Napadený boot sektor Win32/Agent.SDG.Gen
Napsal: 13 říj 2011 14:39
Dobrý den, mám tu PC, které má napadený boot sektor trojským koněm Win32/Agent.SDG.Gen.
RSIT (šel udělat jen v nouzovém režimu)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-10-13 15:33:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (71%) free of 180 GB
Total RAM: 2046 MB (85% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2010-06-30 349624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-09-21 874688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
IncrediMail MediaBar 2 Toolbar - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-22 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll []
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-09-21 874688]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll []
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll []
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - IncrediMail MediaBar 2 Toolbar - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-08 3076144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Novex Canada Ltd\Remote Module\Alarm Receiver.exe"="C:\Program Files\Novex Canada Ltd\Remote Module\Alarm Receiver.exe:*:Enabled:AlarmReportee"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\hry\Age of Empires Trial\empires.exe"="C:\hry\Age of Empires Trial\empires.exe:*:Enabled:Age of Empires Trial"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.MP43"=mpg4c32.dll
"VIDC.ACDV"=ACDV.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.MJPG"=Pvmjpg30.dll
"VIDC.I420"=msh263.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi8"=wdmaud.drv
"aux4"=wdmaud.drv
"midi9"=wdmaud.drv
"aux5"=wdmaud.drv
"aux6"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-10-13 15:32:41 ----A---- C:\WINDOWS\ntbtlog.txt
2011-10-13 15:30:02 ----D---- C:\WINDOWS\temp
2011-10-13 15:30:00 ----AC---- C:\ComboFix.txt
2011-10-13 15:19:41 ----AC---- C:\Boot.bak
2011-10-13 15:19:36 ----RASHDC---- C:\cmdcons
2011-10-13 15:18:11 ----A---- C:\WINDOWS\MBR.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\zip.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWSC.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWREG.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\sed.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\PEV.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\NIRCMD.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\grep.exe
2011-10-13 15:18:01 ----D---- C:\WINDOWS\ERDNT
2011-10-13 15:15:29 ----DC---- C:\Qoobox
2011-10-13 15:11:32 ----D---- C:\Program Files\trend micro
2011-10-13 15:11:30 ----DC---- C:\rsit
2011-10-13 15:08:55 ----DC---- C:\inst
2011-10-13 15:01:59 ----D---- C:\Program Files\TeamViewer
2011-10-12 13:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-12 13:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-12 13:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-12 13:29:53 ----A---- C:\WINDOWS\imsins.BAK
2011-10-04 17:59:41 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-10-04 17:30:58 ----D---- C:\Program Files\Windows Sidebar
2011-10-04 17:30:49 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-10-04 17:18:34 ----DC---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-10-02 11:29:57 ----D---- C:\Program Files\McAfee Online Backup
2011-10-01 18:34:45 ----DC---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2011-10-01 18:34:44 ----D---- C:\Program Files\McAfee Security Scan
2011-09-17 16:25:53 ----A---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt
2011-09-16 10:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676$
2011-09-16 10:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-16 09:59:27 ----D---- C:\Program Files\AppGraffiti
======List of files/folders modified in the last 1 month======
2011-10-13 15:32:41 ----D---- C:\WINDOWS
2011-10-13 15:30:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-13 15:30:45 ----AC---- C:\WINDOWS\WINCMD.INI
2011-10-13 15:30:02 ----D---- C:\WINDOWS\system32\drivers
2011-10-13 15:29:12 ----SD---- C:\WINDOWS\Tasks
2011-10-13 15:28:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-13 15:26:22 ----C---- C:\WINDOWS\system.ini
2011-10-13 15:26:01 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-13 15:25:13 ----D---- C:\Program Files
2011-10-13 15:25:09 ----SHD---- C:\System Volume Information
2011-10-13 15:24:12 ----D---- C:\WINDOWS\system32\config
2011-10-13 15:23:36 ----D---- C:\WINDOWS\system32
2011-10-13 15:22:28 ----D---- C:\WINDOWS\AppPatch
2011-10-13 15:22:25 ----D---- C:\Program Files\Common Files
2011-10-13 15:19:41 ----RASHC---- C:\boot.ini
2011-10-13 14:37:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-10-13 09:22:33 ----D---- C:\Program Files\Zrychleni Pocitace
