Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím kontrolu logu

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Prosím kontrolu logu

#1 Příspěvek od ΛGΣNГ »

Zdravím.
Měl jsem menší problém - nechtěli se mi spustit exe soubory. To jsem vyřešil obnovou systému. PC jsem celý projel antivirem, to co našel jsem smazal. Prosil bych o zkontrolování logu a případné dočištění. Upozorňuji, že se mi zde nechce spustit OTM ani OTL ( nefungovali už před tím )! At se snazim sebevic vzdy mi to napise Program OTL/OTM prestal pracovat... Pokud by se dalo vyresit i toto tak bych byl rad ;).
________________________________________________________________________
Logfile of random's system information tool 1.08 (written by random/random)
Run by AGENT at 2011-02-20 11:23:34
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 56 GB (24%) free of 236 GB
Total RAM: 3035 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:44, on 20.2.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe
C:\Users\AGENT\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\AGENT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\AGENT\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [HPCam_Menu] "C:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [PlayNC Launcher] (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 (User 'Tony')
O4 - HKUS\S-1-5-21-3682851183-281139013-3763937716-1002\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Tony')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 9569 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002UA.job
C:\Windows\tasks\User_Feed_Synchronization-{33671CF6-AFDA-4B20-A15A-D3D08EB306B5}.job
C:\Windows\tasks\User_Feed_Synchronization-{82592917-91C2-4250-B0E1-46C1B5F6CB96}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\AGENT\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2009-01-16 3866624]
"HPCam_Menu"=C:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-08-08 319000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-14 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-12-13 281768]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-12-22 2216960]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-11-16 1043968]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-01-23 396152]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\Users\AGENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open -

======List of files/folders created in the last 1 months======

2011-02-20 10:22:51 ----ASH---- C:\hiberfil.sys
2011-02-19 22:21:13 ----D---- C:\Program Files\Restorator 2007
2011-02-19 21:38:51 ----D---- C:\Users\AGENT\AppData\Roaming\QIP
2011-02-19 21:37:50 ----D---- C:\Program Files\QIP Infium
2011-02-19 21:22:47 ----D---- C:\Program Files\ICQ Password Hasher
2011-02-17 18:35:49 ----D---- C:\Program Files\Sony
2011-02-17 18:34:47 ----D---- C:\Program Files\Sony Setup
2011-02-17 07:57:39 ----D---- C:\Program Files\Common Files\Java
2011-02-17 07:57:23 ----A---- C:\Windows\system32\javaws.exe
2011-02-17 07:57:23 ----A---- C:\Windows\system32\javaw.exe
2011-02-17 07:57:23 ----A---- C:\Windows\system32\java.exe
2011-02-11 20:49:25 ----A---- C:\Users\AGENT\AppData\Roaming\AutoGK.ini
2011-02-11 20:44:49 ----D---- C:\Program Files\AutoGK
2011-02-11 18:25:44 ----D---- C:\Users\AGENT\AppData\Roaming\avidemux
2011-02-10 18:22:14 ----D---- C:\Program Files\Valve
2011-02-10 16:51:53 ----D---- C:\Python31
2011-02-09 22:11:43 ----A---- C:\Windows\system32\vsregexp.dll
2011-02-09 22:11:21 ----A---- C:\Windows\system32\zlcommdb.dll
2011-02-09 22:11:21 ----A---- C:\Windows\system32\zlcomm.dll
2011-02-09 22:11:17 ----A---- C:\Windows\system32\vswmi.dll
2011-02-09 22:11:11 ----A---- C:\Windows\system32\zpeng25.dll
2011-02-09 22:11:11 ----A---- C:\Windows\system32\vsxml.dll
2011-02-09 22:11:10 ----A---- C:\Windows\system32\vspubapi.dll
2011-02-09 22:11:10 ----A---- C:\Windows\system32\vsmonapi.dll
2011-02-09 22:11:09 ----A---- C:\Windows\system32\vsdata.dll
2011-02-09 22:10:55 ----D---- C:\Windows\system32\ZoneLabs
2011-02-09 22:10:55 ----A---- C:\Windows\system32\drivers\vsdatant.sys
2011-02-09 22:10:53 ----D---- C:\Program Files\Zone Labs
2011-02-09 22:09:29 ----A---- C:\Windows\system32\vsutil.dll
2011-02-09 22:09:29 ----A---- C:\Windows\system32\vsinit.dll
2011-02-09 21:31:10 ----D---- C:\Users\AGENT\AppData\Roaming\Registry Mechanic
2011-02-09 21:25:56 ----A---- C:\Windows\system32\msxml.dll
2011-02-09 21:25:56 ----A---- C:\Windows\system32\CleanMFT32.exe
2011-02-09 21:25:43 ----D---- C:\Program Files\Common Files\PC Tools
2011-02-09 21:25:42 ----D---- C:\Program Files\Registry Mechanic
2011-02-09 20:03:09 ----A---- C:\Windows\system32\shsvcs.dll
2011-02-09 16:33:26 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 16:33:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 16:33:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 16:33:21 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 16:32:20 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 16:32:20 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 16:32:20 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 16:32:19 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-09 16:32:19 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 16:32:18 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-09 16:32:18 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 16:32:18 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-09 16:32:18 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 16:32:17 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 16:32:17 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-09 16:32:17 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-09 16:32:17 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 16:32:16 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-09 16:32:16 ----A---- C:\Windows\system32\dxgi.dll
2011-02-09 16:32:16 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 16:32:15 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-09 16:32:15 ----A---- C:\Windows\system32\mf.dll
2011-02-09 16:32:15 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 16:32:15 ----A---- C:\Windows\system32\d3d10.dll
2011-02-09 16:32:14 ----A---- C:\Windows\system32\stobject.dll
2011-02-09 16:32:14 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-09 16:32:14 ----A---- C:\Windows\system32\mfplat.dll
2011-02-09 16:32:14 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-09 16:32:14 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-09 16:32:10 ----A---- C:\Windows\system32\mfps.dll
2011-02-09 16:32:10 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 16:32:09 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-09 16:31:41 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 16:31:39 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 16:31:38 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 16:31:38 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 16:31:37 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 16:31:37 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 16:31:37 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\occache.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-09 16:31:36 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\iesetup.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\iernonce.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 16:31:36 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 16:31:35 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 16:31:35 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 16:31:35 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 16:31:35 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 16:31:35 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-09 16:31:31 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 16:31:30 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 16:31:26 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 16:31:25 ----A---- C:\Windows\system32\atmlib.dll
2011-02-07 15:26:57 ----A---- C:\Windows\system32\pncrt.dll
2011-02-06 15:41:29 ----A---- C:\Windows\system32\drivers\ssceserd.sys
2011-02-06 15:41:08 ----A---- C:\Windows\system32\drivers\sscemdm.sys
2011-02-06 15:41:08 ----A---- C:\Windows\system32\drivers\sscemdfl.sys
2011-02-06 15:41:08 ----A---- C:\Windows\system32\drivers\sscecmnt.sys
2011-02-06 15:41:08 ----A---- C:\Windows\system32\drivers\sscecm.sys
2011-02-06 15:40:55 ----A---- C:\Windows\system32\drivers\sscebus.sys
2011-02-06 15:40:53 ----A---- C:\Windows\system32\drivers\sscewhnt.sys
2011-02-06 15:40:53 ----A---- C:\Windows\system32\drivers\sscewh.sys
2011-02-06 10:44:48 ----D---- C:\rsit
2011-02-04 18:40:17 ----A---- C:\Windows\system32\FsUsbExDisk.Sys
2011-02-04 18:40:17 ----A---- C:\Windows\system32\FsUsbExDevice.Dll
2011-02-04 11:53:16 ----D---- C:\Temp
2011-02-03 15:58:42 ----D---- C:\Program Files\ZAV1
2011-01-31 19:29:06 ----N---- C:\Windows\AWuninstall.exe
2011-01-31 19:29:05 ----D---- C:\Program Files\Lokas
2011-01-31 16:45:24 ----D---- C:\Users\AGENT\AppData\Roaming\vlc
2011-01-30 14:39:38 ----D---- C:\ProgramData\Studio14Trial
2011-01-28 15:59:16 ----D---- C:\Users\AGENT\AppData\Roaming\VistaCodecs
2011-01-28 15:59:10 ----D---- C:\Program Files\VistaCodecPack
2011-01-28 15:58:20 ----D---- C:\ProgramData\VistaCodecs
2011-01-28 14:35:58 ----A---- C:\Windows\system32\CmdLineExt03.dll
2011-01-28 10:40:47 ----D---- C:\Program Files\Scorpions WinCheater
2011-01-28 08:36:31 ----D---- C:\Fraps
2011-01-27 18:53:13 ----D---- C:\Users\AGENT\AppData\Roaming\Silver Style Entertainment
2011-01-27 17:04:20 ----D---- C:\Users\AGENT\AppData\Roaming\Solveig Multimedia
2011-01-27 17:02:09 ----D---- C:\Program Files\HyperCam 3
2011-01-26 18:39:51 ----A---- C:\Windows\system32\Redemption.dll
2011-01-23 09:58:59 ----D---- C:\Program Files\Xvid
2011-01-23 09:35:14 ----D---- C:\Program Files\uTorrent
2011-01-23 09:23:04 ----D---- C:\Users\AGENT\AppData\Roaming\uTorrent
2011-01-22 20:22:25 ----D---- C:\Users\AGENT\AppData\Roaming\NVIDIA
2011-01-22 20:22:25 ----D---- C:\ProgramData\NVIDIA

