Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Skalin at 2012-05-24 17:45:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (28%) free of 76 GB
Total RAM: 1024 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:45:49, on 24.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Photosmart 6510 series\bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Skalin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BO413P505QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Photosmart 6510 series (Síť).lnk = ?
O4 - Global Startup: Logitech Setpoint.lnk = C:\Program Files\Logitech\SetPointP\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4832076656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
--
End of file - 7746 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\HP Photo Creations Messager.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-18 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-13 1869152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-13 1869152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2003-03-27 28672]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 249856]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-13 982880]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"HP Photosmart 6510 series (NET)"=C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2011-09-16 1804648]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Setpoint.lnk - C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Documents and Settings\Skalin\Nabídka Start\Programy\Po spuštění
Sledovat výstrahy inkoustu - HP Photosmart 6510 series (Síť).lnk - C:\WINDOWS\system32\RunDll32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2012-01-31 87424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0x07000000
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108743
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe"="C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\Stargate.bat"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\Stargate.bat:*:Enabled:Stargate"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Terraria\Terraria.exe"="C:\Program Files\Terraria\Terraria.exe:*:Enabled:Terraria"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Petroglyph"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 6510 series)"
"C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikátor HP (HP Photosmart 6510 series)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"VIDC.FPS1"=frapsvid.dll
"VIDC.IV50"=ir50_32.dll
"msacm.iac2"=c:\windows\system32\iac25_32.ax
======List of files/folders created in the last 1 month======
2012-05-24 17:39:57 ----D---- C:\Documents and Settings\Skalin\Data aplikací\TS3Client
2012-05-24 17:30:52 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-05-24 17:30:52 ----D---- C:\Documents and Settings\Skalin\Data aplikací\ts3overlay
2012-05-24 17:07:04 ----D---- C:\Program Files\trend micro
2012-05-24 17:07:03 ----D---- C:\rsit
2012-05-24 17:02:50 ----D---- C:\Documents and Settings\Skalin\Data aplikací\TS3Client(2)
2012-05-24 16:50:07 ----D---- C:\Program Files\TeamSpeak 3 Client(2)
2012-05-24 15:34:08 ----D---- C:\Program Files\Cenega Czech
2012-05-23 18:24:53 ----A---- C:\WINDOWS\system32\drivers\serscan.sys
2012-05-23 18:22:24 ----D---- C:\Program Files\Hewlett-Packard
2012-05-23 18:21:48 ----D---- C:\Program Files\Microsoft
2012-05-23 18:20:15 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-23 18:19:32 ----D---- C:\Program Files\HP Photo Creations
2012-05-23 18:19:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 18:18:39 ----D---- C:\Documents and Settings\Skalin\Data aplikací\HpUpdate
2012-05-23 18:18:31 ----N---- C:\WINDOWS\system32\HPDiscoPMA511.dll
2012-05-23 18:17:28 ----D---- C:\Program Files\HP
2012-05-23 18:09:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2012-05-23 18:09:28 ----RA---- C:\WINDOWS\system32\HPScanTRDrv_PS6510.dll
2012-05-23 18:09:25 ----RA---- C:\WINDOWS\system32\HPWia1_PS6510.dll
2012-05-23 18:09:22 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-05-23 18:03:38 ----A---- C:\WINDOWS\system32\hpinkstsA511LM.dll
2012-05-23 18:03:37 ----A---- C:\WINDOWS\system32\hpinkstsA511.dll
2012-05-23 18:03:37 ----A---- C:\WINDOWS\system32\hpinkcoiA511.dll
2012-05-23 18:02:32 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2012-05-23 17:12:55 ----HD---- C:\Config.Msi
2012-05-23 17:11:09 ----A---- C:\Documents and Settings\All Users\Data aplikací\Ament.ini
2012-05-22 15:57:34 ----D---- C:\WINDOWS\system32\URTTEMP
2012-05-22 15:47:14 ----A---- C:\WINDOWS\system32\msvcr100_clr0400.dll
2012-05-21 21:19:59 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Thunderbird
2012-05-20 19:46:46 ----A---- C:\WINDOWS\d3dx.dat
2012-05-20 19:27:51 ----D---- C:\Program Files\JoWooD
2012-05-20 18:20:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2012-05-18 13:29:50 ----D---- C:\Documents and Settings\Skalin\Data aplikací\vlc
2012-05-15 19:50:44 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Unity
2012-05-13 16:55:58 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2012-05-13 16:55:58 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-05-13 16:55:57 ----D---- C:\Program Files\Realtek
2012-05-13 16:37:25 ----D---- C:\WINDOWS\Performance
2012-05-07 11:09:08 ----D---- C:\Documents and Settings\Skalin\Data aplikací\LOVE
======List of files/folders modified in the last 1 month======
2012-05-24 17:42:57 ----D---- C:\WINDOWS\Prefetch
2012-05-24 17:37:11 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-05-24 17:37:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-05-24 17:36:56 ----D---- C:\WINDOWS\temp
2012-05-24 17:33:26 ----A---- C:\keyhook.txt
2012-05-24 17:33:14 ----D---- C:\WINDOWS
2012-05-24 17:31:44 ----D---- C:\WINDOWS\system32\config
2012-05-24 17:31:29 ----D---- C:\WINDOWS\system32\wbem
2012-05-24 17:31:28 ----D---- C:\WINDOWS\Registration
2012-05-24 17:31:15 ----D---- C:\WINDOWS\system32
2012-05-24 17:30:56 ----D---- C:\Program Files
2012-05-24 17:30:49 ----D---- C:\WINDOWS\WinSxS
2012-05-24 17:30:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-24 17:30:25 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-24 17:29:58 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-05-24 17:29:28 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Skype
2012-05-24 17:01:52 ----SHD---- C:\WINDOWS\Installer
2012-05-24 16:58:42 ----SD---- C:\WINDOWS\Tasks
2012-05-24 15:33:24 ----D---- C:\Documents and Settings\Skalin\Data aplikací\DAEMON Tools Lite
2012-05-24 12:25:24 ----D---- C:\Documents and Settings\Skalin\Data aplikací\uTorrent
2012-05-24 11:20:53 ----D---- C:\Documents and Settings\Skalin\Data aplikací\.minecraft
2012-05-24 09:59:24 ----D---- C:\Program Files\Common Files
2012-05-24 09:58:59 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-05-24 00:43:07 ----RSD---- C:\WINDOWS\assembly
2012-05-23 22:24:28 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-23 18:25:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-23 18:24:59 ----D---- C:\WINDOWS\system32\drivers
2012-05-23 18:18:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-05-23 18:17:58 ----HD---- C:\WINDOWS\inf
2012-05-23 18:17:38 ----D---- C:\WINDOWS\twain_32
2012-05-22 21:40:55 ----D---- C:\Program Files\FCEUx
2012-05-22 17:52:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-05-22 17:38:39 ----D---- C:\WINDOWS\Debug
2012-05-22 16:16:48 ----D---- C:\WINDOWS\system32\CatRoot
2012-05-22 16:00:14 ----D---- C:\WINDOWS\system32\DirectX
2012-05-22 15:55:54 ----D---- C:\Program Files\Internet Explorer
2012-05-22 15:55:49 ----D---- C:\WINDOWS\pchealth
2012-05-22 15:47:17 ----D---- C:\WINDOWS\system32\en-US
2012-05-21 21:46:15 ----D---- C:\WINDOWS\system32\NtmsData
2012-05-21 18:05:42 ----D---- C:\WINDOWS\Logs
2012-05-21 17:40:08 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-21 17:40:06 ----RSD---- C:\WINDOWS\Fonts
2012-05-21 17:02:07 ----A---- C:\WINDOWS\win.ini
2012-05-20 19:42:21 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-18 17:05:29 ----D---- C:\Program Files\Counter-Strike 1.6
2012-05-17 15:18:27 ----D---- C:\Program Files\uTorrent
2012-05-13 16:56:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-05-13 14:47:30 ----D---- C:\Program Files\Rockstar Games
2012-05-12 09:26:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-10 15:56:27 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 15:43:19 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-26 18:34:14 ----D---- C:\Program Files\CCleaner
2012-04-26 18:33:11 ----D---- C:\WINDOWS\system32\LogFiles
2012-04-25 18:42:32 ----D---- C:\Program Files\Student DOG
2012-04-25 18:26:48 ----D---- C:\Program Files\LogMeIn Hamachi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-04-13 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-10-29 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2011-09-16 10144]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\Skalin\LOCALS~1\Temp\ALSysIO.sys []
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\drivers\Axtmvflt.sys []
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\drivers\Axtmvmdm.sys []
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\system32\drivers\Axtmvprt.sys []
S3 FlashUSB;FlashUSB; C:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-09-26 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-09-26 79120]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\drivers\usbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\drivers\UsbDiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\drivers\USBModem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-11 909152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-18 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Poprosil bych o preventivní kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
Zdravím. 
