Prosím o kontrolu logu RSIT.
Chci vyloučit přítomnost malware. Důvody:
1. Proces Firefox.exe zůstává v paměti i po zavření prohlížeče. Musím jej ručně ukončit ve správci procesů. Tam ukončení neodmítá.
2. Je zakázaná klávesa LeftWin. Úprava registru podle návodů ([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:) nepomohla. Tady bude asi jiný důvod, ale nevím, jaký.
Před vytvořením následujícího logu jsem nechal udělat úplný sken programem Malware Bytes a úplný sken MS Security Essential v posledních verzích. Výsledky nebyly úplně v pořádku. Ale i po odstranění nalezených problémů výše uvedené potíže přetrvávají. Děkuji předem. Kosmák
Logfile of random's system information tool 1.07 (written by random/random)
Run by Bc. Jaroslav Kosmák at 2010-11-11 16:27:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (14%) free of 94 GB
Total RAM: 2047 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27:56, on 11.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\rsit\HijakThis\RSIT.exe
C:\Program Files\trend micro\Bc. Jaroslav Kosmák.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15383&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [GBMHome7Agent] "F:\Program Files\Genie-Soft\GBM7Home\GBMAgent.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [GBMHome7Agent] "F:\Program Files\Genie-Soft\GBM7Home\GBMAgent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bc. Jaroslav Kosmák\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DefaultP17MIDI] MidiDef.Exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DefaultP17MIDI] MidiDef.Exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - (value not set)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\Microsoft Office 2003\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Dawn of Magic Drivers Auto Removal (pr2ahqjb) (pr2ahqjb) - Koch Media - C:\WINDOWS\system32\pr2ahqjb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BC7B7A~1.JAR/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 14925 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ConfigExec.job
C:\WINDOWS\tasks\DataUpload.job
C:\WINDOWS\tasks\GBMPro7 Task - New Backup Job (Záloha souborů).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-308236825-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-308236825-682003330-1004UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2007-04-25 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]
VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2006-04-26 1707264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{55FAF0F2-44D4-425F-B5F5-6B275B621EAB}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-04-25 491520]
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2006-04-26 1707264]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2002-10-30 28672]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"ooccctrl.exe"=C:\Program Files\OO Software\CleverCache\ooccctrl.exe [2007-01-28 1911568]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-11 1505144]
"GBMHome7Agent"=F:\Program Files\Genie-Soft\GBM7Home\GBMAgent.exe []
"Dit"=C:\WINDOWS\Dit.exe [2003-12-29 94208]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-01-07 46592]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-10 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-08-10 2349776]
"GBMHome7Agent"=F:\Program Files\Genie-Soft\GBM7Home\GBMAgent.exe []
"Google Update"=C:\Documents and Settings\Bc. Jaroslav Kosmák\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\UBISOFT\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\UBISOFT\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2b3b914-5834-11df-a47c-806d6172696f}]
shell\AutoRun\command - J:\autorun.exe
======List of files/folders created in the last 1 months======
2010-11-10 21:46:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\ALM
2010-11-10 21:42:48 ----D---- C:\Program Files\Adobe Media Player
2010-11-10 21:38:45 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-10 17:06:37 ----A---- C:\WINDOWS\AviSplitter.INI
2010-11-05 22:09:34 ----D---- C:\Documents and Settings\Bc. Jaroslav Kosmák\Data aplikací\GRETECH
2010-11-05 22:08:34 ----D---- C:\Program Files\GRETECH
2010-11-04 20:20:48 ----D---- C:\Program Files\Winamp Detect
2010-11-04 19:19:57 ----D---- C:\Program Files\jv16 PowerTools 2009
2010-11-03 21:24:52 ----D---- C:\WINDOWS\ie8updates
2010-11-03 21:14:55 ----HDC---- C:\WINDOWS\ie8