======List of files/folders modified in the last 1 months======

2011-02-20 11:23:42 ----D---- C:\Program Files\trend micro
2011-02-20 11:23:31 ----D---- C:\Windows\Temp
2011-02-20 11:20:06 ----D---- C:\Windows\Internet Logs
2011-02-20 10:35:53 ----AD---- C:\ProgramData\Temp
2011-02-20 10:35:01 ----SHD---- C:\System Volume Information
2011-02-20 10:27:12 ----SHD---- C:\Windows\Installer
2011-02-20 10:26:48 ----RD---- C:\Program Files
2011-02-20 10:26:20 ----D---- C:\Windows\system32\drivers
2011-02-20 10:25:19 ----D---- C:\Users\AGENT\AppData\Roaming\Skype
2011-02-20 10:23:20 ----D---- C:\Program Files\Common Files\Akamai
2011-02-20 10:22:48 ----D---- C:\Windows\system32\wbem
2011-02-20 10:22:48 ----D---- C:\Windows
2011-02-20 10:22:08 ----D---- C:\Windows\system32\config
2011-02-20 10:21:57 ----D---- C:\Windows\Tasks
2011-02-20 10:21:56 ----D---- C:\Windows\system32\Tasks
2011-02-20 10:21:56 ----D---- C:\Windows\system32\spool
2011-02-20 10:21:56 ----D---- C:\Windows\system32\Msdtc
2011-02-20 10:21:56 ----D---- C:\Windows\system32\CodeIntegrity
2011-02-20 10:21:56 ----D---- C:\Windows\system32\catroot2
2011-02-20 10:21:56 ----D---- C:\Windows\inf
2011-02-20 10:21:56 ----D---- C:\Users\AGENT\AppData\Roaming\Xfire
2011-02-20 10:21:56 ----D---- C:\Users\AGENT\AppData\Roaming\Spyware Terminator
2011-02-20 10:21:56 ----D---- C:\Users\AGENT\AppData\Roaming\PSpad
2011-02-20 10:21:55 ----D---- C:\ProgramData\Xfire
2011-02-20 10:21:55 ----D---- C:\ProgramData\Spyware Terminator
2011-02-20 10:21:54 ----D---- C:\Program Files\ICQ7.2
2011-02-20 10:21:54 ----D---- C:\Program Files\ICQ Password Changer
2011-02-20 10:21:53 ----D---- C:\Windows\registration
2011-02-20 10:06:25 ----D---- C:\Users\AGENT\AppData\Roaming\skypePM
2011-02-20 08:33:28 ----D---- C:\Program Files\Spyware Terminator
2011-02-19 22:21:15 ----D---- C:\Windows\System32
2011-02-19 21:35:32 ----HD---- C:\ProgramData
2011-02-19 21:28:44 ----D---- C:\Users\AGENT\AppData\Roaming\ICQ
2011-02-19 21:18:26 ----SD---- C:\Users\AGENT\AppData\Roaming\Microsoft
2011-02-19 17:00:26 ----D---- C:\Users\AGENT\AppData\Roaming\FileZilla
2011-02-18 21:41:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-18 19:43:14 ----D---- C:\Program Files\MyDefrag v4.3.1
2011-02-18 15:25:29 ----D---- C:\Users\AGENT\AppData\Roaming\Sony
2011-02-17 18:55:55 ----RSD---- C:\Windows\assembly
2011-02-17 18:50:47 ----D---- C:\Windows\Prefetch
2011-02-17 07:57:39 ----D---- C:\Program Files\Common Files
2011-02-17 07:57:21 ----D---- C:\Program Files\Java
2011-02-17 07:17:02 ----D---- C:\ProgramData\PDFC
2011-02-13 09:49:33 ----D---- C:\Users\AGENT\AppData\Roaming\Media Player Classic
2011-02-11 21:57:08 ----D---- C:\Users\AGENT\AppData\Roaming\AVI ReComp
2011-02-11 20:45:23 ----D---- C:\Program Files\AviSynth 2.5
2011-02-11 20:04:11 ----D---- C:\Users\AGENT\AppData\Roaming\BITS
2011-02-11 18:49:09 ----D---- C:\Downloads
2011-02-09 22:11:00 ----D---- C:\Windows\system32\catroot
2011-02-09 21:42:31 ----D---- C:\Windows\Debug
2011-02-09 21:26:18 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 9
2011-02-09 21:13:34 ----D---- C:\Program Files\AVG
2011-02-09 21:13:33 ----D---- C:\ProgramData\avg9ls
2011-02-09 20:42:17 ----D---- C:\Windows\winsxs
2011-02-09 20:33:27 ----D---- C:\Windows\rescache
2011-02-09 20:14:46 ----D---- C:\Program Files\Windows Mail
2011-02-09 20:14:44 ----D---- C:\Windows\system32\migration
2011-02-09 20:14:44 ----D---- C:\Program Files\Internet Explorer
2011-02-09 20:02:23 ----A---- C:\Windows\system32\mrt.exe
2011-02-08 21:53:33 ----D---- C:\Users\AGENT\AppData\Roaming\Adobe
2011-02-08 16:57:46 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 20:46:18 ----D---- C:\Program Files\Opera
2011-02-07 15:27:30 ----A---- C:\cmdlog.txt
2011-02-06 20:53:08 ----D---- C:\Program Files\Samsung
2011-02-06 20:51:47 ----D---- C:\Program Files\PC Connectivity Solution
2011-02-06 20:50:43 ----D---- C:\ProgramData\Samsung
2011-02-06 20:50:20 ----D---- C:\Program Files\Common Files\Samsung
2011-02-06 20:50:03 ----D---- C:\Users\AGENT\AppData\Roaming\Samsung
2011-02-06 19:58:51 ----DC---- C:\Windows\system32\DRVSTORE
2011-02-04 12:01:16 ----D---- C:\Windows\system32\System32
2011-02-02 21:40:23 ----A---- C:\Windows\system32\deployJava1.dll
2011-01-31 19:13:05 ----D---- C:\Program Files\Common Files\Adobe
2011-01-31 19:12:18 ----D---- C:\Program Files\Adobe
2011-01-31 19:11:01 ----D---- C:\Program Files\ElcomSoft
2011-01-31 16:45:47 ----D---- C:\Program Files\CCleaner
2011-01-23 14:31:58 ----D---- C:\Windows\Minidump
2011-01-23 09:59:02 ----D---- C:\Program Files\Gabest
2011-01-23 09:58:22 ----D---- C:\Program Files\AVI ReComp
2011-01-22 19:55:47 ----D---- C:\Program Files\Cheat Engine