Jestli to jde, v nabídce Přidat nebo odebrat programy odinstaluj AVG Security Toolbar.
Něco se mi v logu nepozdává, tak mi sem hoď prosím log z ComboFixu podle návodu.
PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK
Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Jestli to jde, v nabídce Přidat nebo odebrat programy odinstaluj AVG Security Toolbar. Něco se mi v logu nepozdává, tak mi sem hoď prosím log z ComboFixu podle návodu. PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
- Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
- Pokud máš Win XP, spusť pod účtem Správce/Administrator.
- Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
- Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
- Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
- Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
- Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
- Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix
-
-
- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
No tak jsem konečně přišel ze školy a pokusil se podívat na tu AVG Security Toolbar. Odinstalovat nejde, jen že bych ji odinstaloval v každém prohlížeči a to jak IE 8 tak i v Google Chrome. Teď jsem dokončil testování Combofixem a tady přikládám log.
Log:
ComboFix 12-05-25.02 - Skalin 25.05.2012 14:27:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1024.667 [GMT 2:00]
Spuštěný z: c:\documents and settings\Skalin\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Skalin\WINDOWS
c:\windows\system\BCBSMP35.BPL
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4c00ba46a7e9df5a.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\sysmwwod.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-25 do 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-24 15:39 . 2012-05-24 16:23 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\TS3Client
2012-05-24 15:31 . 2012-05-24 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-24 15:30 . 2012-05-24 15:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-05-24 15:30 . 2012-05-24 15:30 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\ts3overlay
2012-05-24 15:07 . 2012-05-24 15:45 -------- d-----w- c:\program files\trend micro
2012-05-24 15:07 . 2012-05-24 15:07 -------- d-----w- C:\rsit
2012-05-24 13:34 . 2012-05-24 13:34 -------- d-----w- c:\program files\Cenega Czech
2012-05-23 16:24 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-05-23 16:24 . 2001-10-24 10:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-05-23 16:22 . 2012-05-23 16:22 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-23 16:21 . 2012-05-23 16:43 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:20 . 2012-05-24 05:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\program files\HP Photo Creations
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 16:18 . 2012-05-24 16:38 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\HpUpdate
2012-05-23 16:18 . 2011-09-16 09:01 544616 ------w- c:\windows\system32\HPDiscoPMA511.dll
2012-05-23 16:17 . 2012-05-23 16:18 -------- d-----w- c:\program files\HP
2012-05-23 16:09 . 2012-05-23 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-05-23 16:09 . 2011-09-16 17:36 1952104 ----a-r- c:\windows\system32\HPScanTRDrv_PS6510.dll
2012-05-23 16:09 . 2011-09-16 17:36 488808 ----a-r- c:\windows\system32\HPWia1_PS6510.dll
2012-05-23 16:09 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-23 16:09 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-23 16:03 . 2011-09-16 17:36 270696 ----a-w- c:\windows\system32\hpinkstsA511LM.dll
2012-05-23 16:03 . 2011-09-16 17:36 429928 ----a-w- c:\windows\system32\hpinkstsA511.dll
2012-05-23 16:03 . 2011-09-16 17:36 216424 ----a-w- c:\windows\system32\hpinkcoiA511.dll
2012-05-23 16:02 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-05-23 16:02 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-05-23 15:10 . 2012-05-23 16:29 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\HP
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\jagexcache
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\SystemRequirementsLab
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Microsoft Corporation
2012-05-22 13:57 . 2012-05-22 13:57 -------- d-----w- c:\windows\system32\URTTEMP
2012-05-22 13:47 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-05-21 19:19 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Thunderbird
2012-05-21 19:19 . 2012-05-21 19:19 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Thunderbird
2012-05-20 17:27 . 2012-05-20 17:27 -------- d-----w- c:\program files\JoWooD
2012-05-20 16:20 . 2012-05-20 16:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2012-05-18 11:29 . 2012-05-20 15:06 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\vlc
2012-05-15 17:50 . 2012-05-15 17:50 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Unity
2012-05-15 17:46 . 2012-05-15 17:46 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Unity
2012-05-13 14:55 . 2009-03-25 12:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-05-13 14:55 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-05-13 14:55 . 2012-05-13 14:55 -------- d-----w- c:\program files\Realtek
2012-05-13 14:37 . 2012-05-13 14:37 -------- d-----w- c:\windows\Performance
2012-05-07 09:09 . 2012-05-07 09:09 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\LOVE
2012-04-29 06:48 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-04-29 06:48 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-04-29 06:48 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-04-29 06:48 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-04-29 06:48 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-04-29 06:47 . 2012-04-29 06:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-04-29 06:47 . 2012-04-29 06:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:34 . 2012-04-13 18:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-18 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-18 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 13:50 . 2012-01-16 11:22 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-20 19:03 . 2012-03-20 19:03 53248 ----a-r- c:\documents and settings\Skalin\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-20 19:02 . 2012-03-20 19:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-10 09:03 . 2012-03-10 09:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-18 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 13:46 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Skalin\Nabídka Start\Programy\Po spuštění\
Sledovat výstrahy inkoustu - HP Photosmart 6510 series (Síť).lnk - c:\windows\system32\RunDll32.exe [2004-8-18 33280]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Setpoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2011-10-7 1387288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\Counter-Strike.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\Stargate.bat"=
"c:\\Program Files\\Terraria\\Terraria.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 2:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.4.2012 20:34 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25.12.2011 10:53 12184]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [11.3.2012 9:48 909152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.5.2012 8:31 158856]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service; [x]
S3 Axtmvmdm;Axesstel USB Modem; [x]
S3 Axtmvprt;Axesstel Diagnostic Port; [x]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [28.2.2012 15:59 16896]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22.4.2011 14:21 92592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]?%[??????([??([???????????????? ?%[??%[?N????([$?????%[????????????{?%[??????????%[$?<~????(????~7~??<~?????~7~??<~??%[@???????d?????&[%?%[x?([d?????%[,>%[??'[v?7~Z|%[{3%[?2%[????st.I????G?&[????d????<%[?I%[
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(216)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2012-05-25 14:36:22
ComboFix-quarantined-files.txt 2012-05-25 12:36
.
Před spuštěním: Volných bajtů: 22 042 456 064
Po spuštění: Volných bajtů: 22 024 699 904
.
