Dobrý den,
žádám vás, jestli byste mi nemohli zkontrolovat log děkuji:
log z rsit:
Logfile of random's system information tool 1.08 (written by random/random)
Run by matmik at 2011-05-31 13:43:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (27%) free of 20 GB
Total RAM: 3070 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:43:33, on 31.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WgaTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\lexicon.exe
C:\Documents and Settings\matmik\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\audio svms\RSIT.exe
C:\Program Files\trend micro\matmik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{CFD ... 524E4542A7}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [PC Auto Shutdown] "D:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [BitTorrent] "D:\Documents and Settings\matmik\Plocha\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Game Fire] C:\Program Files\Smart PC Utilities\Game Fire\GFTray.exe /START
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: {2EB1BFFC-297B-46A2-8F0D-AD9CDA4EE1D4} (hhkhlt) - Unknown owner - C:\Program Files\ophcrack\pwdump\servpw.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - D:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11567 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\UpdateCheck.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyAs.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-23 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-11-23 919408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-11 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyAs.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"PC Auto Shutdown"=D:\Program Files\PC Auto Shutdown\AutoShutdown.exe [2010-12-01 1387520]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]
"tsnp325"=C:\WINDOWS\tsnp325.exe [2006-10-10 270336]
"snp325"=C:\WINDOWS\vsnp325.exe [2006-10-10 827392]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-12-30 19972712]
"BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 98304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=D:\Documents and Settings\matmik\Plocha\bittorrent.exe [2007-09-08 43008]
"uTorrent"=D:\Program Files\uTorrent\uTorrent.exe [2011-04-08 399736]
"Game Fire"=C:\Program Files\Smart PC Utilities\Game Fire\GFTray.exe [2011-03-08 46592]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-16 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2010-12-30 19972712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
D:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2010-03-30 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^BluetoothPCDialer.lnk]
D:\PROGRA~1\BLUETO~1\BLUETO~1.EXE [2005-11-29 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-09-11 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
D:\PROGRA~1\Xfire\xfire.exe [2011-02-26 3502992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
D:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-20 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 312112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Documents and Settings\matmik\Plocha\bittorrent.exe"="D:\Documents and Settings\matmik\Plocha\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program Files\Steam\steamapps\common\dracula origin demo\demo.exe"="D:\Program Files\Steam\steamapps\common\dracula origin demo\demo.exe:*:Enabled:Dracula: Origin Demo"
"D:\Program Files\Steam\steamapps\common\football manager 2010 demo\fm.exe"="D:\Program Files\Steam\steamapps\common\football manager 2010 demo\fm.exe:*:Enabled:Football Manager 2010 Demo"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Team JPN\SpiderMan Web of Shadows\image\pc\Spider-Man Web of Shadows.exe"="D:\Program Files\Team JPN\SpiderMan Web of Shadows\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man(R) - Web of Shadows(TM) "
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"D:\Program Files\Steam\steamapps\common\dragon age orgins character creator\DAOriginsLauncher.exe"="D:\Program Files\Steam\steamapps\common\dragon age orgins character creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins Character Creator"
"D:\Program Files\Steam\steamapps\common\dragon age orgins character creator\Support\EA Help\Electronic_Arts_Technical_Support.htm"="D:\Program Files\Steam\steamapps\common\dragon age orgins character creator\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins Character Creator"
"D:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe"="D:\Program Files\Steam\steamapps\common\zero gear\Server\ZeroGearServer.exe:*:Enabled:ZeroGearServer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Program Files\Valve\csstrike\hl.exe"="D:\Program Files\Valve\csstrike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"D:\Documents and Settings\matmik\Dokumenty\Downloads\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Documents and Settings\matmik\Dokumenty\Downloads\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"D:\Program Files\Xfire\xfire.exe"="D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat"="D:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"
"D:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe"="D:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator"
"D:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe"="D:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator"
"D:\Program Files\Steam\steamapps\common\aliens vs predator\AvP.exe"="D:\Program Files\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator"
"D:\Program Files\Steam\steamapps\common\aliens vs predator dedicated server\AvP_CLI.exe"="D:\Program Files\Steam\steamapps\common\aliens vs predator dedicated server\AvP_CLI.exe:*:Enabled:Aliens vs Predator Dedicated Server"
"D:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe"="D:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="D:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-05-16 16:12:59 ----D---- C:\Program Files\Common Files\ODBC
2011-05-16 16:06:08 ----D---- C:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-05-14 11:53:43 ----D---- C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-05-14 11:46:26 ----D---- C:\Program Files\Common Files\BioWare