2011-10-13 09:10:51 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 09:10:46 ----RSD---- C:\WINDOWS\assembly
2011-10-12 13:35:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-10-12 13:35:35 ----DC---- C:\Config.Msi
2011-10-12 13:35:35 ----D---- C:\Program Files\Internet Explorer
2011-10-12 13:33:59 ----HD---- C:\WINDOWS\inf
2011-10-12 13:33:51 ----SHD---- C:\WINDOWS\Installer
2011-10-12 13:33:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-12 13:33:22 ----D---- C:\WINDOWS\WinSxS
2011-10-12 13:30:10 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-10-12 13:29:57 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-12 09:21:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-10-11 14:31:13 ----RD---- C:\Program Files\Skype
2011-10-11 14:31:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-10-11 14:17:49 ----D---- C:\WINDOWS\Prefetch
2011-10-11 14:17:25 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-10-11 09:29:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2011-10-10 13:05:14 ----D---- C:\WINDOWS\network diagnostic
2011-10-10 12:44:38 ----D---- C:\Program Files\Inbox Toolbar
2011-10-06 10:46:48 ----AC---- C:\WINDOWS\ModemLog_NOKIA_3220 GSM Modem.txt
2011-10-04 18:10:44 ----D---- C:\Program Files\TNod User & Password Finder
2011-10-04 17:59:41 ----D---- C:\Program Files\ESET
2011-10-04 17:20:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-04 16:04:17 ----D---- C:\WINDOWS\repair
2011-10-04 16:04:08 ----D---- C:\WINDOWS\Registration
2011-10-03 14:21:19 ----D---- C:\WINDOWS\system32\wbem
2011-10-03 14:21:11 ----D---- C:\Program Files\MP3Dancer
2011-10-03 14:21:08 ----D---- C:\Program Files\ICQ7.5
2011-10-03 10:31:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-09-26 11:41:42 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:42 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\oleacc.dll
2011-09-17 16:25:50 ----AC---- C:\WINDOWS\winzip32.ini
2011-09-17 16:24:48 ----D---- C:\unzipped
2011-09-17 16:11:02 ----D---- C:\Program Files\Vyčistit Počítač PROFESSIONAL
2011-09-17 16:10:28 ----D---- C:\Program Files\Vyčistit Počítač
2011-09-16 15:40:53 ----AC---- C:\WINDOWS\win.ini
2011-09-16 13:04:16 ----D---- C:\WINDOWS\system32\CatRoot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sonyhcb;Sony Digital Imaging Base; C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 6097]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 SSHDRV64;SSHDRV64; \??\C:\WINDOWS\system32\drivers\SSHDRV64.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
S2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-02-05 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-02-05 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-02-05 36261]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-20 4019072]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-10-14 379854]
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2008-12-03 1519424]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-04 39824]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gameport;FM801 PCI Joystick; C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-02 9728]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 328320]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WLC811GPCI;802.11b WLAN PCI; C:\WINDOWS\system32\DRIVERS\WLC811G.sys [2003-08-01 50432]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC301b;USB WEBCAM; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-03-03 90534]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
S2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-02-19 65536]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2006-02-14 131072]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe []
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-22 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
-----------------EOF-----------------
COMBOFIX
ComboFix 11-10-13.02 - Rudla 13.10.2011 15:20:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1288 [GMT 2:00]
Spuštěný z: c:\inst\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rudla\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Rudla\WINDOWS
c:\program files\UNWISE.EXE
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-13 do 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-13 13:25 . 2011-10-13 13:25 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{ABE42339-AFBB-41C1-ADD3-E1F5D2CD6163}\offreg.dll
2011-10-13 13:11 . 2011-10-13 13:12 -------- d-----w- c:\program files\trend micro
2011-10-13 13:11 . 2011-10-13 13:11 -------- dc----w- C:\rsit
2011-10-13 13:08 . 2011-10-13 13:09 -------- dc----w- C:\inst
2011-10-13 13:02 . 2011-10-13 13:11 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\TeamViewer