- - End Of File - - 4C129D1E414017F038A4FF6591730E1F
Log:
ComboFix 12-05-25.02 - Skalin 25.05.2012 14:27:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1024.667 [GMT 2:00]
Spuštěný z: c:\documents and settings\Skalin\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Skalin\WINDOWS
c:\windows\system\BCBSMP35.BPL
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4c00ba46a7e9df5a.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\sysmwwod.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-25 do 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-24 15:39 . 2012-05-24 16:23 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\TS3Client
2012-05-24 15:31 . 2012-05-24 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-24 15:30 . 2012-05-24 15:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-05-24 15:30 . 2012-05-24 15:30 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\ts3overlay
2012-05-24 15:07 . 2012-05-24 15:45 -------- d-----w- c:\program files\trend micro
2012-05-24 15:07 . 2012-05-24 15:07 -------- d-----w- C:\rsit
2012-05-24 13:34 . 2012-05-24 13:34 -------- d-----w- c:\program files\Cenega Czech
2012-05-23 16:24 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-05-23 16:24 . 2001-10-24 10:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-05-23 16:22 . 2012-05-23 16:22 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-23 16:21 . 2012-05-23 16:43 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:20 . 2012-05-24 05:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\program files\HP Photo Creations
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 16:18 . 2012-05-24 16:38 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\HpUpdate
2012-05-23 16:18 . 2011-09-16 09:01 544616 ------w- c:\windows\system32\HPDiscoPMA511.dll
2012-05-23 16:17 . 2012-05-23 16:18 -------- d-----w- c:\program files\HP
2012-05-23 16:09 . 2012-05-23 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-05-23 16:09 . 2011-09-16 17:36 1952104 ----a-r- c:\windows\system32\HPScanTRDrv_PS6510.dll
2012-05-23 16:09 . 2011-09-16 17:36 488808 ----a-r- c:\windows\system32\HPWia1_PS6510.dll
2012-05-23 16:09 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-23 16:09 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-23 16:03 . 2011-09-16 17:36 270696 ----a-w- c:\windows\system32\hpinkstsA511LM.dll
2012-05-23 16:03 . 2011-09-16 17:36 429928 ----a-w- c:\windows\system32\hpinkstsA511.dll
2012-05-23 16:03 . 2011-09-16 17:36 216424 ----a-w- c:\windows\system32\hpinkcoiA511.dll
2012-05-23 16:02 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-05-23 16:02 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-05-23 15:10 . 2012-05-23 16:29 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\HP
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\jagexcache
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\SystemRequirementsLab
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Microsoft Corporation
2012-05-22 13:57 . 2012-05-22 13:57 -------- d-----w- c:\windows\system32\URTTEMP
2012-05-22 13:47 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-05-21 19:19 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Thunderbird
2012-05-21 19:19 . 2012-05-21 19:19 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Thunderbird
2012-05-20 17:27 . 2012-05-20 17:27 -------- d-----w- c:\program files\JoWooD
2012-05-20 16:20 . 2012-05-20 16:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2012-05-18 11:29 . 2012-05-20 15:06 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\vlc
2012-05-15 17:50 . 2012-05-15 17:50 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Unity
2012-05-15 17:46 . 2012-05-15 17:46 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Unity
2012-05-13 14:55 . 2009-03-25 12:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-05-13 14:55 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-05-13 14:55 . 2012-05-13 14:55 -------- d-----w- c:\program files\Realtek
2012-05-13 14:37 . 2012-05-13 14:37 -------- d-----w- c:\windows\Performance
2012-05-07 09:09 . 2012-05-07 09:09 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\LOVE
2012-04-29 06:48 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-04-29 06:48 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-04-29 06:48 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-04-29 06:48 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-04-29 06:48 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-04-29 06:47 . 2012-04-29 06:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-04-29 06:47 . 2012-04-29 06:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:34 . 2012-04-13 18:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-18 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-18 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 13:50 . 2012-01-16 11:22 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-20 19:03 . 2012-03-20 19:03 53248 ----a-r- c:\documents and settings\Skalin\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-20 19:02 . 2012-03-20 19:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-10 09:03 . 2012-03-10 09:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-18 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 13:46 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Skalin\Nabídka Start\Programy\Po spuštění\
Sledovat výstrahy inkoustu - HP Photosmart 6510 series (Síť).lnk - c:\windows\system32\RunDll32.exe [2004-8-18 33280]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Setpoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2011-10-7 1387288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\Counter-Strike.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\Stargate.bat"=
"c:\\Program Files\\Terraria\\Terraria.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 2:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.4.2012 20:34 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25.12.2011 10:53 12184]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [11.3.2012 9:48 909152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.5.2012 8:31 158856]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service; [x]
S3 Axtmvmdm;Axesstel USB Modem; [x]
S3 Axtmvprt;Axesstel Diagnostic Port; [x]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [28.2.2012 15:59 16896]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22.4.2011 14:21 92592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]?%[??????([??([???????????????? ?%[??%[?N????([$?????%[????????????{?%[??????????%[$?<~????(????~7~??<~?????~7~??<~??%[@???????d?????&[%?%[x?([d?????%[,>%[??'[v?7~Z|%[{3%[?2%[????st.I????G?&[????d????<%[?I%[
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(216)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2012-05-25 14:36:22
ComboFix-quarantined-files.txt 2012-05-25 12:36
.
Před spuštěním: Volných bajtů: 22 042 456 064
Po spuštění: Volných bajtů: 22 024 699 904
.
- - End Of File - - 4C129D1E414017F038A4FF6591730E1F
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
Následující soubory otestuj na stránkách VirusTotal.
- c:\windows\htpatch.exe
- Klikni na [Choose File].
- Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
- Klikni na [Scan it!].
- Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
- Výsledek analýzy mi sem vlož (jako odkaz).
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
No tak žádný virus by tam neměl být. Dal jsem reanalyse a vyskočilo mi tohle:
SHA256: 99f927bd1d32a2979558c7476aa62c4bcd8f34bf45f0f3d564d55ffe6019b00d
SHA1: ff99aa62e0bca115fe8298aa26a126d4fc1aa065
MD5: 5a1d47118db71bc016dc041c928c464c
File size: 28.0 KB ( 28672 bytes )
File name: htpatch.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-05-25 13:07:40 UTC ( 0 minut ago )
Odkaz:https://www.virustotal.com/file/99f927b ... 337951260/
Ten HTpatch.exe by nejspíš měl být pozůstatek integrované grafické karty, protože po instalaci přídavné karty, jsem zapoměl odstranit ovladače a jsem líný na to abych si 10 minut pohrál s odinstalací.
SHA256: 99f927bd1d32a2979558c7476aa62c4bcd8f34bf45f0f3d564d55ffe6019b00d
SHA1: ff99aa62e0bca115fe8298aa26a126d4fc1aa065
MD5: 5a1d47118db71bc016dc041c928c464c
File size: 28.0 KB ( 28672 bytes )
File name: htpatch.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-05-25 13:07:40 UTC ( 0 minut ago )
Odkaz:https://www.virustotal.com/file/99f927b ... 337951260/
Ten HTpatch.exe by nejspíš měl být pozůstatek integrované grafické karty, protože po instalaci přídavné karty, jsem zapoměl odstranit ovladače a jsem líný na to abych si 10 minut pohrál s odinstalací.
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
Nevadí, AVG Toolbar odstraním tedy já. Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.
- Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
- Zkopíruj do něj tento script:
Kód: Vybrat vše
KillAll::
Driver::
vToolbarUpdater
SkypeUpdate
File::
C:\WINDOWS\tasks\HP Photo Creations Messager.job
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"NvMediaCenter"=-
"HP Software Update"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
DDS::
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
ClearJavaCache::
AtJob::
Reboot::- Ulož vytvořený TXT jako CFScript.txt
- Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
- Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.
Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
Tak winy naskočili v pohodě, tady přikládám log z Combofixu.
