Dobrý den, občas se mi stává, že mi zamrzne prohlížeč, chvilku nejde načíst žádná stránka, a po půl minutě se vrátí vše k normálu. Nevím, jestli je to důležité, ale mám domácí síť přes router a když jede pouze jeden počítač, prohlížeč jede v pohodě. Zkouším přijít na možný problém všemi dostupnými prostředky, proto vás žádám o kontrolu logu. Děkuji
Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-01-30 18:12:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 453 GB (48%) free of 954 GB
Total RAM: 3326 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:54, on 30.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\AMD OverDrive\AODAssist.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Honza\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Honza.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD OverDrive\AODAssist.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4860 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Defraggler Volume C Task.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1085031214-682003330-1003UA.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ZoneAlarm Client"=C:\Program Files\ZoneAlarm\zlclient.exe [2009-02-16 981384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitComet"=C:\Program Files\BitLord\BitLord.exe [2005-05-07 2224128]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Games\Crysis\Bin32\Crysis.exe"="C:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Games\Football Manager 2009\fm.exe"="C:\Games\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Games\Company of Heroes\RelicCOH.exe"="C:\Games\Company of Heroes\RelicCOH.exe:*:Disabled:RelicCOH"
"C:\Games\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Games\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Disabled:Relic Patch Download Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Games\Prince of Persia\Prince of Persia.exe"="C:\Games\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
"C:\Games\Prince of Persia\PrinceOfPersia_Launcher.exe"="C:\Games\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
"C:\Games\Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Games\Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\Games\Wolverine\Binaries\Wolverine.exe"="C:\Games\Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine"
"C:\Games\Prototype\prototypef.exe"="C:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe"="C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:@BIOS Application"
"C:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Games\Wolfenstein\MP\Wolf2MP.exe"="C:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)"
"C:\Games\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)"
"C:\Games\dodo\dndclient.exe"="C:\Games\dodo\dndclient.exe:*:Enabled:dndclient"
"C:\Games\Turbine Download Manager\TurbineMessageService.exe"="C:\Games\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Games\Turbine Download Manager\TurbineNetworkService.exe"="C:\Games\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Games\Pro Evolution Soccer 2010\pes2010.exe"="C:\Games\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Documents and Settings\Honza\Plocha\pes2010.exe"="C:\Documents and Settings\Honza\Plocha\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Documents and Settings\Honza\Plocha\Games\Pro Evolution Soccer 2010.exe"="C:\Documents and Settings\Honza\Plocha\Games\Pro Evolution Soccer 2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Games\Dragon Age\bin_ship\daorigins.exe"="C:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Games\Dragon Age\DAOriginsLauncher.exe"="C:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Games\Football Manager 2010\fm.exe"="C:\Games\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Games\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Games\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\World of Warcraft\Launcher.exe"="C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe"="C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight"
"C:\Games\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Games\RESIDENT EVIL 5\RE5DX9.EXE"="C:\Games\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"C:\Games\RESIDENT EVIL 5\RE5DX10.EXE"="C:\Games\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daab03df-7481-11de-8ec9-00241d758e8c}]
shell\AutoRun\command - E:\autorun.exe
======List of files/folders created in the last 1 months======
2010-01-30 18:12:28 ----D---- C:\rsit
2010-01-30 18:12:28 ----D---- C:\Program Files\trend micro
2010-01-30 11:30:17 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-01-30 11:30:16 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-01-30 11:30:16 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-01-30 11:30:14 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-01-30 11:30:13 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-01-30 11:30:13 ----D---- C:\Program Files\ZoneAlarm
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-01-30 11:29:35 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-01-30 11:29:35 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-01-30 11:29:34 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-01-30 11:29:33 ----D---- C:\WINDOWS\Internet Logs
2010-01-28 13:38:56 ----D---- C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP
2010-01-27 13:56:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
2010-01-23 23:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-17 09:44:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Rumbic Studio
2010-01-13 17:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 09:14:24 ----D---- C:\Documents and Settings\Honza\Data aplikací\Dreamsdwell Stories
2010-01-08 23:15:46 ----D---- C:\Program Files\CCleaner
2010-01-06 17:35:00 ----D---- C:\Program Files\Common Files\DirectX
2010-01-06 17:31:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Divinity 2
======List of files/folders modified in the last 1 months======
2010-01-30 18:12:28 ----RD---- C:\Program Files
2010-01-30 18:02:06 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 17:49:08 ----D---- C:\WINDOWS\Prefetch
2010-01-30 17:41:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-30 15:53:54 ----D---- C:\WINDOWS\Temp
2010-01-30 14:58:02 ----A---- C:\WINDOWS\wincmd.ini
2010-01-30 13:24:33 ----D---- C:\!Torrents
2010-01-30 12:48:00 ----D---- C:\!Soubory z internetu
2010-01-30 11:36:29 ----D---- C:\WINDOWS\system32
2010-01-30 11:36:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-30 11:31:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-30 11:29:34 ----SHD---- C:\WINDOWS\Installer
2010-01-30 11:29:34 ----D---- C:\WINDOWS\WinSxS
2010-01-30 11:29:33 ----D---- C:\WINDOWS
2010-01-29 19:51:48 ----D---- C:\Program Files\QIP
2010-01-29 17:07:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-29 00:03:57 ----D---- C:\Michael
2010-01-28 18:29:20 ----D---- C:\WINDOWS\system32\DirectX
2010-01-28 18:29:19 ----HD---- C:\WINDOWS\inf
2010-01-28 18:28:38 ----RSD---- C:\WINDOWS\assembly
2010-01-28 15:42:00 ----D---- C:\Games
2010-01-28 14:10:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-28 13:43:48 ----D---- C:\Program Files\AGEIA Technologies
2010-01-28 13:43:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-23 23:25:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 22:51:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-23 20:18:08 ----D---- C:\Mamka
2010-01-23 20:16:15 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-23 19:39:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2010-01-23 19:00:55 ----D---- C:\WINDOWS\Minidump
2010-01-23 19:00:55 ----D---- C:\WINDOWS\Debug
2010-01-19 06:36:26 ----D---- C:\Program Files\Avast4
2010-01-17 07:40:59 ----D---- C:\WINDOWS\system32\config
2010-01-13 21:25:04 ----D---- C:\WINDOWS\AppPatch
2010-01-10 23:27:32 ----D---- C:\Program Files\SpeedFan
2010-01-10 20:49:34 ----D---- C:\Documents and Settings\Honza\Data aplikací\codeblocks
2010-01-09 07:24:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-08 23:23:40 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 23:19:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-06 17:35:00 ----D---- C:\Program Files\Common Files
2010-01-05 20:56:26 ----D---- C:\Program Files\AMD OverDrive
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-04 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-04 25888]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AODDriver;AODDriver; \??\C:\Program Files\AMD OverDrive\i386\AODDriver.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 aybbkpba;aybbkpba; C:\WINDOWS\system32\drivers\aybbkpba.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XPADFL02;XPAD Filter Service 02; C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AODService;AODService; C:\Program Files\AMD OverDrive\AODAssist.exe [2009-05-05 124256]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-12 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Dobrý večer 
