prosím o kontrolu
Napsal: 20 zář 2010 05:27
Zdravím, mám problém ve windows, nechtějí se zavírat okna když je zavřu. ani se nesrolují na lištu. je to vždy po určitím čase,
přidávám logy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:08, on 20.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\odvirování\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4945293125
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4948693906
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11445 bytes
ComboFix 10-09-19.01 - Miloš 20.09.2010 5:06.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2251 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miloš\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100919-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Business Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\sqlite3.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-20 do 2010-09-20 )))))))))))))))))))))))))))))))
.
2010-09-20 02:58 . 2010-09-20 02:57 390144 ----a-w- c:\windows\system32\CF4485.exe
2010-09-19 14:43 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-19 14:43 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-19 14:43 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-19 14:42 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-09-19 14:42 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-19 14:42 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-19 14:42 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-19 14:42 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-19 14:42 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-19 14:42 . 2010-09-19 14:42 -------- d-----w- c:\program files\Alwil Software
2010-09-17 15:58 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-17 15:57 . 2010-06-24 15:57 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-17 15:57 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-17 15:57 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-17 15:57 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-17 15:57 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-17 15:57 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-17 15:57 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-17 15:29 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-17 15:29 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-17 15:27 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-17 15:27 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-17 15:26 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-17 15:26 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-17 08:41 . 2010-03-30 10:24 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-09-17 06:03 . 2010-09-17 06:22 -------- d-----w- C:\AZ-Papír
2010-09-16 13:25 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-09-16 13:24 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-09-16 13:12 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-16 13:12 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-16 13:12 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-16 13:12 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-15 13:30 . 2010-08-04 01:59 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-15 13:30 . 2010-08-04 01:57 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-15 13:30 . 2010-08-04 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-15 13:30 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-09-15 13:30 . 2010-08-04 01:59 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-15 13:30 . 2010-08-04 01:27 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-15 13:28 . 2010-09-15 13:32 -------- d-----w- c:\program files\ATI
2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- C:\ATI
2010-09-14 05:36 . 2010-09-14 05:36 -------- d-----w- C:\found.000
2010-09-06 07:34 . 2010-09-20 02:55 -------- d-----w- c:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 17:28 . 2010-08-09 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 14:43 . 2009-12-19 10:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-17 16:53 . 2009-10-07 20:04 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-17 08:47 . 2008-04-14 12:00 92030 ----a-w- c:\windows\system32\perfc005.dat
2010-09-17 08:47 . 2008-04-14 12:00 461458 ----a-w- c:\windows\system32\perfh005.dat
2010-09-16 13:21 . 2009-10-07 19:15 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-15 13:30 . 2009-10-07 19:25 -------- d-----w- c:\program files\ATI Technologies
2010-09-15 05:31 . 2009-10-08 06:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 08:05 . 2010-09-06 08:05 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-07 12:15 . 2010-08-07 12:15 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-07 11:43 . 2010-08-07 11:43 -------- d-----w- c:\program files\Cenega Czech
2010-08-04 02:20 . 2008-12-01 22:13 5243392 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:53 . 2008-12-01 20:46 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2009-10-07 19:25 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2009-10-07 19:25 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2008-12-01 20:51 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2008-12-01 20:27 3901280 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2008-12-01 20:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2008-12-01 20:38 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2008-12-01 20:11 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2009-10-07 19:25 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2009-10-07 19:25 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-08-04 01:24 . 2008-12-01 19:53 610304 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2008-12-01 19:50 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2008-12-01 19:52 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2008-12-01 19:45 700416 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2008-12-01 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-27 15:42 . 2010-07-27 15:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-27 15:33 . 2010-07-27 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-27 15:32 . 2009-10-07 19:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-27 15:32 . 2010-07-27 15:32 -------- d-----w- c:\program files\Electronic Arts