2011-05-14 07:04:20 ----A---- C:\WINDOWS\SWTFU_1_2_Patch_Log.txt
2011-05-11 20:16:16 ----D---- C:\Program Files\MyAshampoo
2011-05-11 20:16:04 ----A---- C:\WINDOWS\system32\DfSdkBt.exe
2011-05-11 20:15:57 ----D---- C:\Program Files\Ashampoo
2011-05-11 16:55:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-05-11 16:52:23 ----D---- C:\Program Files\AMD APP
======List of files/folders modified in the last 1 months======
2011-05-31 13:43:33 ----D---- C:\Program Files\trend micro
2011-05-31 13:43:30 ----AD---- C:\WINDOWS
2011-05-31 13:43:26 ----D---- C:\WINDOWS\Debug
2011-05-31 13:43:19 ----D---- C:\WINDOWS\Prefetch
2011-05-31 13:32:38 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-05-31 13:20:21 ----D---- C:\Documents and Settings\matmik\Data aplikací\Vso
2011-05-31 13:20:02 ----D---- C:\WINDOWS\Temp
2011-05-31 06:24:54 ----D---- C:\Documents and Settings\matmik\Data aplikací\uTorrent
2011-05-31 06:22:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-30 14:56:38 ----D---- C:\WINDOWS\system32\config
2011-05-28 18:50:18 ----D---- C:\WINDOWS\Fonts
2011-05-28 11:32:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-20 06:25:55 ----D---- C:\WINDOWS\system32
2011-05-16 16:13:51 ----SHD---- C:\WINDOWS\Installer
2011-05-16 16:13:51 ----AC---- C:\WINDOWS\ODBC.INI
2011-05-16 16:13:21 ----A---- C:\WINDOWS\win.ini
2011-05-16 16:12:59 ----D---- C:\Program Files\Common Files
2011-05-16 16:12:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-05-16 16:06:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-05-16 16:04:42 ----D---- C:\WINDOWS\system32\DirectX
2011-05-16 16:04:42 ----D---- C:\WINDOWS\inf
2011-05-16 07:05:58 ----D---- C:\Documents and Settings\matmik\Data aplikací\Adobe
2011-05-16 07:05:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-05-15 11:18:26 ----D---- C:\Documents and Settings\matmik\Data aplikací\kikin
2011-05-15 10:24:09 ----D---- C:\Program Files\kikin
2011-05-14 16:16:36 ----D---- C:\Documents and Settings\matmik\Data aplikací\ICQ
2011-05-14 11:51:58 ----RSD---- C:\WINDOWS\assembly
2011-05-14 10:52:24 ----D---- C:\Program Files
2011-05-14 10:06:46 ----A---- C:\cmdlog.txt
2011-05-14 09:57:10 ----D---- C:\WINDOWS\WinSxS
2011-05-13 21:30:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-05-13 21:29:49 ----DC---- C:\WINDOWS\system32\dllcache
2011-05-13 21:29:44 ----D---- C:\WINDOWS\system32\drivers
2011-05-11 20:17:23 ----D---- C:\WINDOWS\Internet Logs
2011-05-11 20:16:20 ----D---- C:\Program Files\ConduitEngine
2011-05-11 16:50:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-05-10 16:26:37 ----D---- C:\Documents and Settings\matmik\Data aplikací\Skype
2011-05-10 16:05:27 ----D---- C:\Documents and Settings\matmik\Data aplikací\skypePM
2011-05-10 14:10:55 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-05-09 17:04:55 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-06 06:26:55 ----D---- C:\Program Files\Image-Line
2011-05-04 06:29:50 ----D---- C:\WINDOWS\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\D:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-04-20 6537728]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-11-18 95232]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-12-30 6290024]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-13 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CFcatchme;CFcatchme; \??\C:\DOCUME~1\matmik\LOCALS~1\Temp\CFcatchme.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\matmik\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\D:\Program Files\MediaCoder\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; C:\WINDOWS\system32\drivers\GMSIPCI.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-02-07 17480]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NMSAccessU;NMSAccessU; D:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service; D:\Program Files\PC Auto Shutdown\ShutdownService.exe [2010-04-19 441624]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-10 75064]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-05-02 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-15 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-04-19 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-25 182768]
S3 hhkhlt;{2EB1BFFC-297B-46A2-8F0D-AD9CDA4EE1D4}; C:\Program Files\ophcrack\pwdump\servpw.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\wmpnetwk.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kontrola logu
Zdravím, tohle fixni v HJT :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{CFD ... 524E4542A7}
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\matmik.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Software Updater (gusvc)
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{CFD ... 524E4542A7}
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyAs.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\matmik.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Služba Google Update (gupdate)
Služba Google Update (gupdatem)
Google Software Updater (gusvc)
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6730
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
2.6.2011 6:35:22
mbam-log-2011-06-02 (06-35-10).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 323510
Uplynulý čas: 15 hodin, 14 minut, 48 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\program files\electronic arts\battlefield bad company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> No action taken.
d:\documents and settings\matmik\Plocha\sony vegas movie studio 9 [www.divxatope.com]\activador\activator.exe (PUP.Hacktool.Patcher) -> No action taken.
www.malwarebytes.org
Verze databáze: 6730
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
2.6.2011 6:35:22
mbam-log-2011-06-02 (06-35-10).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 323510
Uplynulý čas: 15 hodin, 14 minut, 48 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\program files\electronic arts\battlefield bad company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> No action taken.
d:\documents and settings\matmik\Plocha\sony vegas movie studio 9 [www.divxatope.com]\activador\activator.exe (PUP.Hacktool.Patcher) -> No action taken.