Log:
ComboFix 12-05-25.02 - Skalin 26.05.2012 9:20.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1024.737 [GMT 2:00]
Spuštěný z: c:\documents and settings\Skalin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Skalin\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\tasks\HP Photo Creations Messager.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_VTOOLBARUPDATER
-------\Service_SkypeUpdate
-------\Service_vToolbarUpdater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-26 do 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-24 15:39 . 2012-05-24 16:23 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\TS3Client
2012-05-24 15:31 . 2012-05-24 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-24 15:30 . 2012-05-24 15:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-05-24 15:30 . 2012-05-24 15:30 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\ts3overlay
2012-05-24 15:07 . 2012-05-24 15:45 -------- d-----w- c:\program files\trend micro
2012-05-24 15:07 . 2012-05-24 15:07 -------- d-----w- C:\rsit
2012-05-23 16:24 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-05-23 16:24 . 2001-10-24 10:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-05-23 16:22 . 2012-05-23 16:22 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-23 16:21 . 2012-05-23 16:43 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:20 . 2012-05-24 05:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\program files\HP Photo Creations
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 16:18 . 2012-05-24 16:38 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\HpUpdate
2012-05-23 16:18 . 2011-09-16 09:01 544616 ------w- c:\windows\system32\HPDiscoPMA511.dll
2012-05-23 16:17 . 2012-05-23 16:18 -------- d-----w- c:\program files\HP
2012-05-23 16:09 . 2012-05-23 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-05-23 16:09 . 2011-09-16 17:36 1952104 ----a-r- c:\windows\system32\HPScanTRDrv_PS6510.dll
2012-05-23 16:09 . 2011-09-16 17:36 488808 ----a-r- c:\windows\system32\HPWia1_PS6510.dll
2012-05-23 16:09 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-23 16:09 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-23 16:03 . 2011-09-16 17:36 270696 ----a-w- c:\windows\system32\hpinkstsA511LM.dll
2012-05-23 16:03 . 2011-09-16 17:36 429928 ----a-w- c:\windows\system32\hpinkstsA511.dll
2012-05-23 16:03 . 2011-09-16 17:36 216424 ----a-w- c:\windows\system32\hpinkcoiA511.dll
2012-05-23 16:02 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-05-23 16:02 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-05-23 15:10 . 2012-05-23 16:29 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\HP
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\jagexcache
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\SystemRequirementsLab
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Microsoft Corporation
2012-05-22 13:57 . 2012-05-22 13:57 -------- d-----w- c:\windows\system32\URTTEMP
2012-05-22 13:47 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-05-21 19:19 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Thunderbird
2012-05-21 19:19 . 2012-05-21 19:19 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Thunderbird
2012-05-20 17:27 . 2012-05-20 17:27 -------- d-----w- c:\program files\JoWooD
2012-05-20 16:20 . 2012-05-20 16:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2012-05-18 11:29 . 2012-05-20 15:06 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\vlc
2012-05-15 17:50 . 2012-05-15 17:50 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Unity
2012-05-15 17:46 . 2012-05-15 17:46 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Unity
2012-05-13 14:55 . 2009-03-25 12:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-05-13 14:55 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-05-13 14:55 . 2012-05-13 14:55 -------- d-----w- c:\program files\Realtek
2012-05-13 14:37 . 2012-05-13 14:37 -------- d-----w- c:\windows\Performance
2012-05-07 09:09 . 2012-05-07 09:09 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\LOVE
2012-04-29 06:48 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-04-29 06:48 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-04-29 06:48 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-04-29 06:48 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-04-29 06:48 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-04-29 06:47 . 2012-04-29 06:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-04-29 06:47 . 2012-04-29 06:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:34 . 2012-04-13 18:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-18 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-18 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 13:50 . 2012-01-16 11:22 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-20 19:03 . 2012-03-20 19:03 53248 ----a-r- c:\documents and settings\Skalin\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-20 19:02 . 2012-03-20 19:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-10 09:03 . 2012-03-10 09:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-18 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Setpoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2011-10-7 1387288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\Counter-Strike.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\Stargate.bat"=
"c:\\Program Files\\Terraria\\Terraria.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 2:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.4.2012 20:34 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25.12.2011 10:53 12184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service; [x]
S3 Axtmvmdm;Axesstel USB Modem; [x]
S3 Axtmvprt;Axesstel Diagnostic Port; [x]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [28.2.2012 15:59 16896]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22.4.2011 14:21 92592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-25 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-25 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 09:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]?%[??????([??([???????????????? ?%[??%[?N????([$?????%[????????????{?%[??????????%[$?<~????(????~7~??<~?????~7~??<~??%[@???????d?????&[%?%[x?([d?????%[,>%[??'[v?7~Z|%[{3%[?2%[????st.I????G?&[????d????<%[?I%[
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1248)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3248)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-05-26 09:32:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-26 07:32
ComboFix2.txt 2012-05-25 12:36
.
Před spuštěním: Volných bajtů: 24 294 002 688
Po spuštění: Volných bajtů: 24 214 409 216
.
- - End Of File - - 200CB3C2D7DB71EB500DD42D6B94FF33
Log:
ComboFix 12-05-25.02 - Skalin 26.05.2012 9:20.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1024.737 [GMT 2:00]
Spuštěný z: c:\documents and settings\Skalin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Skalin\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\tasks\HP Photo Creations Messager.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_VTOOLBARUPDATER
-------\Service_SkypeUpdate
-------\Service_vToolbarUpdater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-26 do 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-24 15:39 . 2012-05-24 16:23 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\TS3Client
2012-05-24 15:31 . 2012-05-24 15:31 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-24 15:30 . 2012-05-24 15:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-05-24 15:30 . 2012-05-24 15:30 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\ts3overlay
2012-05-24 15:07 . 2012-05-24 15:45 -------- d-----w- c:\program files\trend micro
2012-05-24 15:07 . 2012-05-24 15:07 -------- d-----w- C:\rsit
2012-05-23 16:24 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-05-23 16:24 . 2001-10-24 10:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-05-23 16:22 . 2012-05-23 16:22 -------- d-----w- c:\program files\Hewlett-Packard
2012-05-23 16:21 . 2012-05-23 16:43 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:20 . 2012-05-24 05:24 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\program files\HP Photo Creations
2012-05-23 16:19 . 2012-05-23 16:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 16:18 . 2012-05-24 16:38 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\HpUpdate
2012-05-23 16:18 . 2011-09-16 09:01 544616 ------w- c:\windows\system32\HPDiscoPMA511.dll
2012-05-23 16:17 . 2012-05-23 16:18 -------- d-----w- c:\program files\HP
2012-05-23 16:09 . 2012-05-23 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP
2012-05-23 16:09 . 2011-09-16 17:36 1952104 ----a-r- c:\windows\system32\HPScanTRDrv_PS6510.dll
2012-05-23 16:09 . 2011-09-16 17:36 488808 ----a-r- c:\windows\system32\HPWia1_PS6510.dll
2012-05-23 16:09 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-23 16:09 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-23 16:03 . 2011-09-16 17:36 270696 ----a-w- c:\windows\system32\hpinkstsA511LM.dll
2012-05-23 16:03 . 2011-09-16 17:36 429928 ----a-w- c:\windows\system32\hpinkstsA511.dll
2012-05-23 16:03 . 2011-09-16 17:36 216424 ----a-w- c:\windows\system32\hpinkcoiA511.dll
2012-05-23 16:02 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-05-23 16:02 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-05-23 15:10 . 2012-05-23 16:29 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\HP
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\jagexcache
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\SystemRequirementsLab
2012-05-22 13:58 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Microsoft Corporation
2012-05-22 13:57 . 2012-05-22 13:57 -------- d-----w- c:\windows\system32\URTTEMP
2012-05-22 13:47 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-05-21 19:19 . 2012-05-22 13:58 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Thunderbird
2012-05-21 19:19 . 2012-05-21 19:19 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Thunderbird
2012-05-20 17:27 . 2012-05-20 17:27 -------- d-----w- c:\program files\JoWooD
2012-05-20 16:20 . 2012-05-20 16:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2012-05-18 11:29 . 2012-05-20 15:06 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\vlc
2012-05-15 17:50 . 2012-05-15 17:50 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\Unity
2012-05-15 17:46 . 2012-05-15 17:46 -------- d-----w- c:\documents and settings\Skalin\Local Settings\Data aplikací\Unity
2012-05-13 14:55 . 2009-03-25 12:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2012-05-13 14:55 . 2009-03-03 18:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-05-13 14:55 . 2012-05-13 14:55 -------- d-----w- c:\program files\Realtek
2012-05-13 14:37 . 2012-05-13 14:37 -------- d-----w- c:\windows\Performance
2012-05-07 09:09 . 2012-05-07 09:09 -------- d-----w- c:\documents and settings\Skalin\Data aplikací\LOVE
2012-04-29 06:48 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-04-29 06:48 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-04-29 06:48 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-04-29 06:48 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-04-29 06:48 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-04-29 06:47 . 2012-04-29 06:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-04-29 06:47 . 2012-04-29 06:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:34 . 2012-04-13 18:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-11 13:55 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-18 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-18 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 13:50 . 2012-01-16 11:22 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-03-20 19:03 . 2012-03-20 19:03 53248 ----a-r- c:\documents and settings\Skalin\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-20 19:02 . 2012-03-20 19:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-10 09:03 . 2012-03-10 09:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:59 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-18 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2003-03-27 28672]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Logitech Setpoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2011-10-7 1387288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\Counter-Strike.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\Stargate.bat"=
"c:\\Program Files\\Terraria\\Terraria.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 2:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.4.2012 20:34 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [25.12.2011 10:53 12184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Skalin\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service; [x]
S3 Axtmvmdm;Axesstel USB Modem; [x]
S3 Axtmvprt;Axesstel Diagnostic Port; [x]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [28.2.2012 15:59 16896]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22.4.2011 14:21 92592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-25 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-25 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
2012-05-24 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16 09:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-26 09:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\???]?%[??????([??([???????????????? ?%[??%[?N????([$?????%[????????????{?%[??????????%[$?<~????(????~7~??<~?????~7~??<~??%[@???????d?????&[%?%[x?([d?????%[,>%[??'[v?7~Z|%[{3%[?2%[????st.I????G?&[????d????<%[?I%[
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1248)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3248)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-05-26 09:32:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-26 07:32
ComboFix2.txt 2012-05-25 12:36
.