2010-07-27 15:31 . 2010-07-27 15:31 1102 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-07-27 15:14 . 2010-07-27 15:14 -------- d-----w- c:\program files\EA Sports
2010-07-27 15:09 . 2010-07-27 14:10 -------- d-----w- c:\program files\MotoRacer3
2010-07-22 15:46 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 06:48 . 2009-10-29 18:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:47 . 2010-06-22 06:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:47 . 2009-10-29 18:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-02 13:24 . 2010-03-02 13:24 7576847 ----a-w- c:\program files\winzip_12_1_cestina.exe
2010-03-02 13:18 . 2010-03-02 13:18 14452040 ----a-w- c:\program files\winzip140.exe
2010-03-02 13:15 . 2010-03-02 13:13 6336243 ----a-w- c:\program files\CompressionPackage.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-02 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-09-06 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2009-5-4 2528256]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii\\pc\\mafia2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29.10.2009 20:14 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.10.2009 20:05 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.9.2010 16:42 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.10.2009 20:14 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.10.2009 20:14 243024]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2010 16:42 20560]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 8:47 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 8:47 308136]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [18.2.2009 15:31 294912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 13:17 1181328]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 15:21 135664]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7.10.2009 21:23 1086208]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:21]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 05:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1292428093-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:92,7c,f3,5e,8c,38,15,e1,39,94,2d,61,cf,c0,5a,d7,1d,b4,d4,c4,fb,
a2,29,cb,b7,39,e8,d7,60,4c,63,d7,7c,14,dd,b0,7a,7e,b8,80,c3,57,f8,a3,1b,ba,\
"rkeysecu"=hex:20,c4,ea,f4,52,f7,37,9d,f1,91,4a,04,13,5d,8d,82
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-09-20 05:12:43
ComboFix-quarantined-files.txt 2010-09-20 03:12
Před spuštěním: Volných bajtů: 423 850 844 160
Po spuštění: Volných bajtů: 424 166 567 936
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - D91BAFB93C309D0721C2DC4A2CC386DE
přidávám logy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:08, on 20.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\odvirování\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4945293125
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4948693906
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11445 bytes
ComboFix 10-09-19.01 - Miloš 20.09.2010 5:06.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2251 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miloš\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100919-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Business Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\sqlite3.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-20 do 2010-09-20 )))))))))))))))))))))))))))))))
.
2010-09-20 02:58 . 2010-09-20 02:57 390144 ----a-w- c:\windows\system32\CF4485.exe
2010-09-19 14:43 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-19 14:43 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-19 14:43 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-19 14:42 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-09-19 14:42 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-19 14:42 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-19 14:42 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-19 14:42 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-19 14:42 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-19 14:42 . 2010-09-19 14:42 -------- d-----w- c:\program files\Alwil Software
2010-09-17 15:58 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-17 15:57 . 2010-06-24 15:57 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-17 15:57 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-17 15:57 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-17 15:57 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-17 15:57 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-17 15:57 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-17 15:57 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-17 15:29 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-17 15:29 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-17 15:27 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-17 15:27 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-17 15:26 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-17 15:26 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-17 08:41 . 2010-03-30 10:24 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-09-17 06:03 . 2010-09-17 06:22 -------- d-----w- C:\AZ-Papír
2010-09-16 13:25 . 2008-04-14 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-09-16 13:24 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-09-16 13:12 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-16 13:12 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-16 13:12 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-16 13:12 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-15 13:30 . 2010-08-04 01:59 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-15 13:30 . 2010-08-04 01:57 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-15 13:30 . 2010-08-04 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-15 13:30 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-09-15 13:30 . 2010-08-04 01:59 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-15 13:30 . 2010-08-04 01:27 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-15 13:28 . 2010-09-15 13:32 -------- d-----w- c:\program files\ATI