Re: kontrola logu
Vše co Mbam našel nech smazat.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
ComboFix 11-06-01.07 - matmik 02.06.2011 15:01:55.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2263 [GMT 2:00]
Spuštěný z: d:\audio svms\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
/wow section - STAGE 10
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mich.Mik\Data aplikací\PriceGong
c:\documents and settings\Mich.Mik\Data aplikací\PriceGong\Data\mru.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-02 do 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-05-16 14:06 . 2011-05-16 14:06 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-05-15 07:10 . 2011-05-25 15:43 -------- d-----w- c:\documents and settings\Mich.Mik\Local Settings\Data aplikací\MyAshampoo
2011-05-14 09:53 . 2011-05-14 09:53 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-05-14 09:46 . 2011-05-16 14:17 -------- d-----w- c:\program files\Common Files\BioWare
2011-05-11 18:16 . 2011-05-15 09:18 -------- d-----w- c:\documents and settings\matmik\Local Settings\Data aplikací\MyAshampoo
2011-05-11 18:16 . 2011-05-31 12:17 -------- d-----w- c:\program files\MyAshampoo
2011-05-11 18:16 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-05-11 18:15 . 2011-05-11 18:15 -------- d-----w- c:\program files\Ashampoo
2011-05-11 14:55 . 2011-05-11 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-05-11 14:52 . 2011-05-11 14:52 -------- d-----w- c:\program files\AMD APP
2011-05-05 16:17 . 2011-05-05 16:17 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4
2011-05-05 16:17 . 2011-05-15 07:10 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\kikin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-10-20 13:01 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-20 13:01 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-07 17:28 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-10-20 13:07 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-20 13:07 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-10-20 13:07 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-10-20 13:07 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-10-20 13:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-20 13:07 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-10-20 13:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-20 02:41 . 2007-03-15 01:57 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2008-02-06 17:06 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-02-11 04:23 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-02-11 04:22 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-02-11 04:21 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2007-03-15 01:19 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2008-02-06 17:06 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 01:55 . 2011-02-16 10:58 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:44 . 2007-03-15 01:50 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2007-03-15 01:50 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:41 . 2007-03-15 01:47 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-24 18:39 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:33 . 2007-03-15 01:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:27 . 2010-02-11 03:59 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:27 . 2009-11-24 13:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:26 . 2007-03-15 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-18 18:24 . 2011-04-18 18:24 1409 -c--a-w- c:\windows\QTFont.for
2011-03-29 12:56 . 2009-03-15 16:08 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-29 12:56 . 2010-05-04 14:56 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-29 12:56 . 2009-03-15 16:08 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe
2011-03-10 05:51 . 2010-05-03 13:47 138056 -c--a-w- c:\documents and settings\matmik\Data aplikací\PnkBstrK.sys
2011-03-10 05:50 . 2010-05-03 13:47 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2011-03-10 05:50 . 2009-03-15 16:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 05:00 . 2010-02-11 04:37 491520 ------w- c:\windows\system32\atiok3x2.dll
2011-03-09 04:47 . 2007-03-15 01:57 302080 ------w- c:\windows\system32\ati2dvag.dll
2011-03-09 04:46 . 2007-03-15 01:40 4148544 ------w- c:\windows\system32\ati3duag.dll
2011-03-09 04:32 . 2007-03-15 01:29 2681600 ------w- c:\windows\system32\ativvaxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 212992 ------w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 43520 ------w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:29 . 2007-03-15 01:49 188416 ------w- c:\windows\system32\ati2evxx.dll
2011-03-09 04:27 . 2007-03-15 01:48 643072 ------w- c:\windows\system32\ati2evxx.exe
2011-03-09 04:22 . 2007-03-15 01:16 651264 ------w- c:\windows\system32\atikvmag.dll
2011-03-09 04:21 . 2010-02-11 03:54 200704 ------w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:16 . 2007-03-15 01:10 851968 ------w- c:\windows\system32\ati2cqag.dll
2011-03-07 05:33 . 2008-01-26 14:19 692736 -c--a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="d:\documents and settings\matmik\Plocha\bittorrent.exe" [2007-09-07 43008]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2011-04-08 399736]
"Game Fire"="c:\program files\Smart PC Utilities\Game Fire\GFTray.exe" [2011-03-08 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PC Auto Shutdown"="d:\program files\PC Auto Shutdown\AutoShutdown.exe" [2010-12-01 1387520]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 13:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^BluetoothPCDialer.lnk]
backup=c:\windows\pss\BluetoothPCDialer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\matmik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-12-30 13:17 19972712 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\matmik\\Plocha\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dracula origin demo\\demo.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\football manager 2010 demo\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Team JPN\\SpiderMan Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\Server\\ZeroGearServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Valve\\csstrike\\hl.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator dedicated server\\AvP_CLI.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [28.5.2008 10:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [28.5.2008 10:13 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.3.2011 19:28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 15:07 307928]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2.5.2010 10:12 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 15:07 19544]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;d:\program files\PC Auto Shutdown\ShutdownService.exe [10.1.2011 7:51 441624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.5.2010 10:27 1691480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys [?]
