Problém se skype
Napsal: 03 bře 2012 11:58
Dobrý den,
Můj známý má podobný problém v programu skype jako zde: http://forum.viry.cz/viewtopic.php?f=13&t=104587
V kontakt listu se objevují cizí lidé, samovolně se objevuje hromadný chat s lidmi, od kterých chodí odkazy na další stránky. Antivir nic nenašel.
Mohl by prosím někdo zkontrolovat?
Podle předešlého postu jsme vygenerovali log:
OTL logfile created on: 25.2.2012 15:03:08 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
958,48 Mb Total Physical Memory | 568,06 Mb Available Physical Memory | 59,27% Memory free
2,26 Gb Paging File | 1,89 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 0,19 Gb Free Space | 1,99% Space Free | Partition Type: NTFS
Drive D: | 27,49 Gb Total Space | 25,39 Gb Free Space | 92,34% Space Free | Partition Type: NTFS
Computer Name: GREAT | User Name: Libka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.02.25 15:01:16 | 000,583,680 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012.02.17 20:27:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.21 12:56:04 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010.05.21 12:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.27 11:17:47 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Ad-Aware 2007\aawservice.exe
PRC - [2006.11.17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006.05.18 14:36:14 | 000,450,560 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2004.10.01 16:31:54 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004.06.22 02:57:16 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.25 09:46:59 | 001,714,688 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022500\algo.dll
MOD - [2012.02.17 20:26:59 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.05.21 12:55:58 | 000,278,528 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll
MOD - [2010.05.21 12:55:58 | 000,163,840 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll
MOD - [2010.05.21 12:55:54 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll
MOD - [2010.05.21 12:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
MOD - [2010.05.21 12:55:40 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2008.04.14 04:21:47 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.05.21 12:56:04 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008.03.27 11:17:47 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007.08.15 17:05:16 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007.08.15 17:05:08 | 001,261,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe -- (SandraTheSrv)
========== Driver Services (SafeList) ==========
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.05.21 12:56:04 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010.01.05 02:31:32 | 001,714,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2006.12.04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.10.18 17:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006.10.17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.29 21:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 20:27:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.13 17:16:19 | 000,000,000 | ---D | M]
[2009.10.28 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Libka\Data aplikací\Mozilla\Extensions
[2009.10.28 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Libka\Data aplikací\Mozilla\Firefox\Profiles\y5xkdqk8.default\extensions
[2012.02.13 17:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.29 21:35:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.02.17 20:27:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.13 08:59:20 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.02.13 08:59:20 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.02.13 08:59:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.02.13 08:59:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.02.13 08:59:20 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2001.10.25 15:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02DABC19-5CB7-4B0E-A324-1BF45CA17308}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71AFFBBF-CDB8-426D-9F69-B21D2854DAAE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBFE01C-4FDF-43A9-B36E-375708695C3D}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Libka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Libka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.06 17:36:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{224c69b1-a459-11dc-91ab-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{224c69b1-a459-11dc-91ab-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c6286e31-53a2-11df-a5b5-0019dbc4e118}\Shell - "" = AutoRun
O33 - MountPoints2\{c6286e31-53a2-11df-a5b5-0019dbc4e118}\Shell\AutoRun\command - "" = E:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2012.02.25 14:57:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.25 14:56:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.25 14:01:42 | 000,013,870 | ---- | M] () -- C:\Documents and Settings\Libka\Plocha\odočinek.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.25 14:01:42 | 000,013,870 | ---- | C] () -- C:\Documents and Settings\Libka\Plocha\odočinek.jpg
[2011.03.30 18:25:48 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011.03.30 18:25:07 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011.03.30 18:25:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2011.01.23 15:33:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.01.23 15:33:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.01.23 15:33:08 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.01.23 15:33:08 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.01.23 15:33:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.07.25 09:11:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
< End of report >
Moc děkuji za pomoc.