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2008-08-27 25392]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-17 691696]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-15 9216]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-12-13 135096]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-12-22 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-12-03 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-12-13 61960]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-12-03 25888]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-08-27 34608]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-15 14336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-05-14 4305920]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-12-14 2709056]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-08-24 18120]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-08-24 36640]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2010-11-23 263464]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-10-25 27632]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-03-26 1765168]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2010-09-23 313632]
S0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-05-14 4305920]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
S3 anbodegp;anbodegp; C:\Windows\system32\drivers\anbodegp.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-04-24 95544]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys []
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2010-10-25 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2010-10-25 25512]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2010-10-24 138184]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\Windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\Windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\Windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\Windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\Windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\Windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM); C:\Windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-13 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-05-14 733184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2010-08-24 95568]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-08-27 24880]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-09 632792]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-12-12 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-12-22 496128]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2010-11-16 2435592]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-10-31 655624]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656]
S3 MsDepSvc;Web Deployment Agent Service; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-12-12 111928]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#2 Příspěvek od Rudy »

Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#3 Příspěvek od ΛGΣNГ »

V normálním režimu se dostal do fáze kdy píše že scan bude trvat okolo 10-ti minut a pak PC spadl. Jdu to zkusit v nouzovém režimu.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#4 Příspěvek od Rudy »

Jj. Zkuste.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#5 Příspěvek od ΛGΣNГ »