S3 hhkhlt;{2EB1BFFC-297B-46A2-8F0D-AD9CDA4EE1D4};c:\program files\ophcrack\pwdump\servpw.exe --> c:\program files\ophcrack\pwdump\servpw.exe [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [20.1.2011 19:27 10251904]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-04-18 c:\windows\Tasks\UpdateCheck.job
- c:\program files\Smart PC Utilities\Game Fire\UpdateCheck.exe [2011-03-08 13:40]
.
2011-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-14 20:18]
.
.
------- Doplňkový sken -------
.
uLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{CFDC5331-B ... 524E4542A7}
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\matmik\Data aplikací\Mozilla\Firefox\Profiles\iciim6xk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 15:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hpqSRMon = c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,0f,8c,a9,08,b0,de,8d,38,f3,ff,29,76,d6,7f,58,27,8e,71,e0,ac,72,81,
d1,9b,16,1b,79,d8,aa,7a,33,a8,21,ff,8f,89,2b,c6,85,bf,d6,80,ae,26,18,b4,56,\
"??"=hex:92,b0,92,2a,dc,c2,cb,71,6f,15,f8,be,4d,6c,5a,9d
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:52,62,b3,ab,cc,ac,fd,e8,61,31,41,24,3f,45,63,6e,8f,ca,bc,8e,0e,
f0,8d,a5,72,90,61,aa,33,ec,80,cd,86,27,b1,da,bd,52,88,b6,30,72,b8,b6,fd,d5,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2011-06-02 15:13:03
ComboFix-quarantined-files.txt 2011-06-02 13:12
.
Před spuštěním: 5 624 602 624
Po spuštění: 7 796 498 432
.
- - End Of File - - 38AA2844ECC0FDF545F7F1388F8A4DE4
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2263 [GMT 2:00]
Spuštěný z: d:\audio svms\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
/wow section - STAGE 10
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mich.Mik\Data aplikací\PriceGong
c:\documents and settings\Mich.Mik\Data aplikací\PriceGong\Data\mru.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-02 do 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-05-16 14:06 . 2011-05-16 14:06 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-05-15 07:10 . 2011-05-25 15:43 -------- d-----w- c:\documents and settings\Mich.Mik\Local Settings\Data aplikací\MyAshampoo
2011-05-14 09:53 . 2011-05-14 09:53 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-05-14 09:46 . 2011-05-16 14:17 -------- d-----w- c:\program files\Common Files\BioWare
2011-05-11 18:16 . 2011-05-15 09:18 -------- d-----w- c:\documents and settings\matmik\Local Settings\Data aplikací\MyAshampoo
2011-05-11 18:16 . 2011-05-31 12:17 -------- d-----w- c:\program files\MyAshampoo
2011-05-11 18:16 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-05-11 18:15 . 2011-05-11 18:15 -------- d-----w- c:\program files\Ashampoo
2011-05-11 14:55 . 2011-05-11 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-05-11 14:52 . 2011-05-11 14:52 -------- d-----w- c:\program files\AMD APP
2011-05-05 16:17 . 2011-05-05 16:17 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4
2011-05-05 16:17 . 2011-05-15 07:10 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\kikin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-10-20 13:01 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-20 13:01 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-07 17:28 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-10-20 13:07 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-20 13:07 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-10-20 13:07 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-10-20 13:07 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-10-20 13:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-20 13:07 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-10-20 13:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-20 02:41 . 2007-03-15 01:57 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2008-02-06 17:06 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-02-11 04:23 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-02-11 04:22 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-02-11 04:21 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2007-03-15 01:19 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2008-02-06 17:06 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 01:55 . 2011-02-16 10:58 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:44 . 2007-03-15 01:50 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2007-03-15 01:50 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:41 . 2007-03-15 01:47 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-24 18:39 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:33 . 2007-03-15 01:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:27 . 2010-02-11 03:59 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:27 . 2009-11-24 13:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:26 . 2007-03-15 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-18 18:24 . 2011-04-18 18:24 1409 -c--a-w- c:\windows\QTFont.for
2011-03-29 12:56 . 2009-03-15 16:08 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-29 12:56 . 2010-05-04 14:56 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-29 12:56 . 2009-03-15 16:08 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe
2011-03-10 05:51 . 2010-05-03 13:47 138056 -c--a-w- c:\documents and settings\matmik\Data aplikací\PnkBstrK.sys
2011-03-10 05:50 . 2010-05-03 13:47 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2011-03-10 05:50 . 2009-03-15 16:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 05:00 . 2010-02-11 04:37 491520 ------w- c:\windows\system32\atiok3x2.dll
2011-03-09 04:47 . 2007-03-15 01:57 302080 ------w- c:\windows\system32\ati2dvag.dll
2011-03-09 04:46 . 2007-03-15 01:40 4148544 ------w- c:\windows\system32\ati3duag.dll
2011-03-09 04:32 . 2007-03-15 01:29 2681600 ------w- c:\windows\system32\ativvaxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 212992 ------w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 43520 ------w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:29 . 2007-03-15 01:49 188416 ------w- c:\windows\system32\ati2evxx.dll
2011-03-09 04:27 . 2007-03-15 01:48 643072 ------w- c:\windows\system32\ati2evxx.exe
2011-03-09 04:22 . 2007-03-15 01:16 651264 ------w- c:\windows\system32\atikvmag.dll
2011-03-09 04:21 . 2010-02-11 03:54 200704 ------w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:16 . 2007-03-15 01:10 851968 ------w- c:\windows\system32\ati2cqag.dll
2011-03-07 05:33 . 2008-01-26 14:19 692736 -c--a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="d:\documents and settings\matmik\Plocha\bittorrent.exe" [2007-09-07 43008]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2011-04-08 399736]
"Game Fire"="c:\program files\Smart PC Utilities\Game Fire\GFTray.exe" [2011-03-08 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PC Auto Shutdown"="d:\program files\PC Auto Shutdown\AutoShutdown.exe" [2010-12-01 1387520]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 13:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^BluetoothPCDialer.lnk]
backup=c:\windows\pss\BluetoothPCDialer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\matmik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-12-30 13:17 19972712 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\matmik\\Plocha\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dracula origin demo\\demo.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\football manager 2010 demo\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Team JPN\\SpiderMan Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\Server\\ZeroGearServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Valve\\csstrike\\hl.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator dedicated server\\AvP_CLI.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [28.5.2008 10:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [28.5.2008 10:13 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.3.2011 19:28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 15:07 307928]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2.5.2010 10:12 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 15:07 19544]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;d:\program files\PC Auto Shutdown\ShutdownService.exe [10.1.2011 7:51 441624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.5.2010 10:27 1691480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys [?]