Před spuštěním: Volných bajtů: 24 294 002 688
Po spuštění: Volných bajtů: 24 214 409 216
.
- - End Of File - - 200CB3C2D7DB71EB500DD42D6B94FF33
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
Jak je na tom počítač nyní?--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
No nabíhá možná o pár vteřin rychleji, díky moc. Jen jsem se chtěl zeptat, v notifikační oblasti jsem chtěl stále nechat ikonku nastavení ovladače nVidia, jenže jak jsme čištili Combofixem tak se vyplo i automatické spouštění a zatím netuším jak to nahodit, vím že je to zbytečné, ale já se cítím líp když mám v notifikační oblasti 4 ikonky: AVG, hlasitost, nastavení bezdrát. klávesnice a myši a nastavení nVidia. 
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
OK, já Ti to pak nahodím zpátky, jo? Já to mažu standardně, protože je to opravdu zbytečné. Ale když jsi na to zvyklý, vrátím to zpět. 
Každopádně mi sem hoď aktuální log ze RSITu, ať se mrkneme, co nám tam ještě zbylo či nezbylo.
Každopádně mi sem hoď aktuální log ze RSITu, ať se mrkneme, co nám tam ještě zbylo či nezbylo.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Skalin at 2012-05-26 10:23:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (30%) free of 76 GB
Total RAM: 1024 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:34, on 26.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Skalin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Setpoint] "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4832076656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 5810 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-18 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-18 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2003-03-27 28672]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 249856]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-13 982880]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"Logitech Setpoint"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2012-01-31 87424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe"="C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\Stargate.bat"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\Stargate.bat:*:Enabled:Stargate"
"C:\Program Files\Terraria\Terraria.exe"="C:\Program Files\Terraria\Terraria.exe:*:Enabled:Terraria"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Petroglyph"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 6510 series)"
"C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikátor HP (HP Photosmart 6510 series)"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Enabled:Vietcong"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"VIDC.FPS1"=frapsvid.dll
"VIDC.IV50"=ir50_32.dll
"msacm.iac2"=c:\windows\system32\iac25_32.ax
======List of files/folders created in the last 1 month======
2012-05-26 09:32:15 ----D---- C:\WINDOWS\temp
2012-05-26 09:32:13 ----A---- C:\ComboFix.txt
2012-05-25 15:38:10 ----D---- C:\Program Files\Cenega Czech
2012-05-25 14:24:57 ----A---- C:\WINDOWS\zip.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\SWSC.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\SWREG.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\sed.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\PEV.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\NIRCMD.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\MBR.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\grep.exe
2012-05-25 14:24:46 ----D---- C:\WINDOWS\ERDNT
2012-05-25 14:24:39 ----D---- C:\Qoobox
2012-05-24 17:39:57 ----D---- C:\Documents and Settings\Skalin\Data aplikací\TS3Client
2012-05-24 17:30:52 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-05-24 17:30:52 ----D---- C:\Documents and Settings\Skalin\Data aplikací\ts3overlay
2012-05-24 17:07:04 ----D---- C:\Program Files\trend micro
2012-05-24 17:07:03 ----D---- C:\rsit
2012-05-24 17:02:50 ----D---- C:\Documents and Settings\Skalin\Data aplikací\TS3Client(2)
2012-05-24 16:50:07 ----D---- C:\Program Files\TeamSpeak 3 Client(2)
2012-05-23 18:24:53 ----A---- C:\WINDOWS\system32\drivers\serscan.sys
2012-05-23 18:22:24 ----D---- C:\Program Files\Hewlett-Packard
2012-05-23 18:21:48 ----D---- C:\Program Files\Microsoft
2012-05-23 18:20:15 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-23 18:19:32 ----D---- C:\Program Files\HP Photo Creations
2012-05-23 18:19:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 18:18:39 ----D---- C:\Documents and Settings\Skalin\Data aplikací\HpUpdate
2012-05-23 18:18:31 ----N---- C:\WINDOWS\system32\HPDiscoPMA511.dll
2012-05-23 18:17:28 ----D---- C:\Program Files\HP
2012-05-23 18:09:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2012-05-23 18:09:28 ----RA---- C:\WINDOWS\system32\HPScanTRDrv_PS6510.dll
2012-05-23 18:09:25 ----RA---- C:\WINDOWS\system32\HPWia1_PS6510.dll
2012-05-23 18:09:22 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-05-23 18:03:38 ----A---- C:\WINDOWS\system32\hpinkstsA511LM.dll
2012-05-23 18:03:37 ----A---- C:\WINDOWS\system32\hpinkstsA511.dll
2012-05-23 18:03:37 ----A---- C:\WINDOWS\system32\hpinkcoiA511.dll
2012-05-23 18:02:32 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2012-05-23 17:12:55 ----D---- C:\Config.Msi
2012-05-23 17:11:09 ----A---- C:\Documents and Settings\All Users\Data aplikací\Ament.ini
2012-05-22 15:57:34 ----D---- C:\WINDOWS\system32\URTTEMP
2012-05-22 15:47:14 ----A---- C:\WINDOWS\system32\msvcr100_clr0400.dll
2012-05-21 21:19:59 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Thunderbird
2012-05-20 19:46:46 ----A---- C:\WINDOWS\d3dx.dat
2012-05-20 19:27:51 ----D---- C:\Program Files\JoWooD
2012-05-20 18:20:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2012-05-18 13:29:50 ----D---- C:\Documents and Settings\Skalin\Data aplikací\vlc
2012-05-15 19:50:44 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Unity
2012-05-13 16:55:58 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2012-05-13 16:55:58 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-05-13 16:55:57 ----D---- C:\Program Files\Realtek
2012-05-13 16:37:25 ----D---- C:\WINDOWS\Performance
2012-05-07 11:09:08 ----D---- C:\Documents and Settings\Skalin\Data aplikací\LOVE
======List of files/folders modified in the last 1 month======
2012-05-26 10:23:32 ----D---- C:\WINDOWS\Prefetch
2012-05-26 09:42:48 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-05-26 09:32:16 ----D---- C:\WINDOWS\system32\drivers
2012-05-26 09:32:15 ----D---- C:\WINDOWS
2012-05-26 09:28:47 ----A---- C:\WINDOWS\system.ini
2012-05-26 09:28:29 ----A---- C:\keyhook.txt
2012-05-26 09:28:20 ----D---- C:\WINDOWS\system32\drivers\etc
2012-05-26 09:27:33 ----D---- C:\WINDOWS\system32\config
2012-05-26 09:24:49 ----D---- C:\WINDOWS\system32
2012-05-26 09:24:49 ----D---- C:\WINDOWS\AppPatch
2012-05-26 09:24:45 ----D---- C:\Program Files\Common Files
2012-05-26 09:17:14 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-26 09:16:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-25 22:09:49 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Skype
2012-05-25 17:38:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-05-25 17:38:08 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-05-25 15:38:10 ----D---- C:\Program Files
2012-05-25 14:35:29 ----SD---- C:\WINDOWS\Tasks
2012-05-25 14:33:21 ----D---- C:\WINDOWS\system
2012-05-24 17:31:29 ----D---- C:\WINDOWS\system32\wbem
2012-05-24 17:31:28 ----D---- C:\WINDOWS\Registration
2012-05-24 17:30:49 ----D---- C:\WINDOWS\WinSxS
2012-05-24 17:01:52 ----SHD---- C:\WINDOWS\Installer
2012-05-24 15:33:24 ----D---- C:\Documents and Settings\Skalin\Data aplikací\DAEMON Tools Lite