Tak tady to je, nevím jestli vše proběhlo v pořádku, protože mi to občas napsalo něco o administrátorských právech ( i když jsem byl na účtě který by všachna oprávnění mít měl )...
_______________________________________________________________________________
ComboFix 11-02-19.02 - AGENT 20.02.2011 12:22:48.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3035.2445 [GMT 1:00]
Spuštěný z: c:\users\AGENT\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\AGENT\AppData\Roaming\cacaoweb
c:\users\AGENT\AppData\Roaming\cacaoweb\adstorage.db
c:\users\AGENT\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\AGENT\AppData\Roaming\cacaoweb\megavideoALT66RFJ578087151.cacao
c:\users\AGENT\AppData\Roaming\cacaoweb\megavideoQ0XBMAPT424347143.cacao
c:\users\AGENT\AppData\Roaming\cacaoweb\storage.db
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 11:29 . 2011-02-20 11:29 -------- d-----w- c:\users\AGENT\AppData\Local\temp
2011-02-20 11:29 . 2011-02-20 11:29 -------- d-----w- c:\users\Tony\AppData\Local\temp
2011-02-20 11:29 . 2011-02-20 11:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 21:21 . 2011-02-19 21:24 -------- d-----w- c:\program files\Restorator 2007
2011-02-19 20:38 . 2011-02-19 20:38 -------- d-----w- c:\users\AGENT\AppData\Roaming\QIP
2011-02-19 20:37 . 2011-02-20 09:29 -------- d-----w- c:\program files\QIP Infium
2011-02-19 20:22 . 2011-02-20 09:21 -------- d-----w- c:\program files\ICQ Password Hasher
2011-02-18 13:38 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67F83DC1-A89E-4C38-B55E-1648CCCBF3FC}\mpengine.dll
2011-02-17 17:39 . 2011-02-17 17:44 873 ----a-w- c:\users\AGENT\1.vbs
2011-02-17 17:35 . 2011-02-18 14:26 -------- d-----w- c:\program files\Sony
2011-02-17 17:34 . 2011-02-17 17:34 -------- d-----w- c:\program files\Sony Setup
2011-02-17 06:57 . 2011-02-17 06:57 -------- d-----w- c:\program files\Common Files\Java
2011-02-12 16:39 . 2011-02-12 16:39 -------- d-----w- c:\users\AGENT\AppData\Local\Electronic Arts
2011-02-11 19:44 . 2011-02-11 19:45 -------- d-----w- c:\program files\AutoGK
2011-02-11 17:25 . 2011-02-11 17:26 -------- d-----w- c:\users\AGENT\AppData\Roaming\avidemux
2011-02-11 13:54 . 2011-02-11 13:54 -------- d-----w- c:\users\AGENT\.idlerc
2011-02-10 17:22 . 2011-02-10 17:35 -------- d-----w- c:\program files\Valve
2011-02-10 17:21 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-02-10 15:51 . 2011-02-10 15:53 -------- d-----w- C:\Python31
2011-02-09 21:11 . 2010-11-16 16:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-09 21:11 . 2010-11-16 16:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-09 21:11 . 2010-11-16 16:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-09 21:10 . 2011-02-09 21:11 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-09 21:10 . 2010-05-15 15:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-02-09 21:10 . 2011-02-09 21:10 -------- d-----w- c:\program files\Zone Labs
2011-02-09 20:31 . 2011-02-09 20:50 -------- d-----w- c:\users\AGENT\AppData\Roaming\Registry Mechanic
2011-02-09 20:25 . 2010-08-05 07:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-02-09 20:25 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-02-09 20:25 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-02-09 20:25 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-02-09 20:25 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-02-09 20:25 . 2011-02-09 20:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-09 15:33 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:33 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 15:33 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 15:33 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 15:33 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 15:57 . 2011-02-08 15:57 49152 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2011-02-06 14:41 . 2010-04-27 02:25 100352 ----a-w- c:\windows\system32\drivers\ssceserd.sys
2011-02-06 14:41 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\sscemdfl.sys
2011-02-06 14:41 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecmnt.sys
2011-02-06 14:41 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecm.sys
2011-02-06 14:41 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\sscemdm.sys
2011-02-06 14:40 . 2010-04-27 02:25 98560 ----a-w- c:\windows\system32\drivers\sscebus.sys
2011-02-06 14:40 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewhnt.sys
2011-02-06 14:40 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewh.sys
2011-02-06 09:44 . 2011-02-06 09:45 -------- d-----w- C:\rsit
2011-02-04 17:40 . 2011-01-04 15:11 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-02-04 17:40 . 2010-08-24 05:14 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-02-04 10:53 . 2011-02-04 10:53 -------- d-----w- C:\Temp
2011-02-03 14:58 . 2011-02-03 14:58 -------- d-----w- c:\program files\ZAV1
2011-01-31 18:29 . 2011-01-31 18:29 44544 ------w- c:\windows\AWuninstall.exe
2011-01-31 18:29 . 2011-01-31 18:29 -------- d-----w- c:\program files\Lokas
2011-01-31 15:45 . 2011-02-20 09:21 -------- d-----w- c:\users\AGENT\AppData\Roaming\vlc
2011-01-30 13:39 . 2011-01-30 13:44 -------- d-----w- c:\programdata\Studio14Trial
2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\users\AGENT\AppData\Roaming\VistaCodecs
2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\program files\VistaCodecPack
2011-01-28 14:58 . 2011-01-28 14:59 -------- d-----w- c:\programdata\VistaCodecs
2011-01-28 13:35 . 2011-01-28 13:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-28 09:40 . 2011-01-28 09:45 -------- d-----w- c:\program files\Scorpions WinCheater
2011-01-28 07:36 . 2011-01-28 07:49 -------- d-----w- C:\Fraps
2011-01-27 17:53 . 2011-01-27 17:53 -------- d-----w- c:\users\AGENT\AppData\Roaming\Silver Style Entertainment
2011-01-27 16:04 . 2011-01-27 16:04 -------- d-----w- c:\users\AGENT\AppData\Roaming\Solveig Multimedia
2011-01-27 16:02 . 2011-02-01 14:17 -------- d-----w- c:\program files\HyperCam 3
2011-01-26 17:42 . 2011-02-06 18:42 -------- d-----w- c:\users\AGENT\AppData\Local\Samsung
2011-01-26 17:39 . 2011-01-04 15:11 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-23 08:58 . 2011-02-11 19:45 -------- d-----w- c:\program files\Xvid
2011-01-23 08:35 . 2011-01-23 08:35 -------- d-----w- c:\program files\uTorrent
2011-01-23 08:23 . 2011-02-20 11:14 -------- d-----w- c:\users\AGENT\AppData\Roaming\uTorrent
2011-01-22 19:22 . 2011-01-22 19:22 -------- d-----w- c:\users\AGENT\AppData\Roaming\NVIDIA
2011-01-22 19:22 . 2011-01-22 19:22 -------- d-----w- c:\programdata\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-10-21 17:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-04 15:10 . 2011-01-04 15:10 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-04 15:10 . 2011-01-04 15:10 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-04 15:10 . 2011-01-04 15:10 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-04 15:10 . 2011-01-04 15:10 143360 ----a-w- c:\windows\system32\3DAudio.ax
2010-12-31 11:07 . 2010-10-23 15:14 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-31 11:07 . 2010-10-23 15:14 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-29 00:23 . 2010-12-29 00:23 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-29 00:19 . 2010-12-29 00:19 45056 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-28 15:55 . 2011-01-12 18:15 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 18:38 . 2010-12-22 18:38 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-12-14 16:22 . 2010-12-14 16:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-12-14 16:22 . 2010-12-14 16:22 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-12-14 16:22 . 2010-12-14 16:22 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-12-14 16:22 . 2010-12-14 16:22 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-12-14 14:49 . 2011-01-12 18:15 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-13 19:40 . 2010-09-13 17:10 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-12-13 19:39 . 2010-12-13 19:39 9728 ----a-w- c:\windows\system32\yk60x86ver.dll
2010-12-13 19:34 . 2010-12-13 19:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-13 07:40 . 2010-12-22 18:32 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-13 07:40 . 2010-12-22 18:32 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-12 10:37 . 2010-10-24 11:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 10:37 . 2010-12-12 10:37 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-12 10:37 . 2010-10-24 11:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-07 11:16 . 2010-12-07 11:16 51200 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-03 12:36 . 2010-12-03 12:36 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-03 12:36 . 2010-12-03 12:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-27 17:31 . 2010-11-27 17:31 2146304 ----a-w- c:\windows\system32\python31.dll
2010-11-23 17:33 . 2010-12-13 19:34 263464 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-23 396152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-14 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-12-22 2216960]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\AGENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3682851183-281139013-3763937716-1000]
"EnableNotificationsRef"=dword:00000003