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Log z MBAM:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
31.1.2010 15:41:27
mbam-log-2010-01-31 (15-41-20).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 295012
Uplynulý čas: 1 hour(s), 21 minute(s), 41 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.MultiDropper) -> No action taken.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Trojan.Agent) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Program Files\Common Files\install.exe (Trojan.MultiDropper) -> No action taken.
C:\Program Files\Common Files\alg.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ctfmon_aa.exe (Trojan.Agent) -> No action taken.
Při kontrole MBAMem mi avast dvakrát vyhodil tabulku, že nalezl škodlivý kód. Nevyvolal jsem žádnou akci, ale radši vám to sem píšu, nevím totiž jestli je to důležité nebo ne. Jméno vzorku byl u obou případů: Win32:Malware-gen
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
31.1.2010 15:41:27
mbam-log-2010-01-31 (15-41-20).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 295012
Uplynulý čas: 1 hour(s), 21 minute(s), 41 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.MultiDropper) -> No action taken.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Trojan.Agent) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Program Files\Common Files\install.exe (Trojan.MultiDropper) -> No action taken.
C:\Program Files\Common Files\alg.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ctfmon_aa.exe (Trojan.Agent) -> No action taken.
Při kontrole MBAMem mi avast dvakrát vyhodil tabulku, že nalezl škodlivý kód. Nevyvolal jsem žádnou akci, ale radši vám to sem píšu, nevím totiž jestli je to důležité nebo ne. Jméno vzorku byl u obou případů: Win32:Malware-gen
Re: Prosím o kontrolu logu
A u jakých souborů ho nalezl?
Co našel mbam, smažte
Co našel mbam, smažte
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
První byl soubor YASU.exe
Druhý nevím přesně, ale vím, že to bylo v system volume information. Nevím jak to mám otestovat avastem, neboť ve výběru složek pro test není vidět
Druhý nevím přesně, ale vím, že to bylo v system volume information. Nevím jak to mám otestovat avastem, neboť ve výběru složek pro test není vidět
Re: Prosím o kontrolu logu
Obnovu systému pak smažeme jinak
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Log z ComboFixu:
ComboFix 10-01-31.03 - Honza 01.02.2010 11:15:00.2.3 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2824 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-01-31 13:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 13:17 . 2010-01-31 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 13:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- C:\rsit
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- c:\program files\trend micro
2010-01-30 10:30 . 2010-01-30 10:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-30 10:30 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-30 10:30 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\program files\ZoneAlarm
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-30 10:30 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-30 10:29 . 2010-02-01 10:08 -------- d-----w- c:\windows\Internet Logs
2010-01-28 15:17 . 2010-01-28 15:17 25 ----a-w- c:\windows\popcinfot.dat
2010-01-28 12:38 . 2010-01-28 12:38 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-01-13 09:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 22:15 . 2010-01-08 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-06 16:35 . 2010-01-06 16:35 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-04 18:29 . 2010-01-04 18:29 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-04 18:29 . 2010-01-04 18:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 10:11 . 2001-10-25 11:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 10:11 . 2001-10-25 11:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2010-01-29 18:51 . 2009-07-19 14:16 -------- d-----w- c:\program files\QIP
2010-01-28 13:10 . 2009-07-19 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 12:43 . 2009-08-13 16:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 12:43 . 2009-07-19 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 05:36 . 2009-07-19 14:12 -------- d-----w- c:\program files\Avast4
2010-01-10 22:27 . 2009-08-17 15:07 -------- d-----w- c:\program files\SpeedFan
2010-01-09 06:24 . 2009-07-19 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 19:56 . 2009-07-21 09:46 -------- d-----w- c:\program files\AMD OverDrive
2009-12-22 18:39 . 2009-12-22 18:39 -------- d-----w- c:\program files\ATI
2009-12-22 05:09 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-07-23 21:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 11:02 . 2009-07-19 15:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-25 03:50 . 2009-04-29 03:30 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2009-07-19 13:42 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2009-04-29 02:17 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2009-04-29 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2009-07-19 13:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-04-29 01:56 3538496 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2009-04-29 01:45 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-04-29 01:42 2142848 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2009-07-19 13:42 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2009-07-19 13:42 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2009-04-29 01:22 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:19 . 2009-04-29 01:20 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2009-04-29 01:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:18 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2009-04-29 01:17 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2009-04-29 01:13 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-24 23:54 . 2009-10-16 10:23 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-16 10:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-10-16 10:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-10-16 10:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-10-16 10:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-10-16 10:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-16 10:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-16 10:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-16 10:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-31_22.07.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-01 10:07 . 2010-02-01 10:07 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat
- 2010-01-31 21:59 . 2010-01-31 21:59 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2010-02-01 10:07 . 2010-02-01 10:07 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2001-10-25 11:00 . 2010-02-01 10:11 71002 c:\windows\system32\perfc009.dat
- 2001-10-25 11:00 . 2010-01-31 22:04 71002 c:\windows\system32\perfc009.dat
+ 2001-10-25 11:00 . 2010-02-01 10:11 440684 c:\windows\system32\perfh009.dat
- 2001-10-25 11:00 . 2010-01-31 22:04 440684 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Games\\Football Manager 2009\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Company of Heroes\\RelicCOH.exe"=
"c:\\Games\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Wolverine\\Binaries\\Wolverine.exe"=
"c:\\Games\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Games\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Honza\\Plocha\\Games\\Pro Evolution Soccer 2010.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Games\\Football Manager 2010\\fm.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX10.EXE"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 11:23 114768]
R2 AODService;AODService;c:\program files\AMD OverDrive\AODAssist.exe [5.5.2009 4:45 124256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 11:23 20560]
R3 AODDriver;AODDriver;c:\program files\AMD OverDrive\i386\AODDriver.sys [5.5.2009 4:42 7680]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.7.2009 16:35 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.7.2009 14:17 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [4.11.2009 13:50 25832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8.12.2009 21:37 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys --> c:\windows\system32\DRIVERS\xpadfl02.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-12-15 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2009-12-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-19 13:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\t60qlz1y.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 11:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,cd,bc,06,42,6c,ae,0b,7c,91,f2,56,c7,ff,69,a0,a3,89,c8,86,fb,bd,ef,
