010-09-15 19:11 -------- d-----w- c:\program files\DesignSoft
2010-09-13 18:11 . 2010-09-13 18:11 388096 ----a-r- c:\documents and settings\fraňour\Data aplikací\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-09-13 18:11 . 2010-09-13 18:11 -------- d-----w- c:\program files\TrendMicro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2010-05-16 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpyMng"="c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe" [2007-07-27 66560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-07 18:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fraňour^Nabídka Start^Programy^Po spuštění^Vesmír na dlani.lnk]
path=c:\documents and settings\fraňour\Nabídka Start\Programy\Po spuštění\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-09-30 18:55 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 12:04 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\fraňour\\Dokumenty\\Stažené soubory\\dc strong\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 32439992;32439992 Boot Guard Driver;c:\windows\system32\drivers\32439992.sys [17.9.2010 21:08 37392]
R0 93627462;93627462 Boot Guard Driver;c:\windows\system32\drivers\93627462.sys [19.9.2010 12:17 37392]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7.9.2010 20:38 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 20:38 52872]
R1 32439991;32439991;c:\windows\system32\drivers\32439991.sys [17.9.2010 21:08 128016]
R1 93627461;93627461;c:\windows\system32\drivers\93627461.sys [19.9.2010 12:17 128016]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 20:38 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 20:38 243024]
R1 setup_9.0.0.722_17.09.2010_22-24drv;setup_9.0.0.722_17.09.2010_22-24drv;c:\windows\system32\drivers\9362746.sys [19.9.2010 12:17 315408]
R1 SpyMng;SpyMng;c:\windows\system32\drivers\SpyMng.sys [14.6.2010 16:41 7552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2010 19:43 380928]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.9.2010 20:57 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.9.2010 20:56 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7.9.2010 20:38 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7.9.2010 20:38 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7.9.2010 20:38 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7.9.2010 20:56 5897808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
S3 maw800c;maw800c;c:\windows\system32\drivers\maw800c.sys [24.8.2010 22:34 24784]
S3 maw800m;maw800m;c:\windows\system32\drivers\maw800m.sys [24.8.2010 22:34 25044]
S3 maw800u;maw800u;c:\windows\system32\drivers\maw800u.sys [24.8.2010 22:34 51797]
S3 VPRWCHMGOZTSZZNEL;VPRWCHMGOZTSZZNEL;c:\docume~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe --> c:\docume~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 11:17 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-10-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {250AF668-812B-400C-BF0D-86FE88E18075} = 192.168.2.1,0.0.0.0
TCP: {69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7} = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://radiobar.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-11 17:48:32
ComboFix-quarantined-files.txt 2010-10-11 15:48
ComboFix2.txt 2010-06-18 20:27
ComboFix3.txt 2010-05-09 07:19
Před spuštěním: 7 704 178 688
Po spuštění: 8 579 653 632
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 5349489B21695708A3AE0EA5635336D5
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\Ask.com
Collect::
c:\windows\system32\drivers\93627462.sys
c:\windows\system32\drivers\9362746.sys
c:\windows\system32\drivers\93627461.sys
c:\windows\system32\drivers\32439992.sys
c:\windows\system32\drivers\3243999.sys
c:\windows\system32\drivers\32439991.sys
c:\docume~1\FRAOUR~1\LOCALS~1\Temp\VPRWCHMGOZTSZZNEL.exe
Driver::
93627462
9362746
93627461
32439992
3243999
32439991
VPRWCHMGOZTSZZNEL
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
toto vylezlo :
ComboFix 10-10-11.01 - fraňour 11.10.2010 20:46:16.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.214 [GMT 2:00]
Spuštěný z: c:\documents and settings\fraňour\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\fraňour\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
file zipped: c:\windows\system32\drivers\3243999.sys
file zipped: c:\windows\system32\drivers\32439991.sys
file zipped: c:\windows\system32\drivers\32439992.sys
file zipped: c:\windows\system32\drivers\9362746.sys
file zipped: c:\windows\system32\drivers\93627461.sys
file zipped: c:\windows\system32\drivers\93627462.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_cd0.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_ccd.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\drivers\3243999.sys
c:\windows\system32\drivers\32439991.sys
c:\windows\system32\drivers\32439992.sys
c:\windows\system32\drivers\9362746.sys
c:\windows\system32\drivers\93627461.sys
c:\windows\system32\drivers\93627462.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_32439991
-------\Legacy_32439992
-------\Legacy_93627461
-------\Legacy_93627462
-------\Legacy_VPRWCHMGOZTSZZNEL
-------\Service_32439991
-------\Service_32439992
-------\Service_93627461
-------\Service_93627462
-------\Service_VPRWCHMGOZTSZZNEL
-------\Legacy_setup_9.0.0.722_17.09.2010_22-24drv
-------\Service_setup_9.0.0.722_17.09.2010_22-24drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 16:24 . 2010-10-11 16:24 -------- d-----w- c:\program files\Crawler
2010-10-11 16:24 . 2010-10-11 16:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-10-11 16:23 . 2010-10-11 18:39 -------- d-----w- c:\program files\Spyware Terminator
2010-10-11 16:23 . 2010-10-11 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2010-10-11 15:13 . 2010-10-11 15:13 390144 ----a-w- c:\windows\system32\CF11791.exe
2010-10-11 14:31 . 2010-10-11 14:31 390144 ----a-w- c:\windows\system32\CF3552.exe
2010-10-10 18:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 18:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 19:34 . 2010-10-09 19:34 -------- d-----w- C:\totalcmd
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-09-28 08:04 . 2010-10-11 14:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\program files\Lavasoft
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-09-27 12:52 . 2010-09-28 07:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-19 10:02 . 2010-09-19 10:02 -------- d-----w- c:\program files\CleanUp!