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-17 691696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-22 142592]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-08-24 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-27 24880]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-09 632792]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-05-14 4305920]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-08-24 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-08-24 36640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-10-25 13224]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-10-25 27632]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 14:32]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 14:32]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000Core.job
- c:\users\AGENT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 18:03]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000UA.job
- c:\users\AGENT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 18:03]

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 11:21]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 11:21]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{33671CF6-AFDA-4B20-A15A-D3D08EB306B5}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{82592917-91C2-4250-B0E1-46C1B5F6CB96}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\users\AGENT\AppData\Roaming\Mozilla\Firefox\Profiles\o0xn05wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-3D Shadow by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\3D Shadow
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 12:29
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\AGENT\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\AGENT\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6235953E-1C33-6AB1-16A8-FAD749FD27E5}*]
"jakpmcfmohpjnbcbhlmf"=hex:62,61,66,6f,00,00
"iakoacnjhldbjplgib"=hex:6b,61,6e,6e,65,62,6b,6e,65,6f,65,63,63,6c,6f,63,67,6f,
6d,70,6b,66,00,04
"hagaaflcpbbhndee"=hex:6c,62,67,70,62,6a,66,6f,6f,70,61,66,6a,67,68,61,62,61,
6b,66,69,63,62,66,70,64,68,65,62,6f,6d,6c,63,70,70,69,61,6d,65,6c,6a,65,6e,\
"jahaloepmgfmfcdnhaal"=hex:64,62,65,6f,63,63,6e,61,67,65,62,6e,68,67,6a,68,6e,
6f,67,6e,70,64,6e,6d,6a,6b,68,63,69,61,6b,6e,65,62,62,6d,65,64,66,66,00,65
"jakpmcfmohpjnbcbhlag"=hex:62,61,67,6f,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-02-20 12:31:02
ComboFix-quarantined-files.txt 2011-02-20 11:31

Před spuštěním: Volných bajtů: 61 693 181 952
Po spuštění: Volných bajtů: 61 566 242 816

- - End Of File - - 2351269FF7D37448EC34DF991E9055FB
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#6 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Driver::
Akamai

Regnull::
[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6235953E-1C33-6AB1-16A8-FAD749FD27E5}*]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#7 Příspěvek od ΛGΣNГ »

Tady to je, musel jsem to zase udělat v nouzovém režimu, v normálním zase BSOD.
_______________________________________________________________________________
ComboFix 11-02-19.02 - AGENT 20.02.2011 13:12:07.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3035.2466 [GMT 1:00]
Spuštěný z: c:\users\AGENT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AGENT\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Akamai