S3 hhkhlt;{2EB1BFFC-297B-46A2-8F0D-AD9CDA4EE1D4};c:\program files\ophcrack\pwdump\servpw.exe --> c:\program files\ophcrack\pwdump\servpw.exe [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [20.1.2011 19:27 10251904]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-04-18 c:\windows\Tasks\UpdateCheck.job
- c:\program files\Smart PC Utilities\Game Fire\UpdateCheck.exe [2011-03-08 13:40]
.
2011-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-14 20:18]
.
.
------- Doplňkový sken -------
.
uLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{CFDC5331-B ... 524E4542A7}
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\matmik\Data aplikací\Mozilla\Firefox\Profiles\iciim6xk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 15:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hpqSRMon = c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,0f,8c,a9,08,b0,de,8d,38,f3,ff,29,76,d6,7f,58,27,8e,71,e0,ac,72,81,
d1,9b,16,1b,79,d8,aa,7a,33,a8,21,ff,8f,89,2b,c6,85,bf,d6,80,ae,26,18,b4,56,\
"??"=hex:92,b0,92,2a,dc,c2,cb,71,6f,15,f8,be,4d,6c,5a,9d
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:52,62,b3,ab,cc,ac,fd,e8,61,31,41,24,3f,45,63,6e,8f,ca,bc,8e,0e,
f0,8d,a5,72,90,61,aa,33,ec,80,cd,86,27,b1,da,bd,52,88,b6,30,72,b8,b6,fd,d5,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2011-06-02 15:13:03
ComboFix-quarantined-files.txt 2011-06-02 13:12
.
Před spuštěním: 5 624 602 624
Po spuštění: 7 796 498 432
.
- - End Of File - - 38AA2844ECC0FDF545F7F1388F8A4DE4
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
Já jen že jsem chtěl požádat o kontrolu, protože mi nešel facebook. Nešli mi přidávat komenty, statusy apod. Problém přetrvává. Ve škole mi to normal jde.
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
Ted mi facebook odepsal sám zprávu jedný kamarádce: připojit osobní vzkaz a to sem já nepsal. Štve mě to nemůžu nikomu nic psát apod.
Re: kontrola logu
Restrartuj do Nouzového režimu
Pokud jsi tak ještě neučinil, přesuň Combofix na Plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Pokud jsi tak ještě neučinil, přesuň Combofix na Plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
FireFox::
FF - ProfilePath - c:\documents and settings\matmik\Data aplikací\Mozilla\Firefox\Profiles\iciim6xk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
ComboFix 11-06-01.07 - matmik 04.06.2011 11:16:52.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2357 [GMT 2:00]
Spuštěný z: d:\audio svms\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\matmik\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP"
"c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-04 do 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-02 12:58 . 2011-06-02 12:58 -------- d--h--w- c:\documents and settings\matmik\Okolní tiskárny
2011-06-02 05:05 . 2011-06-02 05:05 0 ----a-w- c:\documents and settings\matmik\ntuser.tmp
2011-05-16 14:06 . 2011-05-16 14:06 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-05-15 07:10 . 2011-05-25 15:43 -------- d-----w- c:\documents and settings\Mich.Mik\Local Settings\Data aplikací\MyAshampoo
2011-05-14 09:53 . 2011-05-14 09:53 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-05-14 09:46 . 2011-05-16 14:17 -------- d-----w- c:\program files\Common Files\BioWare
2011-05-11 18:16 . 2011-05-15 09:18 -------- d-----w- c:\documents and settings\matmik\Local Settings\Data aplikací\MyAshampoo
2011-05-11 18:16 . 2011-05-31 12:17 -------- d-----w- c:\program files\MyAshampoo
2011-05-11 18:16 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-05-11 18:15 . 2011-05-11 18:15 -------- d-----w- c:\program files\Ashampoo
2011-05-11 14:55 . 2011-05-11 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-05-11 14:52 . 2011-05-11 14:52 -------- d-----w- c:\program files\AMD APP
2011-05-05 16:17 . 2011-05-05 16:17 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4
2011-05-05 16:17 . 2011-05-15 07:10 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\kikin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-10-20 13:01 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-20 13:01 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-07 17:28 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-10-20 13:07 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-20 13:07 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-10-20 13:07 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-10-20 13:07 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-10-20 13:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-20 13:07 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-10-20 13:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-20 02:41 . 2007-03-15 01:57 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2008-02-06 17:06 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-02-11 04:23 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-02-11 04:22 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-02-11 04:21 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2007-03-15 01:19 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2008-02-06 17:06 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 01:55 . 2011-02-16 10:58 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:44 . 2007-03-15 01:50 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2007-03-15 01:50 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:41 . 2007-03-15 01:47 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-24 18:39 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:33 . 2007-03-15 01:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:27 . 2010-02-11 03:59 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:27 . 2009-11-24 13:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:26 . 2007-03-15 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-18 18:24 . 2011-04-18 18:24 1409 -c--a-w- c:\windows\QTFont.for