2010-10-27 03:51:14 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-10-27 03:51:13 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-10-27 03:49:12 ----A---- C:\WINDOWS\system32\CoreAAC-uninstall.exe
2010-10-27 03:25:34 ----A---- C:\WINDOWS\system32\sipr3260.dll
2010-10-27 03:25:34 ----A---- C:\WINDOWS\system32\Pncrt.dll
2010-10-27 03:25:34 ----A---- C:\WINDOWS\system32\drv43260.dll
2010-10-27 03:25:34 ----A---- C:\WINDOWS\system32\drv33260.dll
2010-10-27 03:25:34 ----A---- C:\WINDOWS\system32\drv23260.dll
2010-10-27 03:25:34 ----A---- C:\WINDOWS\system32\cook3260.dll
2010-10-27 03:25:33 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-10-27 03:25:33 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-10-26 14:44:24 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2010-10-26 14:44:21 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-10-26 14:44:19 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-10-26 14:43:47 ----D---- C:\Program Files\TuneUp Utilities 2009
2010-10-26 14:42:00 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2010-10-21 22:01:12 ----A---- C:\WINDOWS\War3Unin.exe
2010-10-21 21:57:42 ----D---- C:\Program Files\Warcraft III
2010-10-15 07:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-15 07:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-15 07:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-15 07:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-15 07:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-15 07:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-15 07:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-10-13 19:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-13 18:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-13 18:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
======List of files/folders modified in the last 1 months======
2010-11-11 16:27:56 ----D---- C:\Program Files\trend micro
2010-11-11 16:27:48 ----D---- C:\WINDOWS\Prefetch
2010-11-11 16:27:41 ----D---- C:\WINDOWS\Temp
2010-11-11 16:27:21 ----D---- C:\rsit
2010-11-11 16:12:56 ----D---- C:\WINDOWS
2010-11-11 16:12:56 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-11-11 16:01:36 ----D---- C:\WINDOWS\system32
2010-11-11 16:01:35 ----D---- C:\Program Files\Mozilla Firefox
2010-11-11 16:00:29 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-11 13:19:09 ----SD---- C:\WINDOWS\Tasks
2010-11-11 13:14:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-11 13:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-11-11 13:13:22 ----D---- C:\WINDOWS\system32\drivers
2010-11-11 07:08:10 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-11 01:43:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-10 23:03:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-10 23:02:26 ----SHD---- C:\WINDOWS\Installer
2010-11-10 23:02:25 ----D---- C:\Config.Msi
2010-11-10 23:01:52 ----D---- C:\Program Files\Java
2010-11-10 23:00:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-10 23:00:31 ----D---- C:\Program Files\Common Files\Adobe
2010-11-10 21:46:41 ----D---- C:\Documents and Settings\Bc. Jaroslav Kosmák\Data aplikací\Adobe
2010-11-10 21:46:23 ----D---- C:\Program Files\Adobe
2010-11-10 21:43:40 ----RSD---- C:\WINDOWS\Fonts
2010-11-10 21:42:48 ----RD---- C:\Program Files
2010-11-10 21:38:45 ----D---- C:\Program Files\Common Files
2010-11-10 21:37:03 ----D---- C:\WINDOWS\WinSxS
2010-11-10 20:55:16 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 20:32:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-10 18:47:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-10 15:01:51 ----A---- C:\WINDOWS\WTRAN32.INI
2010-11-07 04:22:41 ----A---- C:\WINDOWS\Pex.INI
2010-11-05 23:38:12 ----D---- C:\WINDOWS\system32\config
2010-11-04 22:19:53 ----A---- C:\WINDOWS\WDICT32.INI
2010-11-04 21:32:26 ----HD---- C:\WINDOWS\inf
2010-11-04 21:32:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-04 21:32:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-04 21:32:16 ----A---- C:\WINDOWS\imsins.BAK
2010-11-04 20:43:33 ----D---- C:\Program Files\Winamp
2010-11-04 18:40:58 ----D---- C:\WINDOWS\system32\cs-cz
2010-11-04 18:40:57 ----D---- C:\WINDOWS\Media
2010-11-04 18:40:57 ----D---- C:\WINDOWS\Help
2010-11-04 18:40:57 ----D---- C:\Program Files\Internet Explorer
2010-11-03 21:21:16 ----RD---- C:\WINDOWS\Offline Web Pages
2010-11-03 03:22:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-01 08:07:46 ----RSD---- C:\WINDOWS\assembly