2011-10-13 13:01 . 2011-10-13 13:01 -------- d-----w- c:\program files\TeamViewer
2011-10-12 11:11 . 2011-09-21 07:00 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{ABE42339-AFBB-41C1-ADD3-E1F5D2CD6163}\mpengine.dll
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\ESET
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-10-04 15:59 . 2011-10-04 15:59 -------- dc----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-10-04 15:30 . 2011-10-04 15:30 -------- d-----w- c:\program files\Windows Sidebar
2011-10-04 15:30 . 2011-10-13 13:25 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-03 12:21 . 2011-10-03 12:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 09:29 . 2011-10-04 15:29 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 09:04 . 2011-10-02 09:04 -------- d-----w- c:\documents and settings\Rudla\Local Settings\Data aplikací\McAfee Anti-Theft
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\PriceGong
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MyAshampoo
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\IncrediMail_MediaBar_2
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Winamp Toolbar
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-02 08:16 . 2011-10-02 08:16 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2011-10-01 16:34 . 2011-10-01 16:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 16:34 . 2011-10-01 16:34 -------- dc----w- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2011-10-01 16:34 . 2011-10-02 08:16 -------- d-----w- c:\program files\McAfee Security Scan
2011-09-16 07:59 . 2011-09-16 10:59 -------- d-----w- c:\program files\AppGraffiti
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-21 07:00 . 2010-01-14 10:53 7269712 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 10:17 . 2006-03-02 12:00 602112 -c--a-w- c:\windows\system32\crypt32(3).dll
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 61936 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2011-08-04 07:20 . 2011-08-04 07:20 39824 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2011-08-04 07:20 . 2011-08-04 07:20 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2006-03-02 12:00 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-03-02 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 03:22 50688 -csh--w- c:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:21 84992 -csha-w- c:\windows\system32\olepro32.dll
2008-04-14 03:22 12288 -csh--w- c:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-06-29 22:11 349624 -c--a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-06-27 10:05 175912 -c--a-w- c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MP3 Dancer.lnk - [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Novex Canada Ltd\\Remote Module\\Alarm Receiver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\hry\\Age of Empires Trial\\empires.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [30.11.2006 21:05 6097]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [21.2.2007 18:53 113152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 7:34 974944]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [13.10.2011 15:02 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [30.11.2006 0:31 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [30.11.2006 0:31 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [30.11.2006 0:31 36261]
S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [2.11.2001 11:49 9728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [30.11.2006 21:05 299923]
S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [2.11.2001 15:33 328320]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.11.2006 0:19 9510]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [29.11.2006 23:57 50432]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.8.2009 18:19 247608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 07:49]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 12:32]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 12:32]
.
2011-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-13 c:\windows\Tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{12A6C906-97F9-4A1A-A7FE-6FE00F1292A9}: NameServer = 10.255.255.10,10.255.255.20
TCP: Interfaces\{91D70088-18DB-44F2-8E46-74AD3DF1EB89}: NameServer = 10.255.255.10,10.255.255.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)
WebBrowser-{2462D2D8-B36E-44AB-84BF-C5A9383D2429} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Ede Kowalski - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3676)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SAgent4.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Celkový čas: 2011-10-13 15:30:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-13 13:29
.