63,df,c5,ef,8c,9b,db,d5,de,e9,73,47,dc,21,8e,d7,1c,68,4a,0c,86,49,4f,ef,89,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,d6,33,e6,1e,f6,d6,63,c5,f8,17,5c,e9,2b,1e,da,72,1f,4b,a5,a3,
b0,04,3d,8b,02,49,27,99,35,a0,c5,44,65,af,58,18,d2,b8,cb,c9,dd,bb,18,00,c6,\
"rkeysecu"=hex:05,73,03,75,a8,a4,66,b4,fb,c4,02,2a,f8,ee,59,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3180)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-01 11:20:04
ComboFix-quarantined-files.txt 2010-02-01 10:20
ComboFix2.txt 2010-01-31 22:09
Před spuštěním: Volných bajtů: 475 501 305 856
Po spuštění: Volných bajtů: 475 465 773 056
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 656436D246E1ADA3E6CCE263CB89B88F
ComboFix 10-01-31.03 - Honza 01.02.2010 11:15:00.2.3 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2824 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-01-31 13:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 13:17 . 2010-01-31 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 13:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- C:\rsit
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- c:\program files\trend micro
2010-01-30 10:30 . 2010-01-30 10:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-30 10:30 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-30 10:30 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\program files\ZoneAlarm
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-30 10:30 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-30 10:29 . 2010-02-01 10:08 -------- d-----w- c:\windows\Internet Logs
2010-01-28 15:17 . 2010-01-28 15:17 25 ----a-w- c:\windows\popcinfot.dat
2010-01-28 12:38 . 2010-01-28 12:38 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-01-13 09:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 22:15 . 2010-01-08 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-06 16:35 . 2010-01-06 16:35 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-04 18:29 . 2010-01-04 18:29 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-04 18:29 . 2010-01-04 18:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 10:11 . 2001-10-25 11:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 10:11 . 2001-10-25 11:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2010-01-29 18:51 . 2009-07-19 14:16 -------- d-----w- c:\program files\QIP
2010-01-28 13:10 . 2009-07-19 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 12:43 . 2009-08-13 16:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 12:43 . 2009-07-19 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 05:36 . 2009-07-19 14:12 -------- d-----w- c:\program files\Avast4
2010-01-10 22:27 . 2009-08-17 15:07 -------- d-----w- c:\program files\SpeedFan
2010-01-09 06:24 . 2009-07-19 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 19:56 . 2009-07-21 09:46 -------- d-----w- c:\program files\AMD OverDrive
2009-12-22 18:39 . 2009-12-22 18:39 -------- d-----w- c:\program files\ATI
2009-12-22 05:09 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-07-23 21:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 11:02 . 2009-07-19 15:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-25 03:50 . 2009-04-29 03:30 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2009-07-19 13:42 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2009-04-29 02:17 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2009-04-29 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2009-07-19 13:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-04-29 01:56 3538496 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2009-04-29 01:45 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-04-29 01:42 2142848 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2009-07-19 13:42 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2009-07-19 13:42 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2009-04-29 01:22 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:19 . 2009-04-29 01:20 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2009-04-29 01:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:18 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2009-04-29 01:17 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2009-04-29 01:13 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-24 23:54 . 2009-10-16 10:23 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-16 10:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-10-16 10:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-10-16 10:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-10-16 10:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-10-16 10:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-16 10:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-16 10:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-16 10:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-31_22.07.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-01 10:07 . 2010-02-01 10:07 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat
- 2010-01-31 21:59 . 2010-01-31 21:59 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2010-02-01 10:07 . 2010-02-01 10:07 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2001-10-25 11:00 . 2010-02-01 10:11 71002 c:\windows\system32\perfc009.dat
- 2001-10-25 11:00 . 2010-01-31 22:04 71002 c:\windows\system32\perfc009.dat
+ 2001-10-25 11:00 . 2010-02-01 10:11 440684 c:\windows\system32\perfh009.dat
- 2001-10-25 11:00 . 2010-01-31 22:04 440684 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Games\\Football Manager 2009\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Company of Heroes\\RelicCOH.exe"=
"c:\\Games\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Wolverine\\Binaries\\Wolverine.exe"=
"c:\\Games\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Games\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Honza\\Plocha\\Games\\Pro Evolution Soccer 2010.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Games\\Football Manager 2010\\fm.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX10.EXE"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 11:23 114768]
R2 AODService;AODService;c:\program files\AMD OverDrive\AODAssist.exe [5.5.2009 4:45 124256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 11:23 20560]
R3 AODDriver;AODDriver;c:\program files\AMD OverDrive\i386\AODDriver.sys [5.5.2009 4:42 7680]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.7.2009 16:35 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.7.2009 14:17 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [4.11.2009 13:50 25832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8.12.2009 21:37 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys --> c:\windows\system32\DRIVERS\xpadfl02.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-12-15 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2009-12-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-19 13:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\t60qlz1y.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 11:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,cd,bc,06,42,6c,ae,0b,7c,91,f2,56,c7,ff,69,a0,a3,89,c8,86,fb,bd,ef,
63,df,c5,ef,8c,9b,db,d5,de,e9,73,47,dc,21,8e,d7,1c,68,4a,0c,86,49,4f,ef,89,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,d6,33,e6,1e,f6,d6,63,c5,f8,17,5c,e9,2b,1e,da,72,1f,4b,a5,a3,
b0,04,3d,8b,02,49,27,99,35,a0,c5,44,65,af,58,18,d2,b8,cb,c9,dd,bb,18,00,c6,\
"rkeysecu"=hex:05,73,03,75,a8,a4,66,b4,fb,c4,02,2a,f8,ee,59,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3180)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-01 11:20:04
ComboFix-quarantined-files.txt 2010-02-01 10:20
ComboFix2.txt 2010-01-31 22:09
Před spuštěním: Volných bajtů: 475 501 305 856
Po spuštění: Volných bajtů: 475 465 773 056
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 656436D246E1ADA3E6CCE263CB89B88F
Re: Prosím o kontrolu logu
otestujte na www.virustotal.comc:\windows\system32\DRIVERS\xpadfl02.sys
dejte procházet a do spodního okénka nakopírujte cestu k souboru.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Virustotal ten soubor nemůže najít. Ani já ten soubor ručně nenašel.
Re: Prosím o kontrolu logu
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Driver::
XPADFL02
File::
c:\windows\system32\DRIVERS\xpadfl02.sys
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
ComboFix 10-01-31.03 - Honza 01.02.2010 13:13:18.3.3 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2687 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\system32\DRIVERS\xpadfl02.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_XPADFL02