2010-11-01 08:07:28 ----D---- C:\Program Files\Microsoft Office 2003
2010-11-01 08:07:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-01 08:05:47 ----HD---- C:\WINDOWS\ShellNew
2010-11-01 08:05:10 ----A---- C:\WINDOWS\win.ini
2010-10-27 03:51:48 ----D---- C:\Program Files\Avi2Dvd
2010-10-27 03:51:14 ----D---- C:\Program Files\Xvid
2010-10-27 03:50:39 ----D---- C:\Program Files\ffdshow
2010-10-27 03:48:58 ----D---- C:\Program Files\AC3Filter
2010-10-27 03:48:13 ----D---- C:\Program Files\AviSynth 2.5
2010-10-27 03:27:10 ----D---- C:\Documents and Settings\Bc. Jaroslav Kosmák\Data aplikací\Vso
2010-10-27 03:25:34 ----D---- C:\Program Files\vso
2010-10-27 03:15:48 ----D---- C:\Program Files\CCleaner
2010-10-19 21:51:33 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-10-14 00:04:38 ----D---- C:\WINDOWS\system32\wbem
2010-10-13 20:05:14 ----D---- C:\Program Files\Microsoft Security Essentials
2010-10-13 19:22:28 ----D---- C:\WINDOWS\system32\oodag
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2009-04-23 7582]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-06-28 12900]
R1 LGMonldr;LGMonldr Bus Enumerator; C:\WINDOWS\system32\DRIVERS\LGMonldr.sys [2009-08-11 20696]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 TRIXX;TRIXX; \??\C:\Program Files\TRIXX\TRIXXDriver.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-20 281504]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-20 25888]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 VPCAppSv;Virtual PC Application Services; C:\WINDOWS\system32\DRIVERS\VPCAppSv [2003-03-14 10374]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-01-10 695852]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2010-09-04 539072]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LGMonmin;LGMonmin; C:\WINDOWS\system32\DRIVERS\LGMonmin.sys [2009-08-11 13912]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 BT848;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT848.sys [2000-10-17 204843]
S2 BTTUNER;BtTuner, WDM TvTuner; C:\WINDOWS\system32\drivers\BTTUNER.sys [2000-03-13 12700]
S2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.sys [2000-03-13 12600]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller; C:\WINDOWS\System32\Drivers\ousbehci.sys [2010-09-04 42752]
S2 THP878;THP878; C:\WINDOWS\system32\drivers\THP878.sys []
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 34789]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-11-30 30299]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-11-30 148040]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-11-30 55288]
S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\BC7B7A~1.JAR\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz;cpuz; \??\C:\DOCUME~1\BC7B7A~1.JAR\LOCALS~1\Temp\cpuz.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\BC7B7A~1.JAR\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 HDUSB;HDUSB_XP.Sys HDUSB Bulk IO test driver; C:\WINDOWS\system32\DRIVERS\HDUSB.sys [2007-08-07 12800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\H:\NTACCESS.sys []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
S3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-04-26 47360]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2010-09-04 19072]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\System32\Drivers\PTSimHid.sys [2007-04-23 10752]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2010-09-04 130432]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Sandra.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\H:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2007-04-23 17920]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VPCNetS2;Virtual PC Emulated Ethernet Switch; C:\WINDOWS\system32\DRIVERS\VPCNetS2 [2003-03-14 163980]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\Program Files\MSI\Live Update 3\NTACCESS.SYS []
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-01-12 707344]
R2 OOCleverCacheAgent;O&O CleverCache Agent; C:\Program Files\OO Software\CleverCache\ooccag.exe [2007-01-28 391952]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-10-26 604488]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-02 504104]