Můj známý má podobný problém v programu skype jako zde: http://forum.viry.cz/viewtopic.php?f=13&t=104587
V kontakt listu se objevují cizí lidé, samovolně se objevuje hromadný chat s lidmi, od kterých chodí odkazy na další stránky. Antivir nic nenašel.
Mohl by prosím někdo zkontrolovat?
Podle předešlého postu jsme vygenerovali log:
OTL logfile created on: 25.2.2012 15:03:08 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
958,48 Mb Total Physical Memory | 568,06 Mb Available Physical Memory | 59,27% Memory free
2,26 Gb Paging File | 1,89 Gb Available in Paging File | 83,76% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 0,19 Gb Free Space | 1,99% Space Free | Partition Type: NTFS
Drive D: | 27,49 Gb Total Space | 25,39 Gb Free Space | 92,34% Space Free | Partition Type: NTFS
Computer Name: GREAT | User Name: Libka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.02.25 15:01:16 | 000,583,680 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012.02.17 20:27:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.21 12:56:04 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010.05.21 12:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.27 11:17:47 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Ad-Aware 2007\aawservice.exe
PRC - [2006.11.17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006.05.18 14:36:14 | 000,450,560 | ---- | M] (Seznam.cz a.s.) -- C:\Program Files\Seznam\Postak\Postak.exe
PRC - [2004.10.01 16:31:54 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004.06.22 02:57:16 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.25 09:46:59 | 001,714,688 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022500\algo.dll
MOD - [2012.02.17 20:26:59 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.05.21 12:55:58 | 000,278,528 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll
MOD - [2010.05.21 12:55:58 | 000,163,840 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll
MOD - [2010.05.21 12:55:54 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll
MOD - [2010.05.21 12:55:40 | 000,561,263 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
MOD - [2010.05.21 12:55:40 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2008.04.14 04:21:47 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.05.21 12:56:04 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008.03.27 11:17:47 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007.08.15 17:05:16 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007.08.15 17:05:08 | 001,261,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe -- (SandraTheSrv)
========== Driver Services (SafeList) ==========
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.05.21 12:56:04 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010.01.05 02:31:32 | 001,714,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2006.12.04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.10.18 17:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006.10.17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.29 21:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 20:27:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.13 17:16:19 | 000,000,000 | ---D | M]
[2009.10.28 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Libka\Data aplikací\Mozilla\Extensions
[2009.10.28 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Libka\Data aplikací\Mozilla\Firefox\Profiles\y5xkdqk8.default\extensions
[2012.02.13 17:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.29 21:35:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.02.17 20:27:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.13 08:59:20 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.02.13 08:59:20 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.02.13 08:59:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.02.13 08:59:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.02.13 08:59:20 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2001.10.25 15:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SMail] C:\Program Files\Seznam\Postak\Postak.exe (Seznam.cz a.s.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1960408961-1715567821-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02DABC19-5CB7-4B0E-A324-1BF45CA17308}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71AFFBBF-CDB8-426D-9F69-B21D2854DAAE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBFE01C-4FDF-43A9-B36E-375708695C3D}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Libka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Libka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.06 17:36:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{224c69b1-a459-11dc-91ab-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{224c69b1-a459-11dc-91ab-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c6286e31-53a2-11df-a5b5-0019dbc4e118}\Shell - "" = AutoRun
O33 - MountPoints2\{c6286e31-53a2-11df-a5b5-0019dbc4e118}\Shell\AutoRun\command - "" = E:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2012.02.25 14:57:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.25 14:56:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.25 14:01:42 | 000,013,870 | ---- | M] () -- C:\Documents and Settings\Libka\Plocha\odočinek.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.25 14:01:42 | 000,013,870 | ---- | C] () -- C:\Documents and Settings\Libka\Plocha\odočinek.jpg
[2011.03.30 18:25:48 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011.03.30 18:25:07 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011.03.30 18:25:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2011.01.23 15:33:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.01.23 15:33:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.01.23 15:33:08 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.01.23 15:33:08 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.01.23 15:33:06 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.07.25 09:11:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
< End of report >
Moc děkuji za pomoc.
S dovolenim si virovou problematiku prevezmu