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-02-01 10:35 . 2010-02-01 10:35 -------- d-----w- c:\program files\FileHoop Update Checker
2010-01-31 13:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 13:17 . 2010-01-31 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 13:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- C:\rsit
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- c:\program files\trend micro
2010-01-30 10:30 . 2010-01-30 10:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-30 10:30 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-30 10:30 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\program files\ZoneAlarm
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-30 10:30 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-30 10:29 . 2010-02-01 12:18 -------- d-----w- c:\windows\Internet Logs
2010-01-28 15:17 . 2010-01-28 15:17 25 ----a-w- c:\windows\popcinfot.dat
2010-01-28 12:38 . 2010-01-28 12:38 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-01-13 09:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 22:15 . 2010-01-08 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-06 16:35 . 2010-01-06 16:35 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-04 18:29 . 2010-01-04 18:29 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-04 18:29 . 2010-01-04 18:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 12:21 . 2001-10-25 11:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 12:21 . 2001-10-25 11:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2010-01-29 18:51 . 2009-07-19 14:16 -------- d-----w- c:\program files\QIP
2010-01-28 13:10 . 2009-07-19 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 12:43 . 2009-08-13 16:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 12:43 . 2009-07-19 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 05:36 . 2009-07-19 14:12 -------- d-----w- c:\program files\Avast4
2010-01-10 22:27 . 2009-08-17 15:07 -------- d-----w- c:\program files\SpeedFan
2010-01-09 06:24 . 2009-07-19 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 19:56 . 2009-07-21 09:46 -------- d-----w- c:\program files\AMD OverDrive
2009-12-22 18:39 . 2009-12-22 18:39 -------- d-----w- c:\program files\ATI
2009-12-22 05:09 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-07-23 21:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 11:02 . 2009-07-19 15:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-25 03:50 . 2009-04-29 03:30 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2009-07-19 13:42 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2009-04-29 02:17 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2009-04-29 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2009-07-19 13:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-04-29 01:56 3538496 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2009-04-29 01:45 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-04-29 01:42 2142848 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2009-07-19 13:42 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2009-07-19 13:42 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2009-04-29 01:22 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:19 . 2009-04-29 01:20 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2009-04-29 01:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:18 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2009-04-29 01:17 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2009-04-29 01:13 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-24 23:54 . 2009-10-16 10:23 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-16 10:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-10-16 10:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-10-16 10:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-10-16 10:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-10-16 10:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-16 10:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-16 10:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-16 10:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Games\\Football Manager 2009\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Company of Heroes\\RelicCOH.exe"=
"c:\\Games\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Wolverine\\Binaries\\Wolverine.exe"=
"c:\\Games\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Games\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Honza\\Plocha\\Games\\Pro Evolution Soccer 2010.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Games\\Football Manager 2010\\fm.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX10.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.7.2009 16:35 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 11:23 114768]
R2 AODService;AODService;c:\program files\AMD OverDrive\AODAssist.exe [5.5.2009 4:45 124256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 11:23 20560]
R3 AODDriver;AODDriver;c:\program files\AMD OverDrive\i386\AODDriver.sys [5.5.2009 4:42 7680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.7.2009 14:17 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [4.11.2009 13:50 25832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8.12.2009 21:37 33792]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-12-15 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2009-12-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-19 13:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\t60qlz1y.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AF471F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,cd,bc,06,42,6c,ae,0b,7c,91,f2,56,c7,ff,69,a0,a3,89,c8,86,fb,bd,ef,
63,df,c5,ef,8c,9b,db,d5,de,e9,73,47,dc,21,8e,d7,1c,68,4a,0c,86,49,4f,ef,89,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,d6,33,e6,1e,f6,d6,63,c5,f8,17,5c,e9,2b,1e,da,72,1f,4b,a5,a3,
b0,04,3d,8b,02,49,27,99,35,a0,c5,44,65,af,58,18,d2,b8,cb,c9,dd,bb,18,00,c6,\
"rkeysecu"=hex:05,73,03,75,a8,a4,66,b4,fb,c4,02,2a,f8,ee,59,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3948)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-02-01 13:25:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-01 12:25
ComboFix2.txt 2010-02-01 10:20
ComboFix3.txt 2010-01-31 22:09
Před spuštěním: Volných bajtů: 475 465 854 976
Po spuštění: Volných bajtů: 475 338 330 112
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 16FEEAF848D17F37EE4CB8FEB56C073B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2687 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\system32\DRIVERS\xpadfl02.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_XPADFL02
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-02-01 10:35 . 2010-02-01 10:35 -------- d-----w- c:\program files\FileHoop Update Checker
2010-01-31 13:17 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 13:17 . 2010-01-31 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 13:17 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- C:\rsit
2010-01-30 17:12 . 2010-01-30 17:12 -------- d-----w- c:\program files\trend micro
2010-01-30 10:30 . 2010-01-30 10:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-30 10:30 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-30 10:30 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\program files\ZoneAlarm
2010-01-30 10:30 . 2010-01-30 10:30 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-30 10:30 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-30 10:29 . 2010-02-01 12:18 -------- d-----w- c:\windows\Internet Logs
2010-01-28 15:17 . 2010-01-28 15:17 25 ----a-w- c:\windows\popcinfot.dat
2010-01-28 12:38 . 2010-01-28 12:38 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-01-13 09:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 22:15 . 2010-01-08 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-06 16:35 . 2010-01-06 16:35 -------- d-----w- c:\program files\Common Files\DirectX
2010-01-04 18:29 . 2010-01-04 18:29 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-04 18:29 . 2010-01-04 18:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 12:21 . 2001-10-25 11:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 12:21 . 2001-10-25 11:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2010-01-29 18:51 . 2009-07-19 14:16 -------- d-----w- c:\program files\QIP
2010-01-28 13:10 . 2009-07-19 13:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-28 12:43 . 2009-08-13 16:26 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-28 12:43 . 2009-07-19 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 05:36 . 2009-07-19 14:12 -------- d-----w- c:\program files\Avast4
2010-01-10 22:27 . 2009-08-17 15:07 -------- d-----w- c:\program files\SpeedFan
2010-01-09 06:24 . 2009-07-19 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-05 19:56 . 2009-07-21 09:46 -------- d-----w- c:\program files\AMD OverDrive