S3 MatSvc;Microsoft Automated Troubleshooting Service; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb); C:\WINDOWS\system32\pr2ahqjb.exe [2007-03-29 407168]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-10-26 361288]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe [2004-08-05 117760]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe []
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejen preventivní kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Nejen preventivní kontrola
Zdravím, tohle fixni v HJT :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15383&l=dis
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bc. Jaroslav Kosmák\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\Bc. Jaroslav Kosmák.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Google Update Service
NBService - Nero AG
NMIndexingService
TuneUp Drive Defrag Service
TuneUp Program Statistics Service
TuneUp WinStyler Theme Service
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15383&l=dis
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bc. Jaroslav Kosmák\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\Bc. Jaroslav Kosmák.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Google Update Service
NBService - Nero AG
NMIndexingService
TuneUp Drive Defrag Service
TuneUp Program Statistics Service
TuneUp WinStyler Theme Service
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Nejen preventivní kontrola
Děkuji za podrobné instrukce. CCleaner používám (ne)pravidelně 1 .. 3x za měsíc.
Při pokusu spustit ComboFix mi tento program hlásí, že je spuštěn rezidentní Avira AntiVir PersonalEdition Classic, který jsem ale už dávno odinstaloval (asi špatně). V registru jsem našel spoustu jeho výskytů:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\H+BEDV AntiVir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\Eventlog\Application\H+BEDV AntiVir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssmdrv
Soubor C:\Windows\system32\DRIVERS\ssmdrv.sys jsem přejmenoval na ssmdrv.sy_, jenže po restartu se v ComboFixu nic nezměnilo. Tak jsem jej spustil a zde je výsledek:
ComboFix 10-11-11.01 - Bc. Jaroslav Kosmák 11.11.2010 23:49:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1233 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bc. Jaroslav Kosmák\Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\AD ON Multimedia
C:\Thumbs.db
c:\windows\msvrc20.dll
c:\windows\settings.reg
c:\windows\ST6UNST.000
c:\windows\system32\Data
c:\windows\system32\drivers\hdusb.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\StirlingWeather\StirlingWeather.cab
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_HDUSB
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.
2010-11-11 00:55 . 2010-11-11 00:55 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2010-11-11 00:50 . 2010-11-11 00:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Happy Foto
2010-11-11 00:49 . 2010-11-11 00:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-11-11 00:38 . 2010-11-11 00:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-10 21:17 . 2010-11-10 21:17 -------- d-sh--w- c:\documents and settings\Bc. Jaroslav Kosmák\PrivacIE
2010-11-10 20:46 . 2010-11-10 20:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ALM
2010-11-10 20:42 . 2010-11-10 20:42 -------- d-----w- c:\program files\Adobe Media Player
2010-11-10 20:38 . 2010-11-10 20:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-10 06:40 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{563EA6F7-42EF-4985-8701-A12162284523}\mpengine.dll
2010-11-05 21:09 . 2010-11-05 21:09 -------- d-----w- c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\GRETECH
2010-11-05 21:08 . 2010-11-05 21:08 -------- d-----w- c:\program files\GRETECH
2010-11-04 19:20 . 2010-11-04 19:20 -------- d-----w- c:\program files\Winamp Detect
2010-11-04 18:35 . 2010-11-04 18:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-04 18:19 . 2010-11-04 18:20 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-11-04 17:43 . 2010-11-04 17:43 -------- d-sh--w- c:\documents and settings\Bc. Jaroslav Kosmák\IETldCache
2010-11-03 20:14 . 2010-11-03 20:21 -------- dc-h--w- c:\windows\ie8