Před spuštěním: Volných bajtů: 131 184 390 144
Po spuštění: Volných bajtů: 131 175 989 248
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7C169AACF428D8134F313AA05EB07E75
RSIT (šel udělat jen v nouzovém režimu)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-10-13 15:33:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (71%) free of 180 GB
Total RAM: 2046 MB (85% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2010-06-30 349624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-09-21 3853984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-24 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-09-21 874688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
IncrediMail MediaBar 2 Toolbar - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-22 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-24 256112]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll []
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-09-21 874688]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll []
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll []
{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - IncrediMail MediaBar 2 Toolbar - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-08 3076144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Novex Canada Ltd\Remote Module\Alarm Receiver.exe"="C:\Program Files\Novex Canada Ltd\Remote Module\Alarm Receiver.exe:*:Enabled:AlarmReportee"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\hry\Age of Empires Trial\empires.exe"="C:\hry\Age of Empires Trial\empires.exe:*:Enabled:Age of Empires Trial"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.MP43"=mpg4c32.dll
"VIDC.ACDV"=ACDV.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.MJPG"=Pvmjpg30.dll
"VIDC.I420"=msh263.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi8"=wdmaud.drv
"aux4"=wdmaud.drv
"midi9"=wdmaud.drv
"aux5"=wdmaud.drv
"aux6"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-10-13 15:32:41 ----A---- C:\WINDOWS\ntbtlog.txt
2011-10-13 15:30:02 ----D---- C:\WINDOWS\temp
2011-10-13 15:30:00 ----AC---- C:\ComboFix.txt
2011-10-13 15:19:41 ----AC---- C:\Boot.bak
2011-10-13 15:19:36 ----RASHDC---- C:\cmdcons
2011-10-13 15:18:11 ----A---- C:\WINDOWS\MBR.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\zip.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWSC.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\SWREG.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\sed.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\PEV.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\NIRCMD.exe
2011-10-13 15:18:09 ----A---- C:\WINDOWS\grep.exe
2011-10-13 15:18:01 ----D---- C:\WINDOWS\ERDNT
2011-10-13 15:15:29 ----DC---- C:\Qoobox
2011-10-13 15:11:32 ----D---- C:\Program Files\trend micro
2011-10-13 15:11:30 ----DC---- C:\rsit
2011-10-13 15:08:55 ----DC---- C:\inst
2011-10-13 15:01:59 ----D---- C:\Program Files\TeamViewer
2011-10-12 13:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-12 13:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-12 13:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-12 13:29:53 ----A---- C:\WINDOWS\imsins.BAK
2011-10-04 17:59:41 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-10-04 17:30:58 ----D---- C:\Program Files\Windows Sidebar
2011-10-04 17:30:49 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-10-04 17:18:34 ----DC---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-10-02 11:29:57 ----D---- C:\Program Files\McAfee Online Backup
2011-10-01 18:34:45 ----DC---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2011-10-01 18:34:44 ----D---- C:\Program Files\McAfee Security Scan
2011-09-17 16:25:53 ----A---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt
2011-09-16 10:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676$
2011-09-16 10:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-16 09:59:27 ----D---- C:\Program Files\AppGraffiti
======List of files/folders modified in the last 1 month======
2011-10-13 15:32:41 ----D---- C:\WINDOWS
2011-10-13 15:30:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-13 15:30:45 ----AC---- C:\WINDOWS\WINCMD.INI
2011-10-13 15:30:02 ----D---- C:\WINDOWS\system32\drivers
2011-10-13 15:29:12 ----SD---- C:\WINDOWS\Tasks
2011-10-13 15:28:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-13 15:26:22 ----C---- C:\WINDOWS\system.ini
2011-10-13 15:26:01 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-13 15:25:13 ----D---- C:\Program Files
2011-10-13 15:25:09 ----SHD---- C:\System Volume Information
2011-10-13 15:24:12 ----D---- C:\WINDOWS\system32\config
2011-10-13 15:23:36 ----D---- C:\WINDOWS\system32
2011-10-13 15:22:28 ----D---- C:\WINDOWS\AppPatch
2011-10-13 15:22:25 ----D---- C:\Program Files\Common Files
2011-10-13 15:19:41 ----RASHC---- C:\boot.ini
2011-10-13 14:37:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-10-13 09:22:33 ----D---- C:\Program Files\Zrychleni Pocitace
2011-10-13 09:10:51 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 09:10:46 ----RSD---- C:\WINDOWS\assembly
2011-10-12 13:35:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-10-12 13:35:35 ----DC---- C:\Config.Msi