2009-12-22 18:39 . 2009-12-22 18:39 -------- d-----w- c:\program files\ATI
2009-12-22 05:09 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-07-23 21:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-11-30 11:02 . 2009-07-19 15:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-25 03:50 . 2009-04-29 03:30 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2009-07-19 13:42 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2009-04-29 02:17 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2009-04-29 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2009-07-19 13:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-04-29 01:56 3538496 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2009-04-29 01:45 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-04-29 01:42 2142848 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2009-07-19 13:42 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2009-07-19 13:42 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2009-04-29 01:22 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:19 . 2009-04-29 01:20 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2009-04-29 01:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:18 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2009-04-29 01:17 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2009-04-29 01:13 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-24 23:54 . 2009-10-16 10:23 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-16 10:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-10-16 10:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-10-16 10:23 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-10-16 10:23 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-10-16 10:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-16 10:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-16 10:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-16 10:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Games\\Football Manager 2009\\fm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\Company of Heroes\\RelicCOH.exe"=
"c:\\Games\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Games\\Wolverine\\Binaries\\Wolverine.exe"=
"c:\\Games\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Games\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Games\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Honza\\Plocha\\Games\\Pro Evolution Soccer 2010.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Games\\Football Manager 2010\\fm.exe"=
"c:\\Games\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Games\\RESIDENT EVIL 5\\RE5DX10.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.7.2009 16:35 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.10.2009 11:23 114768]
R2 AODService;AODService;c:\program files\AMD OverDrive\AODAssist.exe [5.5.2009 4:45 124256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.10.2009 11:23 20560]
R3 AODDriver;AODDriver;c:\program files\AMD OverDrive\i386\AODDriver.sys [5.5.2009 4:42 7680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.7.2009 14:17 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [4.11.2009 13:50 25832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8.12.2009 21:37 33792]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-12-15 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2009-12-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-19 13:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\t60qlz1y.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 13:18
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AF471F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,cd,bc,06,42,6c,ae,0b,7c,91,f2,56,c7,ff,69,a0,a3,89,c8,86,fb,bd,ef,
63,df,c5,ef,8c,9b,db,d5,de,e9,73,47,dc,21,8e,d7,1c,68,4a,0c,86,49,4f,ef,89,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-299502267-1085031214-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e6,d6,33,e6,1e,f6,d6,63,c5,f8,17,5c,e9,2b,1e,da,72,1f,4b,a5,a3,
b0,04,3d,8b,02,49,27,99,35,a0,c5,44,65,af,58,18,d2,b8,cb,c9,dd,bb,18,00,c6,\
"rkeysecu"=hex:05,73,03,75,a8,a4,66,b4,fb,c4,02,2a,f8,ee,59,e5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3948)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avast4\ashMaiSv.exe
c:\program files\Avast4\ashWebSv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-02-01 13:25:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-01 12:25
ComboFix2.txt 2010-02-01 10:20
ComboFix3.txt 2010-01-31 22:09
Před spuštěním: Volných bajtů: 475 465 854 976
Po spuštění: Volných bajtů: 475 338 330 112
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 16FEEAF848D17F37EE4CB8FEB56C073B
Re: Prosím o kontrolu logu
Jak to ted vypadá s počítačem?
Používáte Daemon nebo alcohol?
Používáte Daemon nebo alcohol?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
používám daemonu, počítač jede v pohodě, on jel i předtím celkem v pohodě, jen občas se zaseklo načítání stránek, tak jsem radši poslal log, jestli to není vir nebo něco
mám domácí síť přes router a ten je velice často napadán zvenčí, průměrně 5 útoků za minutu, IP adresy jsou různé
nevím jestli mi tu s tímhle dokážete poradit, pro jistotu pošlu log z routeru, třeba vám to něco řekne
Mon Feb 01 2010 14:32:28 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 75.183.27.106:35364 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:28 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 77.12.4.112:22407 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 83.144.152.39:45682 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:33 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.82.93.147:61101 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:32:43 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 173.188.168.66:60398 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:46 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 195.240.236.241:22569 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:47 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 93.135.222.2:61919 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 77.220.113.230:28735 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 142.162.210.215:42210 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:59 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 206.248.157.240:7001 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:08 GMT+0100 (Central Europe Standard Time) Admin from 192.168.2.154 login successful
Mon Feb 01 2010 14:33:18 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 187.5.233.141:42212 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:24 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.70.23.189:10227 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:29 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 203.218.143.218:35380 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:37 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 69.172.123.84:34694 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:48 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 72.161.59.36:27040 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 99.141.186.178:50000 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.4.38.3:16073 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:15 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 75.44.174.25:51529 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:17 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 89.133.43.73:22998 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 76.121.23.242:17525 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 62.21.68.14:41193 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:33 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.204.210.158:41195 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:34 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 67.224.149.198:62613 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:46 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.244.88.126:6881 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:50 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 109.182.45.57:44614 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:57 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 65.25.205.246:6112 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 74.181.0.39:50999 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 87.57.189.182:41896 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:04 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 157.157.125.25:40000 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:22 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 64.185.46.143:47371 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:23 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.57.71.102:44170 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:25 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 85.127.76.3:26891 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:37 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 67.49.211.217:55007 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:38 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 69.64.78.199:3183 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:39 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.200.59.82:3647 to 10.24.6.134 TCP:135