2010-11-03 19:57 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-03 19:57 . 2010-09-10 05:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-03 19:57 . 2010-09-10 05:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-03 19:57 . 2010-09-10 05:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-03 19:57 . 2010-09-10 05:52 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-03 19:57 . 2010-09-10 05:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-03 19:57 . 2010-09-10 05:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-03 19:56 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-27 02:51 . 2009-06-07 14:25 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-27 02:51 . 2009-06-07 14:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-27 02:51 . 2009-06-07 14:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-27 02:49 . 2010-10-27 02:49 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2010-10-27 02:25 . 2010-02-09 14:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-10-27 02:25 . 2010-02-09 14:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-10-27 02:25 . 2010-02-09 14:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-10-27 02:25 . 2010-02-09 14:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-10-27 02:25 . 2010-02-09 14:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-10-27 02:25 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-10-27 02:25 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-10-26 13:44 . 2010-10-26 13:44 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-10-26 13:44 . 2009-11-16 10:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-26 13:44 . 2010-10-26 13:44 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-10-26 13:43 . 2010-10-26 13:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-10-26 13:42 . 2010-10-26 13:42 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2010-10-21 21:01 . 2010-10-21 21:01 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-21 21:01 . 2010-10-21 21:01 126976 ----a-w- c:\windows\War3Unin.exe
2010-10-21 20:57 . 2010-11-10 19:19 -------- d-----w- c:\program files\Warcraft III
2010-10-13 17:41 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 17:41 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 17:40 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:19 . 2010-06-15 18:07 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-10-19 20:51 . 2009-11-20 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-09-21 09:45 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-04 21:36 . 2006-04-25 21:30 35712 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS
2010-09-04 21:36 . 2010-09-04 21:17 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-04 21:36 . 2010-09-04 21:17 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-09-04 21:35 . 2004-11-30 12:14 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-09-04 21:35 . 2010-09-04 21:11 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-09-04 16:59 . 2010-09-04 16:59 55680 ----a-w- c:\windows\system32\drivers\ousb2hub.sys
2010-09-04 16:57 . 2010-09-04 16:57 42752 ----a-w- c:\windows\system32\drivers\ousbehci.sys
2010-09-01 11:52 . 2004-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2004-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 46592]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MidiDef.Exe" [2002-12-03 49152]
"DefaultP17"="P17Def.Exe" [2003-07-25 20480]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\UBISOFT\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);c:\windows\system32\drivers\pe3ahqjb.sys [29.3.2007 12:25 64896]
R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);c:\windows\system32\drivers\ps6ahqjb.sys [29.3.2007 12:25 52616]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [16.5.2010 16:43 19064]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [8.7.2009 15:05 12900]
R1 LGMonldr;LGMonldr Bus Enumerator;c:\windows\system32\drivers\LGMonldr.sys [29.4.2010 19:50 20696]
R1 TRIXX;TRIXX;c:\program files\TRIXX\TRIXXDriver.sys [16.8.2005 12:17 15360]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [30.9.2001 16:51 10374]
R3 LGMonmin;LGMonmin;c:\windows\system32\drivers\LGMonmin.sys [29.4.2010 19:50 13912]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10.4.2010 16:05 266544]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [7.6.2007 18:16 18944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.4.2007 20:37 685816]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [30.4.2006 19:48 204843]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30.4.2006 19:52 12700]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2.5.2006 7:06 12600]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [4.9.2010 17:57 42752]