2012-05-24 12:25:24 ----D---- C:\Documents and Settings\Skalin\Data aplikací\uTorrent
2012-05-24 11:20:53 ----D---- C:\Documents and Settings\Skalin\Data aplikací\.minecraft
2012-05-24 09:58:59 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-05-24 00:43:07 ----RSD---- C:\WINDOWS\assembly
2012-05-23 22:24:28 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-23 18:25:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-23 18:18:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-05-23 18:17:58 ----HD---- C:\WINDOWS\inf
2012-05-23 18:17:38 ----D---- C:\WINDOWS\twain_32
2012-05-22 21:40:55 ----D---- C:\Program Files\FCEUx
2012-05-22 17:52:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-05-22 17:38:39 ----D---- C:\WINDOWS\Debug
2012-05-22 16:16:48 ----D---- C:\WINDOWS\system32\CatRoot
2012-05-22 16:00:14 ----D---- C:\WINDOWS\system32\DirectX
2012-05-22 15:55:54 ----D---- C:\Program Files\Internet Explorer
2012-05-22 15:55:49 ----D---- C:\WINDOWS\pchealth
2012-05-22 15:47:17 ----D---- C:\WINDOWS\system32\en-US
2012-05-21 21:46:15 ----D---- C:\WINDOWS\system32\NtmsData
2012-05-21 18:05:42 ----D---- C:\WINDOWS\Logs
2012-05-21 17:40:08 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-21 17:40:06 ----RSD---- C:\WINDOWS\Fonts
2012-05-21 17:02:07 ----A---- C:\WINDOWS\win.ini
2012-05-20 19:42:21 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-18 17:05:29 ----D---- C:\Program Files\Counter-Strike 1.6
2012-05-17 15:18:27 ----D---- C:\Program Files\uTorrent
2012-05-13 16:56:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-05-13 14:47:30 ----D---- C:\Program Files\Rockstar Games
2012-05-12 09:26:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-10 15:56:27 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 15:43:19 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-04-13 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-10-29 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2011-09-16 10144]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\Skalin\LOCALS~1\Temp\ALSysIO.sys []
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\drivers\Axtmvflt.sys []
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\drivers\Axtmvmdm.sys []
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\system32\drivers\Axtmvprt.sys []
S3 FlashUSB;FlashUSB; C:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-09-26 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-09-26 79120]
S3 mbr;mbr; \??\C:\DOCUME~1\Skalin\LOCALS~1\Temp\mbr.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\drivers\usbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\drivers\UsbDiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\drivers\USBModem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-18 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Skalin at 2012-05-26 10:23:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (30%) free of 76 GB
Total RAM: 1024 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:34, on 26.5.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Skalin\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Skalin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Setpoint] "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4832076656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 5810 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-18 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-18 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2003-03-27 28672]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 249856]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-13 982880]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"Logitech Setpoint"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2012-01-31 87424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe"="C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\Stargate.bat"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\Stargate.bat:*:Enabled:Stargate"
"C:\Program Files\Terraria\Terraria.exe"="C:\Program Files\Terraria\Terraria.exe:*:Enabled:Terraria"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Petroglyph"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 6510 series)"
"C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikátor HP (HP Photosmart 6510 series)"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Enabled:Vietcong"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"VIDC.FPS1"=frapsvid.dll
"VIDC.IV50"=ir50_32.dll
"msacm.iac2"=c:\windows\system32\iac25_32.ax
======List of files/folders created in the last 1 month======
2012-05-26 09:32:15 ----D---- C:\WINDOWS\temp
2012-05-26 09:32:13 ----A---- C:\ComboFix.txt
2012-05-25 15:38:10 ----D---- C:\Program Files\Cenega Czech
2012-05-25 14:24:57 ----A---- C:\WINDOWS\zip.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\SWSC.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\SWREG.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\sed.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\PEV.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\NIRCMD.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\MBR.exe
2012-05-25 14:24:57 ----A---- C:\WINDOWS\grep.exe
2012-05-25 14:24:46 ----D---- C:\WINDOWS\ERDNT
2012-05-25 14:24:39 ----D---- C:\Qoobox
2012-05-24 17:39:57 ----D---- C:\Documents and Settings\Skalin\Data aplikací\TS3Client
2012-05-24 17:30:52 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-05-24 17:30:52 ----D---- C:\Documents and Settings\Skalin\Data aplikací\ts3overlay
2012-05-24 17:07:04 ----D---- C:\Program Files\trend micro
2012-05-24 17:07:03 ----D---- C:\rsit
2012-05-24 17:02:50 ----D---- C:\Documents and Settings\Skalin\Data aplikací\TS3Client(2)
2012-05-24 16:50:07 ----D---- C:\Program Files\TeamSpeak 3 Client(2)
2012-05-23 18:24:53 ----A---- C:\WINDOWS\system32\drivers\serscan.sys
2012-05-23 18:22:24 ----D---- C:\Program Files\Hewlett-Packard
2012-05-23 18:21:48 ----D---- C:\Program Files\Microsoft
2012-05-23 18:20:15 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-23 18:19:32 ----D---- C:\Program Files\HP Photo Creations
2012-05-23 18:19:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Photo Creations
2012-05-23 18:18:39 ----D---- C:\Documents and Settings\Skalin\Data aplikací\HpUpdate
2012-05-23 18:18:31 ----N---- C:\WINDOWS\system32\HPDiscoPMA511.dll
2012-05-23 18:17:28 ----D---- C:\Program Files\HP
2012-05-23 18:09:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2012-05-23 18:09:28 ----RA---- C:\WINDOWS\system32\HPScanTRDrv_PS6510.dll
2012-05-23 18:09:25 ----RA---- C:\WINDOWS\system32\HPWia1_PS6510.dll
2012-05-23 18:09:22 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-05-23 18:03:38 ----A---- C:\WINDOWS\system32\hpinkstsA511LM.dll
2012-05-23 18:03:37 ----A---- C:\WINDOWS\system32\hpinkstsA511.dll
2012-05-23 18:03:37 ----A---- C:\WINDOWS\system32\hpinkcoiA511.dll
2012-05-23 18:02:32 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2012-05-23 17:12:55 ----D---- C:\Config.Msi
2012-05-23 17:11:09 ----A---- C:\Documents and Settings\All Users\Data aplikací\Ament.ini
2012-05-22 15:57:34 ----D---- C:\WINDOWS\system32\URTTEMP
2012-05-22 15:47:14 ----A---- C:\WINDOWS\system32\msvcr100_clr0400.dll
2012-05-21 21:19:59 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Thunderbird
2012-05-20 19:46:46 ----A---- C:\WINDOWS\d3dx.dat
2012-05-20 19:27:51 ----D---- C:\Program Files\JoWooD
2012-05-20 18:20:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2012-05-18 13:29:50 ----D---- C:\Documents and Settings\Skalin\Data aplikací\vlc
2012-05-15 19:50:44 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Unity