Mon Feb 01 2010 14:35:42 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.200.59.82:3647 to 10.24.6.134 TCP:135
Mon Feb 01 2010 14:35:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 124.120.253.50:10025 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:54 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.52.22.248:42706 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:54 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 89.214.158.193:64059 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 189.19.112.50:11657 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:07 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 74.4.62.174:38547 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:14 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 62.240.184.92:56961 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:18 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 129.177.138.111:55670 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:27 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 87.123.133.210:35941 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:27 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 89.152.80.102:47624 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:28 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.33.116.226:2653 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:36:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.33.116.226:2653 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:36:36 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 217.129.37.18:32200 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:37 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.33.116.226:2653 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:36:48 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.193.116.87:42195 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:49 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.251.70.233:40976 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:56 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 87.189.212.147:55424 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:01 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 59.17.244.213:33207 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:05 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 196.213.21.90:53828 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:37:08 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 196.213.21.90:53828 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:37:14 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 196.213.21.90:53828 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:37:14 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.0.226.52:41728 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:17 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.28.64.57:60127 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:21 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 68.127.153.171:54829 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:26 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 218.212.210.89:45682 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.99.39.161:39990 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:45 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 83.131.236.31:17624 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:46 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.121.198.64:32769 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:48 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 59.178.55.180:56556 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 62.142.195.225:43417 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 208.96.99.8:60034 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.102.227.114:61432 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:38:02 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 67.71.138.157:60749 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:04 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.102.227.114:61432 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:38:06 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 68.91.100.162:10799 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:12 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.102.227.114:61432 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:38:27 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.154.26.211:29115 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 91.140.34.21:42083 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 74.173.31.124:60239 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.27.0.120:41234 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:43 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 207.216.41.203:30486 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.166.81.67:20895 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:55 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.54.103.179:10213 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 65.25.250.195:17002 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:02 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 83.87.67.216:50653 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:10 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 121.54.2.75:50105 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:11 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 201.214.89.237:24784 to 10.24.6.134 UDP:17829
tohle je jen malá ukázka, vůbec nevím proč je toho tolik
mám domácí síť přes router a ten je velice často napadán zvenčí, průměrně 5 útoků za minutu, IP adresy jsou různé
nevím jestli mi tu s tímhle dokážete poradit, pro jistotu pošlu log z routeru, třeba vám to něco řekne
Mon Feb 01 2010 14:32:28 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 75.183.27.106:35364 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:28 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 77.12.4.112:22407 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 83.144.152.39:45682 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:33 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.82.93.147:61101 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:32:43 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 173.188.168.66:60398 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:46 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 195.240.236.241:22569 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:47 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 93.135.222.2:61919 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 77.220.113.230:28735 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 142.162.210.215:42210 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:32:59 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 206.248.157.240:7001 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:08 GMT+0100 (Central Europe Standard Time) Admin from 192.168.2.154 login successful