S2 THP878;THP878; [x]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [1.5.2008 9:42 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [1.5.2008 22:40 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [1.5.2008 22:40 34789]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [15.6.2010 19:07 13440]
S3 cpuz;cpuz;\??\c:\docume~1\BC7B7A~1.JAR\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\BC7B7A~1.JAR\LOCALS~1\Temp\cpuz.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys [?]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 13:44 6640]
S3 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);c:\windows\system32\pr2ahqjb.exe svc --> c:\windows\system32\pr2ahqjb.exe svc [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23.4.2007 16:28 10752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\program files\MSI\Live Update 3\NTACCESS.SYS --> c:\program files\MSI\Live Update 3\NTACCESS.SYS [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.5.2008 22:52 9510]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.9.2009 19:37 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54]
2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-11-11 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 15:05]
2010-11-11 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 15:05]
2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 18:37]
2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 18:37]
2010-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel
IE: E&xportovat do aplikace Microsoft Excel - (value not set)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office 2003\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\Mozilla\Firefox\Profiles\57pcph63.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\Mozilla\Firefox\Profiles\57pcph63.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\Mozilla\Firefox\Profiles\57pcph63.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://speed.travian.cz http://s1.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-GBMHome7Agent - f:\program files\Genie-Soft\GBM7Home\GBMAgent.exe
HKLM-Run-GBMHome7Agent - f:\program files\Genie-Soft\GBM7Home\GBMAgent.exe
AddRemove-HijackThis - f:\instalace02\Programy\HijakThis\HijakThis\HijackThis.exe
AddRemove-{C39D2BC1-15AA-4221-A16D-71833F97450D}_is1 - f:\program files\Genie-Soft\GBM7Home\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 23:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]?%[??????([??([???????????????? ?%[??%[8M????([$?????%[????????????{?%[??????????%[$?<~????(????~7~??<~?????~7~??<~??%[@???????d?????&[%?%[x?([d?????%[,>%[??'[v?7~Z|%[{3%[?2%[????st.I????G?&[????d????<%[?I%[
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\SSSensor.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Sygate\SPF\smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-11-12 00:06:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-11 23:06
Před spuštěním: Volných bajtů: 13 243 654 144
Po spuštění: Volných bajtů: 13 106 442 240
Current=5 Default=5 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 72EA53EE9802A4244EE6902C5800B5EF
Při pokusu spustit ComboFix mi tento program hlásí, že je spuštěn rezidentní Avira AntiVir PersonalEdition Classic, který jsem ale už dávno odinstaloval (asi špatně). V registru jsem našel spoustu jeho výskytů:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\H+BEDV AntiVir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\Eventlog\Application\H+BEDV AntiVir
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ssmdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\H+BEDV AntiVir
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssmdrv
Soubor C:\Windows\system32\DRIVERS\ssmdrv.sys jsem přejmenoval na ssmdrv.sy_, jenže po restartu se v ComboFixu nic nezměnilo. Tak jsem jej spustil a zde je výsledek:
ComboFix 10-11-11.01 - Bc. Jaroslav Kosmák 11.11.2010 23:49:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1233 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bc. Jaroslav Kosmák\Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\AD ON Multimedia
C:\Thumbs.db
c:\windows\msvrc20.dll
c:\windows\settings.reg
c:\windows\ST6UNST.000
c:\windows\system32\Data
c:\windows\system32\drivers\hdusb.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\StirlingWeather\StirlingWeather.cab
c:\windows\system32\Thumbs.db
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_HDUSB
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.