2010-09-17 19:11 . 2010-09-17 19:11 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-09-16 20:58 . 2010-09-16 20:56 390144 ----a-w- c:\windows\system32\CF4942.exe
2010-09-16 18:40 . 2010-09-16 18:41 -------- d-----w- C:\rsit
2010-09-16 18:40 . 2010-09-16 18:40 -------- d-----w- c:\program files\trend micro
2010-09-16 18:03 . 2010-09-16 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2010-09-16 18:03 . 2010-09-16 21:27 -------- d-----w- c:\program files\ScreenshotCaptor
2010-09-15 19:11 . 2010-09-15 19:11 -------- d-----w- c:\program files\DesignSoft
2010-09-13 18:11 . 2010-09-13 18:11 388096 ----a-r- c:\documents and settings\fraňour\Data aplikací\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-09-13 18:11 . 2010-09-13 18:11 -------- d-----w- c:\program files\TrendMicro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2010-05-16 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-10-11 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpyMng"="c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe" [2007-07-27 66560]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-10-11 2183680]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-07 18:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fraňour^Nabídka Start^Programy^Po spuštění^Vesmír na dlani.lnk]
path=c:\documents and settings\fraňour\Nabídka Start\Programy\Po spuštění\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-09-30 18:55 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 12:04 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\fraňour\\Dokumenty\\Stažené soubory\\dc strong\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7.9.2010 20:38 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 20:38 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 20:38 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 20:38 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11.10.2010 18:24 142592]
R1 SpyMng;SpyMng;c:\windows\system32\drivers\SpyMng.sys [14.6.2010 16:41 7552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2010 19:43 380928]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.9.2010 20:57 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.9.2010 20:56 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7.9.2010 20:38 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7.9.2010 20:38 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7.9.2010 20:38 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7.9.2010 20:56 5897808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
S3 maw800c;maw800c;c:\windows\system32\drivers\maw800c.sys [24.8.2010 22:34 24784]
S3 maw800m;maw800m;c:\windows\system32\drivers\maw800m.sys [24.8.2010 22:34 25044]
S3 maw800u;maw800u;c:\windows\system32\drivers\maw800u.sys [24.8.2010 22:34 51797]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 11:17 691696]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {250AF668-812B-400C-BF0D-86FE88E18075} = 192.168.2.1,0.0.0.0
TCP: {69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7} = 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://radiobar.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-asterisk key - c:\program files\Passware\un-ariskkey.exe
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(992)
c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 21:03:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 19:03
ComboFix2.txt 2010-10-11 15:48
ComboFix3.txt 2010-06-18 20:27
ComboFix4.txt 2010-05-09 07:19
Před spuštěním: 8 398 458 880
Po spuštění: 8 426 737 664
- - End Of File - - E42DBE1E5227F0B7FE428292505F5393
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 10-10-11.01 - fraňour 11.10.2010 20:46:16.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.214 [GMT 2:00]
Spuštěný z: c:\documents and settings\fraňour\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\fraňour\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
file zipped: c:\windows\system32\drivers\3243999.sys
file zipped: c:\windows\system32\drivers\32439991.sys
file zipped: c:\windows\system32\drivers\32439992.sys
file zipped: c:\windows\system32\drivers\9362746.sys
file zipped: c:\windows\system32\drivers\93627461.sys
file zipped: c:\windows\system32\drivers\93627462.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_cd0.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_ccd.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\drivers\3243999.sys
c:\windows\system32\drivers\32439991.sys
c:\windows\system32\drivers\32439992.sys
c:\windows\system32\drivers\9362746.sys
c:\windows\system32\drivers\93627461.sys
c:\windows\system32\drivers\93627462.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_32439991
-------\Legacy_32439992
-------\Legacy_93627461
-------\Legacy_93627462
-------\Legacy_VPRWCHMGOZTSZZNEL
-------\Service_32439991
-------\Service_32439992
-------\Service_93627461
-------\Service_93627462
-------\Service_VPRWCHMGOZTSZZNEL
-------\Legacy_setup_9.0.0.722_17.09.2010_22-24drv
-------\Service_setup_9.0.0.722_17.09.2010_22-24drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 16:24 . 2010-10-11 16:24 -------- d-----w- c:\program files\Crawler
2010-10-11 16:24 . 2010-10-11 16:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-10-11 16:23 . 2010-10-11 18:39 -------- d-----w- c:\program files\Spyware Terminator
2010-10-11 16:23 . 2010-10-11 16:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2010-10-11 15:13 . 2010-10-11 15:13 390144 ----a-w- c:\windows\system32\CF11791.exe
2010-10-11 14:31 . 2010-10-11 14:31 390144 ----a-w- c:\windows\system32\CF3552.exe
2010-10-10 18:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-10-10 18:56 . 2010-10-10 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-10 18:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-09 19:34 . 2010-10-09 19:34 -------- d-----w- C:\totalcmd
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\UC.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2010-10-09 19:34 . 2010-07-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2010-09-28 08:04 . 2010-10-11 14:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\program files\Lavasoft
2010-09-28 08:01 . 2010-10-11 14:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-09-27 12:52 . 2010-09-28 07:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-19 10:02 . 2010-09-19 10:02 -------- d-----w- c:\program files\CleanUp!