Mon Feb 01 2010 14:33:18 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 187.5.233.141:42212 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:24 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.70.23.189:10227 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:29 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 203.218.143.218:35380 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:37 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 69.172.123.84:34694 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:48 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 72.161.59.36:27040 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:33:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 99.141.186.178:50000 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.4.38.3:16073 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:15 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 75.44.174.25:51529 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:17 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 89.133.43.73:22998 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 76.121.23.242:17525 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 62.21.68.14:41193 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:33 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.204.210.158:41195 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:34 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 67.224.149.198:62613 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:46 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.244.88.126:6881 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:50 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 109.182.45.57:44614 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:57 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 65.25.205.246:6112 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:34:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 74.181.0.39:50999 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 87.57.189.182:41896 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:04 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 157.157.125.25:40000 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:22 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 64.185.46.143:47371 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:23 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.57.71.102:44170 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:25 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 85.127.76.3:26891 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:37 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 67.49.211.217:55007 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:38 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 69.64.78.199:3183 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:39 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.200.59.82:3647 to 10.24.6.134 TCP:135
Mon Feb 01 2010 14:35:42 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.200.59.82:3647 to 10.24.6.134 TCP:135
Mon Feb 01 2010 14:35:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 124.120.253.50:10025 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:54 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.52.22.248:42706 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:54 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 89.214.158.193:64059 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:35:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 189.19.112.50:11657 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:07 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 74.4.62.174:38547 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:14 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 62.240.184.92:56961 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:18 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 129.177.138.111:55670 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:27 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 87.123.133.210:35941 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:27 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 89.152.80.102:47624 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:28 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.33.116.226:2653 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:36:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.33.116.226:2653 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:36:36 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 217.129.37.18:32200 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:37 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.33.116.226:2653 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:36:48 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.193.116.87:42195 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:49 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.251.70.233:40976 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:36:56 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 87.189.212.147:55424 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:01 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 59.17.244.213:33207 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:05 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 196.213.21.90:53828 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:37:08 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 196.213.21.90:53828 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:37:14 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 196.213.21.90:53828 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:37:14 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.0.226.52:41728 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:17 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.28.64.57:60127 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:21 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 68.127.153.171:54829 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:26 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 218.212.210.89:45682 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.99.39.161:39990 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:45 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 83.131.236.31:17624 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:46 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 24.121.198.64:32769 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:48 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 59.178.55.180:56556 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 62.142.195.225:43417 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:37:58 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 208.96.99.8:60034 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.102.227.114:61432 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:38:02 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 67.71.138.157:60749 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:04 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.102.227.114:61432 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:38:06 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 68.91.100.162:10799 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:12 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 81.102.227.114:61432 to 10.24.6.134 TCP:17829
Mon Feb 01 2010 14:38:27 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 82.154.26.211:29115 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 91.140.34.21:42083 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:31 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 74.173.31.124:60239 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:32 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 78.27.0.120:41234 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:43 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 207.216.41.203:30486 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:52 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 79.166.81.67:20895 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:38:55 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 80.54.103.179:10213 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:00 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 65.25.250.195:17002 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:02 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 83.87.67.216:50653 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:10 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 121.54.2.75:50105 to 10.24.6.134 UDP:17829
Mon Feb 01 2010 14:39:11 GMT+0100 (Central Europe Standard Time) Unrecognized attempt blocked from 201.214.89.237:24784 to 10.24.6.134 UDP:17829
tohle je jen malá ukázka, vůbec nevím proč je toho tolik
Re: Prosím o kontrolu logu
Ten problém s IE se už vyřešil? Odkdy máte problém s utoky na router? Možná by bylo lepší změnit IP adresu 
.Zone alarm Vám také blokuje nějaké utoky, nebo to router zvládá sám?
Odinstalujte combofix přesStart >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
Stáhněte Ccleaner,viz můj podpis-nainstalujte a vyčištěte dočasné soubory, i registry
Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku? Uděláme pro jistotu ještě nějaký sken? Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Prosím o kontrolu logu
Problém s prohlížečem už je snad oukej.
Kdy ty útoky začaly opravdu nevím. Zajímavější je, že provider nám asi před týdnem zrychlil připojení a s tím byla spojena i změna IP adresy. Útoky byli i před změnou adresy a četnost se, co sem zaznamenal, nezměnila.
ZoneAlarm zachytí v průměru tak 5-10 útoků za den.
Náběh windowsu se po vyčištění urychlil. Nezaznamenal jsem žádné další problémy. Prohlížeč se zatím nezasekl.