2012-05-13 16:55:58 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2012-05-13 16:55:58 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2012-05-13 16:55:57 ----D---- C:\Program Files\Realtek
2012-05-13 16:37:25 ----D---- C:\WINDOWS\Performance
2012-05-07 11:09:08 ----D---- C:\Documents and Settings\Skalin\Data aplikací\LOVE
======List of files/folders modified in the last 1 month======
2012-05-26 10:23:32 ----D---- C:\WINDOWS\Prefetch
2012-05-26 09:42:48 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-05-26 09:32:16 ----D---- C:\WINDOWS\system32\drivers
2012-05-26 09:32:15 ----D---- C:\WINDOWS
2012-05-26 09:28:47 ----A---- C:\WINDOWS\system.ini
2012-05-26 09:28:29 ----A---- C:\keyhook.txt
2012-05-26 09:28:20 ----D---- C:\WINDOWS\system32\drivers\etc
2012-05-26 09:27:33 ----D---- C:\WINDOWS\system32\config
2012-05-26 09:24:49 ----D---- C:\WINDOWS\system32
2012-05-26 09:24:49 ----D---- C:\WINDOWS\AppPatch
2012-05-26 09:24:45 ----D---- C:\Program Files\Common Files
2012-05-26 09:17:14 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-26 09:16:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-25 22:09:49 ----D---- C:\Documents and Settings\Skalin\Data aplikací\Skype
2012-05-25 17:38:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-05-25 17:38:08 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-05-25 15:38:10 ----D---- C:\Program Files
2012-05-25 14:35:29 ----SD---- C:\WINDOWS\Tasks
2012-05-25 14:33:21 ----D---- C:\WINDOWS\system
2012-05-24 17:31:29 ----D---- C:\WINDOWS\system32\wbem
2012-05-24 17:31:28 ----D---- C:\WINDOWS\Registration
2012-05-24 17:30:49 ----D---- C:\WINDOWS\WinSxS
2012-05-24 17:01:52 ----SHD---- C:\WINDOWS\Installer
2012-05-24 15:33:24 ----D---- C:\Documents and Settings\Skalin\Data aplikací\DAEMON Tools Lite
2012-05-24 12:25:24 ----D---- C:\Documents and Settings\Skalin\Data aplikací\uTorrent
2012-05-24 11:20:53 ----D---- C:\Documents and Settings\Skalin\Data aplikací\.minecraft
2012-05-24 09:58:59 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-05-24 00:43:07 ----RSD---- C:\WINDOWS\assembly
2012-05-23 22:24:28 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-23 18:25:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-23 18:18:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-05-23 18:17:58 ----HD---- C:\WINDOWS\inf
2012-05-23 18:17:38 ----D---- C:\WINDOWS\twain_32
2012-05-22 21:40:55 ----D---- C:\Program Files\FCEUx
2012-05-22 17:52:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-05-22 17:38:39 ----D---- C:\WINDOWS\Debug
2012-05-22 16:16:48 ----D---- C:\WINDOWS\system32\CatRoot
2012-05-22 16:00:14 ----D---- C:\WINDOWS\system32\DirectX
2012-05-22 15:55:54 ----D---- C:\Program Files\Internet Explorer
2012-05-22 15:55:49 ----D---- C:\WINDOWS\pchealth
2012-05-22 15:47:17 ----D---- C:\WINDOWS\system32\en-US
2012-05-21 21:46:15 ----D---- C:\WINDOWS\system32\NtmsData
2012-05-21 18:05:42 ----D---- C:\WINDOWS\Logs
2012-05-21 17:40:08 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-21 17:40:06 ----RSD---- C:\WINDOWS\Fonts
2012-05-21 17:02:07 ----A---- C:\WINDOWS\win.ini
2012-05-20 19:42:21 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-18 17:05:29 ----D---- C:\Program Files\Counter-Strike 1.6
2012-05-17 15:18:27 ----D---- C:\Program Files\uTorrent
2012-05-13 16:56:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-05-13 14:47:30 ----D---- C:\Program Files\Rockstar Games
2012-05-12 09:26:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-10 15:56:27 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 15:43:19 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-04-13 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\drivers\srvkp.sys [2003-10-29 11264]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2011-09-16 10144]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\Skalin\LOCALS~1\Temp\ALSysIO.sys []
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\drivers\Axtmvflt.sys []
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\drivers\Axtmvmdm.sys []
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\system32\drivers\Axtmvprt.sys []
S3 FlashUSB;FlashUSB; C:\WINDOWS\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-09-26 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-09-26 79120]
S3 mbr;mbr; \??\C:\DOCUME~1\Skalin\LOCALS~1\Temp\mbr.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\drivers\usbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\drivers\UsbDiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\drivers\USBModem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-18 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
Takže fixni v HJT níže uvedené položky.
- Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
- Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
- Položky, které v seznamu nenajdeš, prostě přeskoč.
- HJT najdeš zde: C:\Program Files\trend micro\Skalin.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Dále stáhni utilitu OTM z jednoho z těchto odkazů:
- http://oldtimer.geekstogo.com/OTM.exe
- http://oldtimer.geekstogo.com/OTM.com
- http://oldtimer.geekstogo.com/OTM.scr
Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli!):
Kód: Vybrat vše
:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]
:Services
catchme
JavaQuickStarterService
:Files
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll"
"nwiz"="nwiz.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
No tak jsem spáchal všechno potřebné , příkaz v registru na automatické spuštění nvidia existuje, ale v notifikační oblasti mi ikonka nenaskočila . Ale to asi pořešíme později.
Log z OTM:
All processes killed
========== COMMANDS ==========
Restore points cleared and new OTM Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Skalin
->Temp folder emptied: 1208 bytes
->Temporary Internet Files folder emptied: 546019 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 262643341 bytes
->Flash cache emptied: 2404 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14856825 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 265,00 mb
[EMPTYFLASH]
User: All Users
User: LocalService
User: NetworkService
User: Skalin
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP169.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP214.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2CD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP301.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP317.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP372.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3EB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP402.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP414.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP458.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4EF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP55C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP69A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP80.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP91.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI160.tmp moved successfully.
C:\WINDOWS\Installer\MSI1CF.tmp moved successfully.
C:\WINDOWS\Installer\MSI20D.tmp moved successfully.
C:\WINDOWS\Installer\MSI20E.tmp moved successfully.
C:\WINDOWS\Installer\MSI20F.tmp moved successfully.
C:\WINDOWS\Installer\MSI210.tmp moved successfully.
C:\WINDOWS\Installer\MSI370.tmp moved successfully.
C:\WINDOWS\Installer\MSI3AE.tmp moved successfully.
C:\WINDOWS\Installer\MSI57.tmp moved successfully.
C:\WINDOWS\Installer\MSI7E3.tmp moved successfully.
C:\WINDOWS\Installer\MSIB8.tmp moved successfully.
C:\WINDOWS\Installer\MSIB9.tmp moved successfully.