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 12:18 . 2011-02-20 12:20 -------- d-----w- c:\users\AGENT\AppData\Local\temp
2011-02-20 12:18 . 2011-02-20 12:18 -------- d-----w- c:\users\Tony\AppData\Local\temp
2011-02-20 12:18 . 2011-02-20 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 21:21 . 2011-02-19 21:24 -------- d-----w- c:\program files\Restorator 2007
2011-02-19 20:38 . 2011-02-19 20:38 -------- d-----w- c:\users\AGENT\AppData\Roaming\QIP
2011-02-19 20:37 . 2011-02-20 09:29 -------- d-----w- c:\program files\QIP Infium
2011-02-19 20:22 . 2011-02-20 09:21 -------- d-----w- c:\program files\ICQ Password Hasher
2011-02-18 13:38 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67F83DC1-A89E-4C38-B55E-1648CCCBF3FC}\mpengine.dll
2011-02-17 17:39 . 2011-02-17 17:44 873 ----a-w- c:\users\AGENT\1.vbs
2011-02-17 17:35 . 2011-02-18 14:26 -------- d-----w- c:\program files\Sony
2011-02-17 17:34 . 2011-02-17 17:34 -------- d-----w- c:\program files\Sony Setup
2011-02-17 06:57 . 2011-02-17 06:57 -------- d-----w- c:\program files\Common Files\Java
2011-02-12 16:39 . 2011-02-12 16:39 -------- d-----w- c:\users\AGENT\AppData\Local\Electronic Arts
2011-02-11 19:44 . 2011-02-11 19:45 -------- d-----w- c:\program files\AutoGK
2011-02-11 17:25 . 2011-02-11 17:26 -------- d-----w- c:\users\AGENT\AppData\Roaming\avidemux
2011-02-11 13:54 . 2011-02-11 13:54 -------- d-----w- c:\users\AGENT\.idlerc
2011-02-10 17:22 . 2011-02-10 17:35 -------- d-----w- c:\program files\Valve
2011-02-10 17:21 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-02-10 15:51 . 2011-02-10 15:53 -------- d-----w- C:\Python31
2011-02-09 21:11 . 2010-11-16 16:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-09 21:11 . 2010-11-16 16:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-09 21:11 . 2010-11-16 16:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-09 21:10 . 2011-02-09 21:11 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-09 21:10 . 2010-05-15 15:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-02-09 21:10 . 2011-02-09 21:10 -------- d-----w- c:\program files\Zone Labs
2011-02-09 20:31 . 2011-02-09 20:50 -------- d-----w- c:\users\AGENT\AppData\Roaming\Registry Mechanic
2011-02-09 20:25 . 2010-08-05 07:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-02-09 20:25 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-02-09 20:25 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-02-09 20:25 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-02-09 20:25 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-02-09 20:25 . 2011-02-09 20:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-09 15:33 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:33 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 15:33 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 15:33 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 15:33 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 15:57 . 2011-02-08 15:57 49152 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2011-02-06 14:41 . 2010-04-27 02:25 100352 ----a-w- c:\windows\system32\drivers\ssceserd.sys
2011-02-06 14:41 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\sscemdfl.sys
2011-02-06 14:41 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecmnt.sys
2011-02-06 14:41 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecm.sys
2011-02-06 14:41 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\sscemdm.sys
2011-02-06 14:40 . 2010-04-27 02:25 98560 ----a-w- c:\windows\system32\drivers\sscebus.sys
2011-02-06 14:40 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewhnt.sys
2011-02-06 14:40 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewh.sys
2011-02-06 09:44 . 2011-02-06 09:45 -------- d-----w- C:\rsit
2011-02-04 17:40 . 2011-01-04 15:11 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-02-04 17:40 . 2010-08-24 05:14 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-02-04 10:53 . 2011-02-04 10:53 -------- d-----w- C:\Temp
2011-02-03 14:58 . 2011-02-03 14:58 -------- d-----w- c:\program files\ZAV1
2011-01-31 18:29 . 2011-01-31 18:29 44544 ------w- c:\windows\AWuninstall.exe
2011-01-31 18:29 . 2011-01-31 18:29 -------- d-----w- c:\program files\Lokas
2011-01-31 15:45 . 2011-02-20 09:21 -------- d-----w- c:\users\AGENT\AppData\Roaming\vlc
2011-01-30 13:39 . 2011-01-30 13:44 -------- d-----w- c:\programdata\Studio14Trial
2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\users\AGENT\AppData\Roaming\VistaCodecs
2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\program files\VistaCodecPack
2011-01-28 14:58 . 2011-01-28 14:59 -------- d-----w- c:\programdata\VistaCodecs
2011-01-28 13:35 . 2011-01-28 13:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-28 09:40 . 2011-01-28 09:45 -------- d-----w- c:\program files\Scorpions WinCheater
2011-01-28 07:36 . 2011-01-28 07:49 -------- d-----w- C:\Fraps
2011-01-27 17:53 . 2011-01-27 17:53 -------- d-----w- c:\users\AGENT\AppData\Roaming\Silver Style Entertainment
2011-01-27 16:04 . 2011-01-27 16:04 -------- d-----w- c:\users\AGENT\AppData\Roaming\Solveig Multimedia
2011-01-27 16:02 . 2011-02-01 14:17 -------- d-----w- c:\program files\HyperCam 3
2011-01-26 17:42 . 2011-02-06 18:42 -------- d-----w- c:\users\AGENT\AppData\Local\Samsung
2011-01-26 17:39 . 2011-01-04 15:11 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-23 08:58 . 2011-02-11 19:45 -------- d-----w- c:\program files\Xvid
2011-01-23 08:35 . 2011-01-23 08:35 -------- d-----w- c:\program files\uTorrent
2011-01-23 08:23 . 2011-02-20 12:20 -------- d-----w- c:\users\AGENT\AppData\Roaming\uTorrent
2011-01-22 19:22 . 2011-01-22 19:22 -------- d-----w- c:\users\AGENT\AppData\Roaming\NVIDIA
2011-01-22 19:22 . 2011-01-22 19:22 -------- d-----w- c:\programdata\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-10-21 17:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-04 15:10 . 2011-01-04 15:10 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-04 15:10 . 2011-01-04 15:10 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-04 15:10 . 2011-01-04 15:10 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-04 15:10 . 2011-01-04 15:10 143360 ----a-w- c:\windows\system32\3DAudio.ax
2010-12-31 11:07 . 2010-10-23 15:14 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-31 11:07 . 2010-10-23 15:14 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-29 00:23 . 2010-12-29 00:23 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-29 00:19 . 2010-12-29 00:19 45056 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-28 15:55 . 2011-01-12 18:15 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 18:38 . 2010-12-22 18:38 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-12-14 16:22 . 2010-12-14 16:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-12-14 16:22 . 2010-12-14 16:22 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-12-14 16:22 . 2010-12-14 16:22 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-12-14 16:22 . 2010-12-14 16:22 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-12-14 14:49 . 2011-01-12 18:15 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-13 19:40 . 2010-09-13 17:10 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-12-13 19:39 . 2010-12-13 19:39 9728 ----a-w- c:\windows\system32\yk60x86ver.dll
2010-12-13 19:34 . 2010-12-13 19:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-13 07:40 . 2010-12-22 18:32 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-13 07:40 . 2010-12-22 18:32 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-12 10:37 . 2010-10-24 11:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 10:37 . 2010-12-12 10:37 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-12 10:37 . 2010-10-24 11:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-07 11:16 . 2010-12-07 11:16 51200 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-03 12:36 . 2010-12-03 12:36 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-03 12:36 . 2010-12-03 12:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-27 17:31 . 2010-11-27 17:31 2146304 ----a-w- c:\windows\system32\python31.dll
2010-11-23 17:33 . 2010-12-13 19:34 263464 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-23 396152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-14 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-12-22 2216960]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

c:\users\AGENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3682851183-281139013-3763937716-1000]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-05-14 4305920]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-10-25 13224]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-17 691696]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-22 142592]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-08-24 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-27 24880]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-09 632792]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-08-24 18120]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-08-24 36640]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-10-25 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 14:32]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 14:32]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000Core.job
- c:\users\AGENT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 18:03]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000UA.job
- c:\users\AGENT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 18:03]

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 11:21]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 11:21]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{33671CF6-AFDA-4B20-A15A-D3D08EB306B5}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{82592917-91C2-4250-B0E1-46C1B5F6CB96}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\users\AGENT\AppData\Roaming\Mozilla\Firefox\Profiles\o0xn05wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 13:21
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\AGENT\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\AGENT\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6235953E-1C33-6AB1-16A8-FAD749FD27E5}*]
"jakpmcfmohpjnbcbhlmf"=hex:62,61,66,6f,00,00
"iakoacnjhldbjplgib"=hex:6b,61,6e,6e,65,62,6b,6e,65,6f,65,63,63,6c,6f,63,67,6f,
6d,70,6b,66,00,04
"hagaaflcpbbhndee"=hex:6c,62,67,70,62,6a,66,6f,6f,70,61,66,6a,67,68,61,62,61,
6b,66,69,63,62,66,70,64,68,65,62,6f,6d,6c,63,70,70,69,61,6d,65,6c,6a,65,6e,\
"jahaloepmgfmfcdnhaal"=hex:64,62,65,6f,63,63,6e,61,67,65,62,6e,68,67,6a,68,6e,
6f,67,6e,70,64,6e,6d,6a,6b,68,63,69,61,6b,6e,65,62,62,6d,65,64,66,66,00,65
"jakpmcfmohpjnbcbhlag"=hex:62,61,67,6f,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2420)
c:\program files\Xfire\xfire_toucan_43094.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-02-20 13:25:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-20 12:25
ComboFix2.txt 2011-02-20 11:31

Před spuštěním: Volných bajtů: 61 612 642 304
Po spuštění: Volných bajtů: 58 108 071 936

- - End Of File - - F2921C3A540A84B1C70BF0679D0BB15B
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#8 Příspěvek od Rudy »