2010-09-17 19:11 . 2010-09-17 19:11 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-09-16 20:58 . 2010-09-16 20:56 390144 ----a-w- c:\windows\system32\CF4942.exe
2010-09-16 18:40 . 2010-09-16 18:41 -------- d-----w- C:\rsit
2010-09-16 18:40 . 2010-09-16 18:40 -------- d-----w- c:\program files\trend micro
2010-09-16 18:03 . 2010-09-16 18:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DonationCoder
2010-09-16 18:03 . 2010-09-16 21:27 -------- d-----w- c:\program files\ScreenshotCaptor
2010-09-15 19:11 . 2010-09-15 19:11 -------- d-----w- c:\program files\DesignSoft
2010-09-13 18:11 . 2010-09-13 18:11 388096 ----a-r- c:\documents and settings\fraňour\Data aplikací\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-09-13 18:11 . 2010-09-13 18:11 -------- d-----w- c:\program files\TrendMicro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2010-05-16 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\4df038d60d071da9e4afe55fba7cbfbf\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917953_0$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-10-11 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpyMng"="c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.exe" [2007-07-27 66560]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-10-11 2183680]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-07 18:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
backup=c:\windows\pss\Aktualizovat ESET licenci.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fraňour^Nabídka Start^Programy^Po spuštění^Vesmír na dlani.lnk]
path=c:\documents and settings\fraňour\Nabídka Start\Programy\Po spuštění\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-09-30 18:55 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 12:04 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\fraňour\\Dokumenty\\Stažené soubory\\dc strong\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7.9.2010 20:38 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 20:38 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 20:38 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 20:38 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11.10.2010 18:24 142592]
R1 SpyMng;SpyMng;c:\windows\system32\drivers\SpyMng.sys [14.6.2010 16:41 7552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2010 19:43 380928]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.9.2010 20:57 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.9.2010 20:56 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7.9.2010 20:38 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7.9.2010 20:38 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7.9.2010 20:38 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7.9.2010 20:56 5897808]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.9.2010 20:37 30104]
S3 maw800c;maw800c;c:\windows\system32\drivers\maw800c.sys [24.8.2010 22:34 24784]
S3 maw800m;maw800m;c:\windows\system32\drivers\maw800m.sys [24.8.2010 22:34 25044]
S3 maw800u;maw800u;c:\windows\system32\drivers\maw800u.sys [24.8.2010 22:34 51797]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.8.2010 11:17 691696]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {250AF668-812B-400C-BF0D-86FE88E18075} = 192.168.2.1,0.0.0.0
TCP: {69DF36F2-7AB2-4FC7-8505-7BE1E7AD84D7} = 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://radiobar.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\documents and settings\fraňour\Data aplikací\Mozilla\Firefox\Profiles\8s9gud4t.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-asterisk key - c:\program files\Passware\un-ariskkey.exe
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(992)
c:\documents and settings\fraňour\Dokumenty\Stažené soubory\SpyManager20.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 21:03:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 19:03
ComboFix2.txt 2010-10-11 15:48
ComboFix3.txt 2010-06-18 20:27
ComboFix4.txt 2010-05-09 07:19
Před spuštěním: 8 398 458 880
Po spuštění: 8 426 737 664
- - End Of File - - E42DBE1E5227F0B7FE428292505F5393
Nahr nˇ probŘhlo ŁspŘçnŘ
Přispějete na provoz fóra?