2011-03-29 12:56 . 2009-03-15 16:08 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-29 12:56 . 2010-05-04 14:56 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-29 12:56 . 2009-03-15 16:08 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe
2011-03-10 05:51 . 2010-05-03 13:47 138056 -c--a-w- c:\documents and settings\matmik\Data aplikací\PnkBstrK.sys
2011-03-10 05:50 . 2010-05-03 13:47 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2011-03-10 05:50 . 2009-03-15 16:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 05:00 . 2010-02-11 04:37 491520 ------w- c:\windows\system32\atiok3x2.dll
2011-03-09 04:47 . 2007-03-15 01:57 302080 ------w- c:\windows\system32\ati2dvag.dll
2011-03-09 04:46 . 2007-03-15 01:40 4148544 ------w- c:\windows\system32\ati3duag.dll
2011-03-09 04:32 . 2007-03-15 01:29 2681600 ------w- c:\windows\system32\ativvaxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 212992 ------w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 43520 ------w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:29 . 2007-03-15 01:49 188416 ------w- c:\windows\system32\ati2evxx.dll
2011-03-09 04:27 . 2007-03-15 01:48 643072 ------w- c:\windows\system32\ati2evxx.exe
2011-03-09 04:22 . 2007-03-15 01:16 651264 ------w- c:\windows\system32\atikvmag.dll
2011-03-09 04:21 . 2010-02-11 03:54 200704 ------w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:16 . 2007-03-15 01:10 851968 ------w- c:\windows\system32\ati2cqag.dll
2011-03-07 05:33 . 2008-01-26 14:19 692736 -c--a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="d:\documents and settings\matmik\Plocha\bittorrent.exe" [2007-09-07 43008]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2011-04-08 399736]
"Game Fire"="c:\program files\Smart PC Utilities\Game Fire\GFTray.exe" [2011-03-08 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PC Auto Shutdown"="d:\program files\PC Auto Shutdown\AutoShutdown.exe" [2010-12-01 1387520]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 13:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^BluetoothPCDialer.lnk]
backup=c:\windows\pss\BluetoothPCDialer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\matmik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-12-30 13:17 19972712 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\matmik\\Plocha\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dracula origin demo\\demo.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\football manager 2010 demo\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Team JPN\\SpiderMan Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\Server\\ZeroGearServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Valve\\csstrike\\hl.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator dedicated server\\AvP_CLI.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [28.5.2008 10:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [28.5.2008 10:13 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.3.2011 19:28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 15:07 307928]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2.5.2010 10:12 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 15:07 19544]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;d:\program files\PC Auto Shutdown\ShutdownService.exe [10.1.2011 7:51 441624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.5.2010 10:27 1691480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys [?]
S3 hhkhlt;{2EB1BFFC-297B-46A2-8F0D-AD9CDA4EE1D4};c:\program files\ophcrack\pwdump\servpw.exe --> c:\program files\ophcrack\pwdump\servpw.exe [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [20.1.2011 19:27 10251904]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-04-18 c:\windows\Tasks\UpdateCheck.job
- c:\program files\Smart PC Utilities\Game Fire\UpdateCheck.exe [2011-03-08 13:40]
.
2011-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-14 20:18]
.
.
------- Doplňkový sken -------
.
uLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{CFDC5331-B ... 524E4542A7}
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\matmik\Data aplikací\Mozilla\Firefox\Profiles\iciim6xk.default\
FF - prefs.js: browser.startup.homepage - google.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hpqSRMon = c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,0f,8c,a9,08,b0,de,8d,38,f3,ff,29,76,d6,7f,58,27,8e,71,e0,ac,72,81,
d1,9b,16,1b,79,d8,aa,7a,33,a8,21,ff,8f,89,2b,c6,85,bf,d6,80,ae,26,18,b4,56,\
"??"=hex:92,b0,92,2a,dc,c2,cb,71,6f,15,f8,be,4d,6c,5a,9d
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:52,62,b3,ab,cc,ac,fd,e8,61,31,41,24,3f,45,63,6e,8f,ca,bc,8e,0e,
f0,8d,a5,72,90,61,aa,33,ec,80,cd,86,27,b1,da,bd,52,88,b6,30,72,b8,b6,fd,d5,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
- - - - - - - > 'winlogon.exe'(300)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'explorer.exe'(556)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-06-04 11:26:40
ComboFix-quarantined-files.txt 2011-06-04 09:26
ComboFix2.txt 2011-06-02 13:13
.