Ještě jednou spusťte CF tímto skriptem:
Regnull::
[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6235953E-1C33-6AB1-16A8-FAD749FD27E5}*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#9 Příspěvek od ΛGΣNГ »

Tady je log:
________________________________________________________________________________
ComboFix 11-02-20.01 - AGENT 20.02.2011 20:15:15.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.3035.2440 [GMT 1:00]
Spuštěný z: c:\users\AGENT\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AGENT\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 19:21 . 2011-02-20 19:21 -------- d-----w- c:\users\AGENT\AppData\Local\temp
2011-02-20 19:21 . 2011-02-20 19:21 -------- d-----w- c:\users\Tony\AppData\Local\temp
2011-02-20 19:21 . 2011-02-20 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-20 19:21 . 2011-02-20 19:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-02-19 21:21 . 2011-02-19 21:24 -------- d-----w- c:\program files\Restorator 2007
2011-02-19 20:38 . 2011-02-19 20:38 -------- d-----w- c:\users\AGENT\AppData\Roaming\QIP
2011-02-19 20:37 . 2011-02-20 09:29 -------- d-----w- c:\program files\QIP Infium
2011-02-19 20:22 . 2011-02-20 09:21 -------- d-----w- c:\program files\ICQ Password Hasher
2011-02-18 13:38 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67F83DC1-A89E-4C38-B55E-1648CCCBF3FC}\mpengine.dll
2011-02-17 17:39 . 2011-02-17 17:44 873 ----a-w- c:\users\AGENT\1.vbs
2011-02-17 17:35 . 2011-02-18 14:26 -------- d-----w- c:\program files\Sony
2011-02-17 17:34 . 2011-02-17 17:34 -------- d-----w- c:\program files\Sony Setup
2011-02-17 06:57 . 2011-02-17 06:57 -------- d-----w- c:\program files\Common Files\Java
2011-02-12 16:39 . 2011-02-12 16:39 -------- d-----w- c:\users\AGENT\AppData\Local\Electronic Arts
2011-02-11 19:44 . 2011-02-11 19:45 -------- d-----w- c:\program files\AutoGK
2011-02-11 17:25 . 2011-02-11 17:26 -------- d-----w- c:\users\AGENT\AppData\Roaming\avidemux
2011-02-11 13:54 . 2011-02-11 13:54 -------- d-----w- c:\users\AGENT\.idlerc
2011-02-10 17:22 . 2011-02-10 17:35 -------- d-----w- c:\program files\Valve
2011-02-10 17:21 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-02-10 15:51 . 2011-02-10 15:53 -------- d-----w- C:\Python31
2011-02-09 21:11 . 2010-11-16 16:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-09 21:11 . 2010-11-16 16:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-09 21:11 . 2010-11-16 16:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-09 21:10 . 2011-02-09 21:11 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-09 21:10 . 2010-05-15 15:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-02-09 21:10 . 2011-02-09 21:10 -------- d-----w- c:\program files\Zone Labs
2011-02-09 20:31 . 2011-02-09 20:50 -------- d-----w- c:\users\AGENT\AppData\Roaming\Registry Mechanic
2011-02-09 20:25 . 2010-08-05 07:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-02-09 20:25 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-02-09 20:25 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-02-09 20:25 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-02-09 20:25 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-02-09 20:25 . 2011-02-09 20:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-09 15:33 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:33 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 15:33 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 15:33 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 15:33 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 15:57 . 2011-02-08 15:57 49152 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut6.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ProgramMenuShortcut8.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1_1.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\NewShortcut1.exe
2011-02-08 15:57 . 2011-02-08 15:57 45056 ----a-r- c:\users\AGENT\AppData\Roaming\Microsoft\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\ARPPRODUCTICON.exe
2011-02-06 14:41 . 2010-04-27 02:25 100352 ----a-w- c:\windows\system32\drivers\ssceserd.sys
2011-02-06 14:41 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\sscemdfl.sys
2011-02-06 14:41 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecmnt.sys
2011-02-06 14:41 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecm.sys
2011-02-06 14:41 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\sscemdm.sys
2011-02-06 14:40 . 2010-04-27 02:25 98560 ----a-w- c:\windows\system32\drivers\sscebus.sys
2011-02-06 14:40 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewhnt.sys
2011-02-06 14:40 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewh.sys
2011-02-06 09:44 . 2011-02-06 09:45 -------- d-----w- C:\rsit
2011-02-04 17:40 . 2011-01-04 15:11 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-02-04 17:40 . 2010-08-24 05:14 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-02-04 10:53 . 2011-02-04 10:53 -------- d-----w- C:\Temp
2011-02-03 14:58 . 2011-02-03 14:58 -------- d-----w- c:\program files\ZAV1
2011-01-31 18:29 . 2011-01-31 18:29 44544 ------w- c:\windows\AWuninstall.exe
2011-01-31 18:29 . 2011-01-31 18:29 -------- d-----w- c:\program files\Lokas
2011-01-31 15:45 . 2011-02-20 09:21 -------- d-----w- c:\users\AGENT\AppData\Roaming\vlc
2011-01-30 13:39 . 2011-01-30 13:44 -------- d-----w- c:\programdata\Studio14Trial
2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\users\AGENT\AppData\Roaming\VistaCodecs
2011-01-28 14:59 . 2011-01-28 14:59 -------- d-----w- c:\program files\VistaCodecPack
2011-01-28 14:58 . 2011-01-28 14:59 -------- d-----w- c:\programdata\VistaCodecs
2011-01-28 13:35 . 2011-01-28 13:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-28 09:40 . 2011-01-28 09:45 -------- d-----w- c:\program files\Scorpions WinCheater
2011-01-28 07:36 . 2011-01-28 07:49 -------- d-----w- C:\Fraps
2011-01-27 17:53 . 2011-01-27 17:53 -------- d-----w- c:\users\AGENT\AppData\Roaming\Silver Style Entertainment
2011-01-27 16:04 . 2011-01-27 16:04 -------- d-----w- c:\users\AGENT\AppData\Roaming\Solveig Multimedia
2011-01-27 16:02 . 2011-02-01 14:17 -------- d-----w- c:\program files\HyperCam 3
2011-01-26 17:42 . 2011-02-06 18:42 -------- d-----w- c:\users\AGENT\AppData\Local\Samsung
2011-01-26 17:39 . 2011-01-04 15:11 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-23 08:58 . 2011-02-11 19:45 -------- d-----w- c:\program files\Xvid
2011-01-23 08:35 . 2011-01-23 08:35 -------- d-----w- c:\program files\uTorrent
2011-01-23 08:23 . 2011-02-20 19:08 -------- d-----w- c:\users\AGENT\AppData\Roaming\uTorrent
2011-01-22 19:22 . 2011-01-22 19:22 -------- d-----w- c:\users\AGENT\AppData\Roaming\NVIDIA
2011-01-22 19:22 . 2011-01-22 19:22 -------- d-----w- c:\programdata\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-10-21 17:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-04 15:10 . 2011-01-04 15:10 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-04 15:10 . 2011-01-04 15:10 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-04 15:10 . 2011-01-04 15:10 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-04 15:10 . 2011-01-04 15:10 143360 ----a-w- c:\windows\system32\3DAudio.ax
2010-12-31 11:07 . 2010-10-23 15:14 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-31 11:07 . 2010-10-23 15:14 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-29 00:23 . 2010-12-29 00:23 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-29 00:19 . 2010-12-29 00:19 45056 ----a-w- c:\windows\system32\ff_acm.acm
2010-12-28 15:55 . 2011-01-12 18:15 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 18:38 . 2010-12-22 18:38 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-12-14 16:22 . 2010-12-14 16:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-12-14 16:22 . 2010-12-14 16:22 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-12-14 16:22 . 2010-12-14 16:22 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-12-14 16:22 . 2010-12-14 16:22 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-12-14 14:49 . 2011-01-12 18:15 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-13 19:40 . 2010-09-13 17:10 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-12-13 19:39 . 2010-12-13 19:39 9728 ----a-w- c:\windows\system32\yk60x86ver.dll
2010-12-13 19:34 . 2010-12-13 19:34 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-13 07:40 . 2010-12-22 18:32 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-13 07:40 . 2010-12-22 18:32 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-12 10:37 . 2010-10-24 11:01 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 10:37 . 2010-12-12 10:37 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-12 10:37 . 2010-10-24 11:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-07 11:16 . 2010-12-07 11:16 51200 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-03 12:36 . 2010-12-03 12:36 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-03 12:36 . 2010-12-03 12:36 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-27 17:31 . 2010-11-27 17:31 2146304 ----a-w- c:\windows\system32\python31.dll
2010-11-23 17:33 . 2010-12-13 19:34 263464 ----a-w- c:\windows\system32\drivers\RtHDMIV.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-23 396152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Infium"="c:\program files\QIP Infium\infium.exe" [2011-02-03 6010240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-14 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-12-22 2216960]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\AGENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3682851183-281139013-3763937716-1000]
"EnableNotificationsRef"=dword:00000003