2011-10-12 13:35:35 ----D---- C:\Program Files\Internet Explorer
2011-10-12 13:33:59 ----HD---- C:\WINDOWS\inf
2011-10-12 13:33:51 ----SHD---- C:\WINDOWS\Installer
2011-10-12 13:33:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-12 13:33:22 ----D---- C:\WINDOWS\WinSxS
2011-10-12 13:30:10 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-10-12 13:29:57 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-12 09:21:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-10-11 14:31:13 ----RD---- C:\Program Files\Skype
2011-10-11 14:31:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-10-11 14:17:49 ----D---- C:\WINDOWS\Prefetch
2011-10-11 14:17:25 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-10-11 09:29:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2011-10-10 13:05:14 ----D---- C:\WINDOWS\network diagnostic
2011-10-10 12:44:38 ----D---- C:\Program Files\Inbox Toolbar
2011-10-06 10:46:48 ----AC---- C:\WINDOWS\ModemLog_NOKIA_3220 GSM Modem.txt
2011-10-04 18:10:44 ----D---- C:\Program Files\TNod User & Password Finder
2011-10-04 17:59:41 ----D---- C:\Program Files\ESET
2011-10-04 17:20:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-04 16:04:17 ----D---- C:\WINDOWS\repair
2011-10-04 16:04:08 ----D---- C:\WINDOWS\Registration
2011-10-03 14:21:19 ----D---- C:\WINDOWS\system32\wbem
2011-10-03 14:21:11 ----D---- C:\Program Files\MP3Dancer
2011-10-03 14:21:08 ----D---- C:\Program Files\ICQ7.5
2011-10-03 10:31:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-09-26 11:41:42 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:42 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\oleacc.dll
2011-09-17 16:25:50 ----AC---- C:\WINDOWS\winzip32.ini
2011-09-17 16:24:48 ----D---- C:\unzipped
2011-09-17 16:11:02 ----D---- C:\Program Files\Vyčistit Počítač PROFESSIONAL
2011-09-17 16:10:28 ----D---- C:\Program Files\Vyčistit Počítač
2011-09-16 15:40:53 ----AC---- C:\WINDOWS\win.ini
2011-09-16 13:04:16 ----D---- C:\WINDOWS\system32\CatRoot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sonyhcb;Sony Digital Imaging Base; C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 6097]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 SSHDRV64;SSHDRV64; \??\C:\WINDOWS\system32\drivers\SSHDRV64.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
S2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-02-05 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-02-05 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-02-05 36261]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-20 4019072]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-10-14 379854]
S3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2008-12-03 1519424]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-04 39824]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gameport;FM801 PCI Joystick; C:\WINDOWS\system32\DRIVERS\fmjoy.sys [2001-11-02 9728]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 wdm_fm801;FM801 PCI Audio (WDM); C:\WINDOWS\system32\drivers\fm801.sys [2001-11-02 328320]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WLC811GPCI;802.11b WLAN PCI; C:\WINDOWS\system32\DRIVERS\WLC811G.sys [2003-08-01 50432]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC301b;USB WEBCAM; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-03-03 90534]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
S2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2004-02-19 65536]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2006-02-14 131072]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe []
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-20 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-22 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
-----------------EOF-----------------
COMBOFIX
ComboFix 11-10-13.02 - Rudla 13.10.2011 15:20:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1288 [GMT 2:00]
Spuštěný z: c:\inst\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rudla\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Rudla\WINDOWS
c:\program files\UNWISE.EXE
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-13 do 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-13 13:25 . 2011-10-13 13:25 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{ABE42339-AFBB-41C1-ADD3-E1F5D2CD6163}\offreg.dll
2011-10-13 13:11 . 2011-10-13 13:12 -------- d-----w- c:\program files\trend micro
2011-10-13 13:11 . 2011-10-13 13:11 -------- dc----w- C:\rsit
2011-10-13 13:08 . 2011-10-13 13:09 -------- dc----w- C:\inst
2011-10-13 13:02 . 2011-10-13 13:11 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\TeamViewer
2011-10-13 13:01 . 2011-10-13 13:01 -------- d-----w- c:\program files\TeamViewer
2011-10-12 11:11 . 2011-09-21 07:00 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{ABE42339-AFBB-41C1-ADD3-E1F5D2CD6163}\mpengine.dll
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\Rudla\Data aplikací\ESET
2011-10-04 16:05 . 2011-10-04 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-10-04 15:59 . 2011-10-04 15:59 -------- dc----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-10-04 15:30 . 2011-10-04 15:30 -------- d-----w- c:\program files\Windows Sidebar