Před spuštěním: 7 889 285 120
Po spuštění: 7 874 625 536
.
- - End Of File - - 52CF0A36843951F9806D68F597682F01
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2357 [GMT 2:00]
Spuštěný z: d:\audio svms\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\matmik\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP"
"c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-04 do 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-02 12:58 . 2011-06-02 12:58 -------- d--h--w- c:\documents and settings\matmik\Okolní tiskárny
2011-06-02 05:05 . 2011-06-02 05:05 0 ----a-w- c:\documents and settings\matmik\ntuser.tmp
2011-05-16 14:06 . 2011-05-16 14:06 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2011-05-15 07:10 . 2011-05-25 15:43 -------- d-----w- c:\documents and settings\Mich.Mik\Local Settings\Data aplikací\MyAshampoo
2011-05-14 09:53 . 2011-05-14 09:53 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-05-14 09:46 . 2011-05-16 14:17 -------- d-----w- c:\program files\Common Files\BioWare
2011-05-11 18:16 . 2011-05-15 09:18 -------- d-----w- c:\documents and settings\matmik\Local Settings\Data aplikací\MyAshampoo
2011-05-11 18:16 . 2011-05-31 12:17 -------- d-----w- c:\program files\MyAshampoo
2011-05-11 18:16 . 2009-08-24 20:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-05-11 18:15 . 2011-05-11 18:15 -------- d-----w- c:\program files\Ashampoo
2011-05-11 14:55 . 2011-05-11 14:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-05-11 14:52 . 2011-05-11 14:52 -------- d-----w- c:\program files\AMD APP
2011-05-05 16:17 . 2011-05-05 16:17 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4
2011-05-05 16:17 . 2011-05-15 07:10 -------- d-----w- c:\documents and settings\Mich.Mik\Data aplikací\kikin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-10-20 13:01 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-10-20 13:01 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-07 17:28 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-10-20 13:07 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-10-20 13:07 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-10-20 13:07 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-10-20 13:07 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-10-20 13:07 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-10-20 13:07 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-10-20 13:07 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-20 02:41 . 2007-03-15 01:57 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2008-02-06 17:06 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-02-11 04:23 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-02-11 04:22 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-02-11 04:21 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2007-03-15 01:19 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2008-02-06 17:06 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 01:55 . 2011-02-16 10:58 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:44 . 2007-03-15 01:50 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2007-03-15 01:50 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:41 . 2007-03-15 01:47 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-12-24 18:39 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:33 . 2007-03-15 01:14 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:27 . 2010-02-11 03:59 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:27 . 2009-11-24 13:26 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:26 . 2007-03-15 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-18 18:24 . 2011-04-18 18:24 1409 -c--a-w- c:\windows\QTFont.for
2011-03-29 12:56 . 2009-03-15 16:08 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-29 12:56 . 2010-05-04 14:56 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-29 12:56 . 2009-03-15 16:08 215128 -c--a-w- c:\windows\system32\PnkBstrB.exe
2011-03-10 05:51 . 2010-05-03 13:47 138056 -c--a-w- c:\documents and settings\matmik\Data aplikací\PnkBstrK.sys
2011-03-10 05:50 . 2010-05-03 13:47 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2011-03-10 05:50 . 2009-03-15 16:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 05:00 . 2010-02-11 04:37 491520 ------w- c:\windows\system32\atiok3x2.dll
2011-03-09 04:47 . 2007-03-15 01:57 302080 ------w- c:\windows\system32\ati2dvag.dll
2011-03-09 04:46 . 2007-03-15 01:40 4148544 ------w- c:\windows\system32\ati3duag.dll
2011-03-09 04:32 . 2007-03-15 01:29 2681600 ------w- c:\windows\system32\ativvaxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 212992 ------w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:29 . 2007-03-15 01:50 43520 ------w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:29 . 2007-03-15 01:49 188416 ------w- c:\windows\system32\ati2evxx.dll
2011-03-09 04:27 . 2007-03-15 01:48 643072 ------w- c:\windows\system32\ati2evxx.exe
2011-03-09 04:22 . 2007-03-15 01:16 651264 ------w- c:\windows\system32\atikvmag.dll
2011-03-09 04:21 . 2010-02-11 03:54 200704 ------w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:16 . 2007-03-15 01:10 851968 ------w- c:\windows\system32\ati2cqag.dll
2011-03-07 05:33 . 2008-01-26 14:19 692736 -c--a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="d:\documents and settings\matmik\Plocha\bittorrent.exe" [2007-09-07 43008]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2011-04-08 399736]
"Game Fire"="c:\program files\Smart PC Utilities\Game Fire\GFTray.exe" [2011-03-08 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"PC Auto Shutdown"="d:\program files\PC Auto Shutdown\AutoShutdown.exe" [2010-12-01 1387520]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 13:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^BluetoothPCDialer.lnk]
backup=c:\windows\pss\BluetoothPCDialer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\matmik\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^matmik^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-12-30 13:17 19972712 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\matmik\\Plocha\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dracula origin demo\\demo.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\football manager 2010 demo\\fm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Team JPN\\SpiderMan Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\DAOriginsLauncher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\dragon age orgins character creator\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\Server\\ZeroGearServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Valve\\csstrike\\hl.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator dedicated server\\AvP_CLI.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [28.5.2008 10:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [28.5.2008 10:13 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7.3.2011 19:28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.10.2010 15:07 307928]
R1 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2.5.2010 10:12 19064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2010 15:07 19544]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;d:\program files\PC Auto Shutdown\ShutdownService.exe [10.1.2011 7:51 441624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.5.2010 10:27 1691480]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\matmik\LOCALS~1\Temp\CFcatchme.sys [?]