C:\WINDOWS\Installer\MSIBA.tmp moved successfully.
C:\WINDOWS\Installer\MSIBB.tmp moved successfully.
C:\WINDOWS\Installer\MSIBC.tmp moved successfully.
C:\WINDOWS\Installer\MSIBD.tmp moved successfully.
C:\WINDOWS\Installer\MSIBE.tmp moved successfully.
C:\WINDOWS\Installer\MSIBF.tmp moved successfully.
C:\WINDOWS\Installer\MSIC0.tmp moved successfully.
C:\WINDOWS\Installer\MSIC1.tmp moved successfully.
C:\WINDOWS\Installer\MSIC2.tmp moved successfully.
C:\WINDOWS\Installer\MSIC3.tmp moved successfully.
C:\WINDOWS\Installer\MSIC4.tmp moved successfully.
C:\WINDOWS\Installer\MSIC5.tmp moved successfully.
C:\WINDOWS\Installer\MSIC6.tmp moved successfully.
C:\WINDOWS\Installer\MSIC7.tmp moved successfully.
C:\WINDOWS\Installer\MSIC8.tmp moved successfully.
C:\WINDOWS\Installer\MSIC9.tmp moved successfully.
C:\WINDOWS\Installer\MSICA.tmp moved successfully.
C:\WINDOWS\Installer\MSICB.tmp moved successfully.
C:\WINDOWS\Installer\MSICC.tmp moved successfully.
C:\WINDOWS\Installer\MSICD.tmp moved successfully.
C:\WINDOWS\Installer\MSICE.tmp moved successfully.
C:\WINDOWS\Installer\MSICF.tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"NvCplDaemon"|"c:\windows\system32\NvCpl.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"nwiz"|"nwiz.exe" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
OTM by OldTimer - Version 3.1.19.0 log created on 05262012_123434
Files moved on Reboot...
Registry entries deleted on Reboot...
, příkaz v registru na automatické spuštění nvidia existuje, ale v notifikační oblasti mi ikonka nenaskočila . Ale to asi pořešíme později.Log z OTM:
All processes killed
========== COMMANDS ==========
Restore points cleared and new OTM Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Skalin
->Temp folder emptied: 1208 bytes
->Temporary Internet Files folder emptied: 546019 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 262643341 bytes
->Flash cache emptied: 2404 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14856825 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 265,00 mb
[EMPTYFLASH]
User: All Users
User: LocalService
User: NetworkService
User: Skalin
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP169.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP214.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2CD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP301.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP317.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP372.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3EB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP402.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP414.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP458.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4EF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP55C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP69A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP80.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP91.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI160.tmp moved successfully.
C:\WINDOWS\Installer\MSI1CF.tmp moved successfully.
C:\WINDOWS\Installer\MSI20D.tmp moved successfully.
C:\WINDOWS\Installer\MSI20E.tmp moved successfully.
C:\WINDOWS\Installer\MSI20F.tmp moved successfully.
C:\WINDOWS\Installer\MSI210.tmp moved successfully.
C:\WINDOWS\Installer\MSI370.tmp moved successfully.
C:\WINDOWS\Installer\MSI3AE.tmp moved successfully.
C:\WINDOWS\Installer\MSI57.tmp moved successfully.
C:\WINDOWS\Installer\MSI7E3.tmp moved successfully.
C:\WINDOWS\Installer\MSIB8.tmp moved successfully.
C:\WINDOWS\Installer\MSIB9.tmp moved successfully.
C:\WINDOWS\Installer\MSIBA.tmp moved successfully.
C:\WINDOWS\Installer\MSIBB.tmp moved successfully.
C:\WINDOWS\Installer\MSIBC.tmp moved successfully.
C:\WINDOWS\Installer\MSIBD.tmp moved successfully.
C:\WINDOWS\Installer\MSIBE.tmp moved successfully.
C:\WINDOWS\Installer\MSIBF.tmp moved successfully.
C:\WINDOWS\Installer\MSIC0.tmp moved successfully.
C:\WINDOWS\Installer\MSIC1.tmp moved successfully.
C:\WINDOWS\Installer\MSIC2.tmp moved successfully.
C:\WINDOWS\Installer\MSIC3.tmp moved successfully.
C:\WINDOWS\Installer\MSIC4.tmp moved successfully.
C:\WINDOWS\Installer\MSIC5.tmp moved successfully.
C:\WINDOWS\Installer\MSIC6.tmp moved successfully.
C:\WINDOWS\Installer\MSIC7.tmp moved successfully.
C:\WINDOWS\Installer\MSIC8.tmp moved successfully.
C:\WINDOWS\Installer\MSIC9.tmp moved successfully.
C:\WINDOWS\Installer\MSICA.tmp moved successfully.
C:\WINDOWS\Installer\MSICB.tmp moved successfully.
C:\WINDOWS\Installer\MSICC.tmp moved successfully.
C:\WINDOWS\Installer\MSICD.tmp moved successfully.
C:\WINDOWS\Installer\MSICE.tmp moved successfully.
C:\WINDOWS\Installer\MSICF.tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"NvCplDaemon"|"c:\windows\system32\NvCpl.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"nwiz"|"nwiz.exe" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
OTM by OldTimer - Version 3.1.19.0 log created on 05262012_123434
Files moved on Reboot...
Registry entries deleted on Reboot...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Poprosil bych o preventivní kontrolu logu
Hele, s tou ikonou, to bude někde v nastaveních, aby se tam zobrazila. Příkaz k vrácení jsem tam přidal. Ani po restartu nenaskočila? 
Budeš se muset podívat někde v nastaveních nVidia, tam bude něco jako Zobrazit ikonu blablabla v oznamovací oblasti, tak to najdi a označ.
Jinak OTM provedlo, co mělo, takže si myslím, že můžeme dočistit a máme hotovo.
Odinstalujeme ComboFix.
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Pokud nemáš, stáhni CCleaner z tohoto odkazu.
CCleaner doporučuji používat cca jednou za týden.
... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.
Budeš se muset podívat někde v nastaveních nVidia, tam bude něco jako Zobrazit ikonu blablabla v oznamovací oblasti, tak to najdi a označ.
Jinak OTM provedlo, co mělo, takže si myslím, že můžeme dočistit a máme hotovo.
Odinstalujeme ComboFix.
- Přejmenuj ComboFix na Uninstall.
- Spusť jej.
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stáhni a spusť.
- Pro potvrzení volby mačkej A, Enter.
- Po použití utilitu smaž.
- Antiviry mohou tuto utilitu chybně označit jako vir - jedná se o falešný poplach - takže v pohodě stáhni (případně vypni při stahování antivir)!
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stáhni a spusť.
- Klikni na CleanUp a potvrď YES.
- Program uklidí a může (nemusí) restartovat PC.
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stáhni a spusť.
- Klikni na Start a potvrď OK.
- Program uklidí a může (nemusí) restartovat PC.
- Po použití utilitu smaž.
Pokud nemáš, stáhni CCleaner z tohoto odkazu.
- Panel čistič
- Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.
- Panel registry
- Klikni na Hledej problémy.
- Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
- Postup opakuj, dokud nebude bez problémů - většinou cca 3x.
- Panel nástroje
- Zde můžeš odinstalovat nepotřebné programy.
CCleaner doporučuji používat cca jednou za týden.... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Poprosil bych o preventivní kontrolu logu
Díky, start systému cca o 4 - 6 vteřin rychlejší. CCleaner používám už asi 4 měsíce, stále aktualizované na nejnovější verzi, používám ho spolu s Defragglerem od Piriformu. Nejlepší dva programy spolu s AVG PC TuneUp. Jinak podívám se a zkusím někde najít to zobrazování v oznamovací oblasti u té nVidie. Ještě jednou díky moc, možná k večeru se zastavím a udělám si ještě nové téma kvůli preventivce u druhého PC.
Přispějete na provoz fóra?