2011-10-04 15:30 . 2011-10-13 13:25 -------- dc----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-10-03 12:21 . 2011-10-03 12:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 09:29 . 2011-10-04 15:29 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 09:04 . 2011-10-02 09:04 -------- d-----w- c:\documents and settings\Rudla\Local Settings\Data aplikací\McAfee Anti-Theft
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\PriceGong
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Conduit
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MyAshampoo
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\IncrediMail_MediaBar_2
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Winamp Toolbar
2011-10-02 08:17 . 2011-10-02 08:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-02 08:16 . 2011-10-02 08:16 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2011-10-01 16:34 . 2011-10-01 16:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 16:34 . 2011-10-01 16:34 -------- dc----w- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2011-10-01 16:34 . 2011-10-02 08:16 -------- d-----w- c:\program files\McAfee Security Scan
2011-09-16 07:59 . 2011-09-16 10:59 -------- d-----w- c:\program files\AppGraffiti
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-21 07:00 . 2010-01-14 10:53 7269712 -c--a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 10:17 . 2006-03-02 12:00 602112 -c--a-w- c:\windows\system32\crypt32(3).dll
2011-08-22 23:41 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 61936 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2011-08-04 07:20 . 2011-08-04 07:20 39824 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2011-08-04 07:20 . 2011-08-04 07:20 147480 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2006-03-02 12:00 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-03-02 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 03:22 50688 -csh--w- c:\windows\twain_32.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 03:21 84992 -csha-w- c:\windows\system32\olepro32.dll
2008-04-14 03:22 12288 -csh--w- c:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-06-29 22:11 349624 -c--a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2011-06-27 10:05 175912 -c--a-w- c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbIncr.dll" [2011-06-27 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\Rudla\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MP3 Dancer.lnk - [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Novex Canada Ltd\\Remote Module\\Alarm Receiver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\hry\\Age of Empires Trial\\empires.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [30.11.2006 21:05 6097]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 SSHDRV64;SSHDRV64;c:\windows\system32\drivers\SSHDRV64.sys [21.2.2007 18:53 113152]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 7:34 974944]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [13.10.2011 15:02 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [30.11.2006 0:31 209171]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [30.11.2006 0:31 9284]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [30.11.2006 0:31 36261]
S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [2.11.2001 11:49 9728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [30.11.2006 21:05 299923]
S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [2.11.2001 15:33 328320]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [30.11.2006 0:19 9510]
S3 WLC811GPCI;802.11b WLAN PCI;c:\windows\system32\drivers\wlc811g.sys [29.11.2006 23:57 50432]
S4 gupdate1c9f5912b2a076;Služba Google Update (gupdate1c9f5912b2a076);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 14:32 133104]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.8.2009 18:19 247608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 07:49]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 12:32]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 12:32]
.
2011-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2011-10-13 c:\windows\Tasks\User_Feed_Synchronization-{EF349FF5-56C3-4131-B850-B8C7F83678AF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{12A6C906-97F9-4A1A-A7FE-6FE00F1292A9}: NameServer = 10.255.255.10,10.255.255.20
TCP: Interfaces\{91D70088-18DB-44F2-8E46-74AD3DF1EB89}: NameServer = 10.255.255.10,10.255.255.20
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{2462d2d8-b36e-44ab-84bf-c5a9383d2429} - (no file)
WebBrowser-{2462D2D8-B36E-44AB-84BF-C5A9383D2429} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Ede Kowalski - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3676)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\E_S00RP1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SAgent4.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Celkový čas: 2011-10-13 15:30:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-13 13:29
.
Před spuštěním: Volných bajtů: 131 184 390 144
Po spuštění: Volných bajtů: 131 175 989 248
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7C169AACF428D8134F313AA05EB07E75
ComboFix se nepouziva bez doporuceni - vize nize