S3 hhkhlt;{2EB1BFFC-297B-46A2-8F0D-AD9CDA4EE1D4};c:\program files\ophcrack\pwdump\servpw.exe --> c:\program files\ophcrack\pwdump\servpw.exe [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [20.1.2011 19:27 10251904]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.3.2010 17:27 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 15:27]
.
2011-04-18 c:\windows\Tasks\UpdateCheck.job
- c:\program files\Smart PC Utilities\Game Fire\UpdateCheck.exe [2011-03-08 13:40]
.
2011-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-09-14 20:18]
.
.
------- Doplňkový sken -------
.
uLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{CFDC5331-B ... 524E4542A7}
mLocal Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\matmik\Data aplikací\Mozilla\Firefox\Profiles\iciim6xk.default\
FF - prefs.js: browser.startup.homepage - google.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 11:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
hpqSRMon = c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c9,0f,8c,a9,08,b0,de,8d,38,f3,ff,29,76,d6,7f,58,27,8e,71,e0,ac,72,81,
d1,9b,16,1b,79,d8,aa,7a,33,a8,21,ff,8f,89,2b,c6,85,bf,d6,80,ae,26,18,b4,56,\
"??"=hex:92,b0,92,2a,dc,c2,cb,71,6f,15,f8,be,4d,6c,5a,9d
.
[HKEY_USERS\S-1-5-21-73586283-115176313-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:52,62,b3,ab,cc,ac,fd,e8,61,31,41,24,3f,45,63,6e,8f,ca,bc,8e,0e,
f0,8d,a5,72,90,61,aa,33,ec,80,cd,86,27,b1,da,bd,52,88,b6,30,72,b8,b6,fd,d5,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
- - - - - - - > 'winlogon.exe'(300)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
d:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'explorer.exe'(556)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-06-04 11:26:40
ComboFix-quarantined-files.txt 2011-06-04 09:26
ComboFix2.txt 2011-06-02 13:13
.
Před spuštěním: 7 889 285 120
Po spuštění: 7 874 625 536
.
- - End Of File - - 52CF0A36843951F9806D68F597682F01
Re: kontrola logu
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Pak spusť skener Cure It podle TOHOTO návodu
po skončení skenu chci sem i z něho výsledky.
(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
c:\*.tmp
c:\WINDOWS\System32\*.tmp
c:\WINDOWS\*.tmp
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4
c:\documents and settings\Mich.Mik\Data aplikací\kikin
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Pak spusť skener Cure It podle TOHOTO návodu
po skončení skenu chci sem i z něho výsledky.
(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
OTmovelt log:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\*.tmp not found.
File/Folder c:\WINDOWS\System32\*.tmp not found.
c:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
c:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder moved successfully.
c:\WINDOWS\msdownld.tmp folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4 folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\kikin folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: matmik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51102110 bytes
->Google Chrome cache emptied: 225794160 bytes
->Flash cache emptied: 5333 bytes
User: Mich.Mik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112269842 bytes
->Flash cache emptied: 2587 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2399 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 371,00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 06052011_114038
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\*.tmp not found.
File/Folder c:\WINDOWS\System32\*.tmp not found.
c:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
c:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder moved successfully.
c:\WINDOWS\msdownld.tmp folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E} folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\Toolbar4 folder moved successfully.
c:\documents and settings\Mich.Mik\Data aplikací\kikin folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: matmik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51102110 bytes
->Google Chrome cache emptied: 225794160 bytes
->Flash cache emptied: 5333 bytes
User: Mich.Mik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112269842 bytes
->Flash cache emptied: 2587 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2399 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 371,00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 06052011_114038
Files moved on Reboot...
Registry entries deleted on Reboot...
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
ten mi napsal: Hotovo nenalezena žádná hrozba. Log ale žádný nevyskočil...
-
[ACze]miky
- Návštěvník
- Příspěvky: 206
- Registrován: 01 pro 2010 16:41
Re: kontrola logu
Teď je všechno v pořádku. Ještě vyčistím pc ccleanerem. Kdyby nastali nějaké potíže tak dám vědět. Díky moc 
Přispějete na provoz fóra?