2010-11-11 00:55 . 2010-11-11 00:55 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2010-11-11 00:50 . 2010-11-11 00:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Happy Foto
2010-11-11 00:49 . 2010-11-11 00:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-11-11 00:38 . 2010-11-11 00:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-10 21:17 . 2010-11-10 21:17 -------- d-sh--w- c:\documents and settings\Bc. Jaroslav Kosmák\PrivacIE
2010-11-10 20:46 . 2010-11-10 20:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ALM
2010-11-10 20:42 . 2010-11-10 20:42 -------- d-----w- c:\program files\Adobe Media Player
2010-11-10 20:38 . 2010-11-10 20:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-10 06:40 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{563EA6F7-42EF-4985-8701-A12162284523}\mpengine.dll
2010-11-05 21:09 . 2010-11-05 21:09 -------- d-----w- c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\GRETECH
2010-11-05 21:08 . 2010-11-05 21:08 -------- d-----w- c:\program files\GRETECH
2010-11-04 19:20 . 2010-11-04 19:20 -------- d-----w- c:\program files\Winamp Detect
2010-11-04 18:35 . 2010-11-04 18:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-04 18:19 . 2010-11-04 18:20 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-11-04 17:43 . 2010-11-04 17:43 -------- d-sh--w- c:\documents and settings\Bc. Jaroslav Kosmák\IETldCache
2010-11-03 20:14 . 2010-11-03 20:21 -------- dc-h--w- c:\windows\ie8
2010-11-03 19:57 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-03 19:57 . 2010-09-10 05:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-03 19:57 . 2010-09-10 05:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-03 19:57 . 2010-09-10 05:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-03 19:57 . 2010-09-10 05:52 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-03 19:57 . 2010-09-10 05:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-03 19:57 . 2010-09-10 05:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-03 19:56 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-27 02:51 . 2009-06-07 14:25 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-27 02:51 . 2009-06-07 14:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-27 02:51 . 2009-06-07 14:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-27 02:49 . 2010-10-27 02:49 33019 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2010-10-27 02:25 . 2010-02-09 14:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-10-27 02:25 . 2010-02-09 14:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-10-27 02:25 . 2010-02-09 14:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-10-27 02:25 . 2010-02-09 14:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-10-27 02:25 . 2010-02-09 14:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-10-27 02:25 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-10-27 02:25 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-10-26 13:44 . 2010-10-26 13:44 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-10-26 13:44 . 2009-11-16 10:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-26 13:44 . 2010-10-26 13:44 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-10-26 13:43 . 2010-10-26 13:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-10-26 13:42 . 2010-10-26 13:42 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2010-10-21 21:01 . 2010-10-21 21:01 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-21 21:01 . 2010-10-21 21:01 126976 ----a-w- c:\windows\War3Unin.exe
2010-10-21 20:57 . 2010-11-10 19:19 -------- d-----w- c:\program files\Warcraft III
2010-10-13 17:41 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 17:41 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 17:40 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:19 . 2010-06-15 18:07 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-10-19 20:51 . 2009-11-20 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-09-21 09:45 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-04 21:36 . 2006-04-25 21:30 35712 ----a-w- c:\windows\system32\drivers\SISAGPX.SYS
2010-09-04 21:36 . 2010-09-04 21:17 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-09-04 21:36 . 2010-09-04 21:17 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-09-04 21:35 . 2004-11-30 12:14 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-09-04 21:35 . 2010-09-04 21:11 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-09-04 16:59 . 2010-09-04 16:59 55680 ----a-w- c:\windows\system32\drivers\ousb2hub.sys
2010-09-04 16:57 . 2010-09-04 16:57 42752 ----a-w- c:\windows\system32\drivers\ousbehci.sys
2010-09-01 11:52 . 2004-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2004-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 46592]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MidiDef.Exe" [2002-12-03 49152]
"DefaultP17"="P17Def.Exe" [2003-07-25 20480]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\UBISOFT\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 pe3ahqjb;Dawn of Magic Environment Driver (pe3ahqjb);c:\windows\system32\drivers\pe3ahqjb.sys [29.3.2007 12:25 64896]