2010-09-15 13:27 . 2010-09-15 13:27 -------- d-----w- C:\ATI
2010-09-14 05:36 . 2010-09-14 05:36 -------- d-----w- C:\found.000
2010-09-06 07:34 . 2010-09-20 02:55 -------- d-----w- c:\program files\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 17:28 . 2010-08-09 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 14:43 . 2009-12-19 10:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-17 16:53 . 2009-10-07 20:04 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-17 08:47 . 2008-04-14 12:00 92030 ----a-w- c:\windows\system32\perfc005.dat
2010-09-17 08:47 . 2008-04-14 12:00 461458 ----a-w- c:\windows\system32\perfh005.dat
2010-09-16 13:21 . 2009-10-07 19:15 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-15 13:30 . 2009-10-07 19:25 -------- d-----w- c:\program files\ATI Technologies
2010-09-15 05:31 . 2009-10-08 06:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 08:05 . 2010-09-06 08:05 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-07 12:15 . 2010-08-07 12:15 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-07 11:43 . 2010-08-07 11:43 -------- d-----w- c:\program files\Cenega Czech
2010-08-04 02:20 . 2008-12-01 22:13 5243392 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:53 . 2008-12-01 20:46 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2009-10-07 19:25 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2009-10-07 19:25 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2008-12-01 20:51 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2008-12-01 20:27 3901280 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2008-12-01 20:41 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2008-12-01 20:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2008-12-01 20:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2008-12-01 20:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2008-12-01 20:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2008-12-01 20:38 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2008-12-01 20:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2008-12-01 20:11 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2009-10-07 19:25 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2009-10-07 19:25 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-08-04 01:24 . 2008-12-01 19:53 610304 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2008-12-01 19:50 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2008-12-01 19:52 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2008-12-01 19:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2008-12-01 19:45 700416 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2008-12-01 19:57 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2008-12-01 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-27 15:42 . 2010-07-27 15:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-27 15:33 . 2010-07-27 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-27 15:32 . 2009-10-07 19:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-27 15:32 . 2010-07-27 15:32 -------- d-----w- c:\program files\Electronic Arts
2010-07-27 15:31 . 2010-07-27 15:31 1102 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-07-27 15:14 . 2010-07-27 15:14 -------- d-----w- c:\program files\EA Sports
2010-07-27 15:09 . 2010-07-27 14:10 -------- d-----w- c:\program files\MotoRacer3
2010-07-22 15:46 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 06:48 . 2009-10-29 18:14 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:47 . 2010-06-22 06:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 06:47 . 2009-10-29 18:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-02 13:24 . 2010-03-02 13:24 7576847 ----a-w- c:\program files\winzip_12_1_cestina.exe
2010-03-02 13:18 . 2010-03-02 13:18 14452040 ----a-w- c:\program files\winzip140.exe
2010-03-02 13:15 . 2010-03-02 13:13 6336243 ----a-w- c:\program files\CompressionPackage.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-02 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-09-06 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-04-06 33603584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Shrink Pic.lnk - c:\program files\Shrink Pic\shrink_pic.exe [2009-5-4 2528256]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 06:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii\\pc\\mafia2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29.10.2009 20:14 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.10.2009 20:05 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19.9.2010 16:42 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.10.2009 20:14 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.10.2009 20:14 243024]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2010 16:42 20560]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 8:47 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 8:47 308136]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [18.2.2009 15:31 294912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 13:17 1181328]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 15:21 135664]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7.10.2009 21:23 1086208]
.
Obsah adresáře 'Naplánované úlohy'
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:05]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:21]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 05:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1292428093-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:92,7c,f3,5e,8c,38,15,e1,39,94,2d,61,cf,c0,5a,d7,1d,b4,d4,c4,fb,
a2,29,cb,b7,39,e8,d7,60,4c,63,d7,7c,14,dd,b0,7a,7e,b8,80,c3,57,f8,a3,1b,ba,\
"rkeysecu"=hex:20,c4,ea,f4,52,f7,37,9d,f1,91,4a,04,13,5d,8d,82
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2010-09-20 05:12:43
ComboFix-quarantined-files.txt 2010-09-20 03:12
Před spuštěním: Volných bajtů: 423 850 844 160
Po spuštění: Volných bajtů: 424 166 567 936
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - D91BAFB93C309D0721C2DC4A2CC386DE