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-17 691696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-22 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-08-24 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-27 24880]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-09 632792]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-05-14 4305920]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-08-24 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-08-24 36640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-10-25 13224]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-10-25 27632]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 14:32]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 14:32]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000Core.job
- c:\users\AGENT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 18:03]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1000UA.job
- c:\users\AGENT\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 18:03]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 11:21]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682851183-281139013-3763937716-1002UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 11:21]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{33671CF6-AFDA-4B20-A15A-D3D08EB306B5}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{82592917-91C2-4250-B0E1-46C1B5F6CB96}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\AGENT\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\users\AGENT\AppData\Roaming\Mozilla\Firefox\Profiles\o0xn05wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 20:21
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\AGENT\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\AGENT\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-3682851183-281139013-3763937716-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6235953E-1C33-6AB1-16A8-FAD749FD27E5}*]
"jakpmcfmohpjnbcbhlmf"=hex:62,61,66,6f,00,00
"iakoacnjhldbjplgib"=hex:6b,61,6e,6e,65,62,6b,6e,65,6f,65,63,63,6c,6f,63,67,6f,
6d,70,6b,66,00,04
"hagaaflcpbbhndee"=hex:6c,62,67,70,62,6a,66,6f,6f,70,61,66,6a,67,68,61,62,61,
6b,66,69,63,62,66,70,64,68,65,62,6f,6d,6c,63,70,70,69,61,6d,65,6c,6a,65,6e,\
"jahaloepmgfmfcdnhaal"=hex:64,62,65,6f,63,63,6e,61,67,65,62,6e,68,67,6a,68,6e,
6f,67,6e,70,64,6e,6d,6a,6b,68,63,69,61,6b,6e,65,62,62,6d,65,64,66,66,00,65
"jakpmcfmohpjnbcbhlag"=hex:62,61,67,6f,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-02-20 20:23:16
ComboFix-quarantined-files.txt 2011-02-20 19:23
ComboFix2.txt 2011-02-20 12:25
ComboFix3.txt 2011-02-20 11:31

Před spuštěním: Volných bajtů: 61 026 594 816
Po spuštění: Volných bajtů: 60 907 450 368

- - End Of File - - 71E127BBB8D8277973C5638AF654E7DF
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#10 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#11 Příspěvek od ΛGΣNГ »

No, rozhodně se zrychlil start a vypnutí systému, a nějak lépe reaguje centrum zabezpečení ( předtím mu trvalo déle než poznal že AV je vyplý/zaplý) :). Akorát mi přestal fungovat touchpad ( přeinstaluji drivery ). Nevíte náhodou co by mohlo být za tím, že se OTL a OTM nespustí ?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#12 Příspěvek od Rudy »

No, někdy se mohou s něčím prát. Možná by se spustily v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#13 Příspěvek od ΛGΣNГ »

Tak ovladace nakonec uspesne preinstalovany... Instalacka od HP mi porad psala ze je jiz nainstalovana novejsi verze ( pritom se PC tvaril jako by tam ty drivery vubec nebyly :D ), tak jsem nakonec stahl instalacku primo od vyrobce touchpadu, a uz to slo. OTL a OTM nefungují ani v nouzovém režimu...
Nahoru
ΛGΣNГ
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 383
Registrován: 14 zář 2009 16:45
Bydliště: Rokytnice nad Jizerou (ČR)

Re: Prosím kontrolu logu

#14 Příspěvek od ΛGΣNГ »

Mám dát nějaký další log ?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119320
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím kontrolu logu

#15 Příspěvek od Rudy »

OTL a OTM jsou kontrolní a mazací utility. Proč nejdou spustit, vám neřeknu, možné tam něco vadí. CF smazal či opravil zřejmě nějaké registry (což nevypisuje). Jinak virus tam žádný nevidím. Podstatné je, zda systém a aplikace korektně fungují, či nikoli.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Sekce pouze pro Vzorné návštěvníky“