R0 ps6ahqjb;Dawn of Magic Synchronization Driver (ps6ahqjb);c:\windows\system32\drivers\ps6ahqjb.sys [29.3.2007 12:25 52616]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [16.5.2010 16:43 19064]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [8.7.2009 15:05 12900]
R1 LGMonldr;LGMonldr Bus Enumerator;c:\windows\system32\drivers\LGMonldr.sys [29.4.2010 19:50 20696]
R1 TRIXX;TRIXX;c:\program files\TRIXX\TRIXXDriver.sys [16.8.2005 12:17 15360]
R2 VPCAppSv;Virtual PC Application Services;c:\windows\system32\drivers\vpcappsv.sys [30.9.2001 16:51 10374]
R3 LGMonmin;LGMonmin;c:\windows\system32\drivers\LGMonmin.sys [29.4.2010 19:50 13912]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10.4.2010 16:05 266544]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [7.6.2007 18:16 18944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.4.2007 20:37 685816]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [30.4.2006 19:48 204843]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30.4.2006 19:52 12700]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2.5.2006 7:06 12600]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [4.9.2010 17:57 42752]
S2 THP878;THP878; [x]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [1.5.2008 9:42 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [1.5.2008 22:40 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [1.5.2008 22:40 34789]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [15.6.2010 19:07 13440]
S3 cpuz;cpuz;\??\c:\docume~1\BC7B7A~1.JAR\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\BC7B7A~1.JAR\LOCALS~1\Temp\cpuz.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys [?]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 13:44 6640]
S3 pr2ahqjb;Dawn of Magic Drivers Auto Removal (pr2ahqjb);c:\windows\system32\pr2ahqjb.exe svc --> c:\windows\system32\pr2ahqjb.exe svc [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23.4.2007 16:28 10752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\program files\MSI\Live Update 3\NTACCESS.SYS --> c:\program files\MSI\Live Update 3\NTACCESS.SYS [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [1.5.2008 22:52 9510]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.9.2009 19:37 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54]
2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-11-11 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 15:05]
2010-11-11 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 15:05]
2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 18:37]
2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 18:37]
2010-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel
IE: E&xportovat do aplikace Microsoft Excel - (value not set)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office 2003\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\Mozilla\Firefox\Profiles\57pcph63.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\Mozilla\Firefox\Profiles\57pcph63.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Bc. Jaroslav Kosmák\Data aplikací\Mozilla\Firefox\Profiles\57pcph63.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://speed.travian.cz http://s1.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-GBMHome7Agent - f:\program files\Genie-Soft\GBM7Home\GBMAgent.exe
HKLM-Run-GBMHome7Agent - f:\program files\Genie-Soft\GBM7Home\GBMAgent.exe
AddRemove-HijackThis - f:\instalace02\Programy\HijakThis\HijakThis\HijackThis.exe
AddRemove-{C39D2BC1-15AA-4221-A16D-71833F97450D}_is1 - f:\program files\Genie-Soft\GBM7Home\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 23:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]?%[??????([??([???????????????? ?%[??%[8M????([$?????%[????????????{?%[??????????%[$?<~????(????~7~??<~?????~7~??<~??%[@???????d?????&[%?%[x?([d?????%[,>%[??'[v?7~Z|%[{3%[?2%[????st.I????G?&[????d????<%[?I%[
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\vsdatant]
"ImagePath"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\SSSensor.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Sygate\SPF\smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-11-12 00:06:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-11 23:06
Před spuštěním: Volných bajtů: 13 243 654 144
Po spuštění: Volných bajtů: 13 106 442 240
Current=5 Default=5 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 72EA53EE9802A4244EE6902C5800B5EF
k8k
Re: Nejen preventivní kontrola
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Dále doporučuji odinstalovat SpybotSD a Advanced SystemCare 3
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Dále doporučuji odinstalovat SpybotSD a Advanced SystemCare 3
Pak dej vědět jaký je stav PC.
Re: Nejen preventivní kontrola
Díky za odpověď a další instrukce. Postupoval jsem podle nich. Potíže s Firefoxem, jehož proces zůstával viset, zdá se, přestaly. Klávesa Left Win zůstává zakázaná. Asi to s tímto nesouvisí. Mám sem pro kontrolu vložit aktuální log RSIT?
RSIT už na disku není. Jak je to možné??
RSIT už na disku není. Jak je to možné??
k8k
Přispějete na provoz fóra?