Pokud vás napadá ještě nějaký sken, tak jsem pro. Hlavně ať vám zbytečně nepřidělávám práci.
tady je log z RSITu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-02-01 15:58:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 466 GB (49%) free of 954 GB
Total RAM: 3326 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:15, on 1.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\AMD OverDrive\AODAssist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\!Soubory z internetu\RSIT.exe
C:\Program Files\trend micro\Honza.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD OverDrive\AODAssist.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5674 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Defraggler Volume C Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ZoneAlarm Client"=C:\Program Files\ZoneAlarm\zlclient.exe [2009-02-16 981384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitComet"=C:\Program Files\BitLord\BitLord.exe [2005-05-07 2224128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Games\Crysis\Bin32\Crysis.exe"="C:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Games\Football Manager 2009\fm.exe"="C:\Games\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Games\Company of Heroes\RelicCOH.exe"="C:\Games\Company of Heroes\RelicCOH.exe:*:Disabled:RelicCOH"
"C:\Games\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Games\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Disabled:Relic Patch Download Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Games\Prince of Persia\Prince of Persia.exe"="C:\Games\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
"C:\Games\Prince of Persia\PrinceOfPersia_Launcher.exe"="C:\Games\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
"C:\Games\Wolverine\Binaries\Wolverine.exe"="C:\Games\Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine"
"C:\Games\Prototype\prototypef.exe"="C:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe"="C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:@BIOS Application"
"C:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Games\Wolfenstein\MP\Wolf2MP.exe"="C:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)"
"C:\Games\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Games\Pro Evolution Soccer 2010\pes2010.exe"="C:\Games\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Documents and Settings\Honza\Plocha\Games\Pro Evolution Soccer 2010.exe"="C:\Documents and Settings\Honza\Plocha\Games\Pro Evolution Soccer 2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Games\Dragon Age\bin_ship\daorigins.exe"="C:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Games\Dragon Age\DAOriginsLauncher.exe"="C:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Games\Football Manager 2010\fm.exe"="C:\Games\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Games\World of Warcraft\Launcher.exe"="C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe"="C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight"
"C:\Games\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"C:\Games\RESIDENT EVIL 5\RE5DX9.EXE"="C:\Games\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"C:\Games\RESIDENT EVIL 5\RE5DX10.EXE"="C:\Games\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-01 15:58:07 ----D---- C:\rsit
2010-02-01 15:49:50 ----SHD---- C:\RECYCLER
2010-02-01 11:35:42 ----D---- C:\Program Files\FileHoop Update Checker
2010-02-01 11:12:29 ----A---- C:\Boot.bak
2010-02-01 11:12:26 ----RASHD---- C:\cmdcons
2010-01-31 14:17:12 ----D---- C:\Documents and Settings\Honza\Data aplikací\Malwarebytes
2010-01-31 14:17:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-31 14:17:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-30 18:12:28 ----D---- C:\Program Files\trend micro
2010-01-30 11:30:17 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-01-30 11:30:16 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-01-30 11:30:16 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-01-30 11:30:14 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-01-30 11:30:13 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-01-30 11:30:13 ----D---- C:\Program Files\ZoneAlarm
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-01-30 11:29:35 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-01-30 11:29:35 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-01-30 11:29:34 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-01-30 11:29:33 ----D---- C:\WINDOWS\Internet Logs
2010-01-28 13:38:56 ----D---- C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP
2010-01-27 13:56:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
2010-01-23 23:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-17 09:44:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Rumbic Studio
2010-01-13 17:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 09:14:24 ----D---- C:\Documents and Settings\Honza\Data aplikací\Dreamsdwell Stories
2010-01-08 23:15:46 ----D---- C:\Program Files\CCleaner
2010-01-06 17:35:00 ----D---- C:\Program Files\Common Files\DirectX
2010-01-06 17:31:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Divinity 2
======List of files/folders modified in the last 1 months======
2010-02-01 15:58:15 ----D---- C:\WINDOWS\Prefetch
2010-02-01 15:57:24 ----D---- C:\WINDOWS\system32
2010-02-01 15:57:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-01 15:57:09 ----D---- C:\!Soubory z internetu
2010-02-01 15:56:25 ----A---- C:\WINDOWS\wincmd.ini
2010-02-01 15:54:04 ----D---- C:\WINDOWS\Temp
2010-02-01 15:53:58 ----D---- C:\WINDOWS
2010-02-01 15:53:09 ----SHD---- C:\System Volume Information
2010-02-01 15:53:09 ----D---- C:\WINDOWS\system32\Restore
2010-02-01 15:51:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 15:38:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-01 13:25:08 ----D---- C:\WINDOWS\system32\drivers
2010-02-01 13:19:04 ----A---- C:\WINDOWS\system.ini
2010-02-01 13:15:40 ----D---- C:\WINDOWS\system32\config
2010-02-01 13:14:56 ----D---- C:\WINDOWS\AppPatch
2010-02-01 13:14:55 ----D---- C:\Program Files\Common Files
2010-02-01 11:35:42 ----RD---- C:\Program Files
2010-02-01 11:12:29 ----RASH---- C:\boot.ini
2010-01-31 23:09:11 ----SD---- C:\WINDOWS\Tasks
2010-01-31 22:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-31 22:44:49 ----D---- C:\!Torrents
2010-01-31 21:36:16 ----D---- C:\Michael
2010-01-30 21:38:12 ----D---- C:\Mamka
2010-01-30 21:37:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-30 20:16:30 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 11:29:34 ----SHD---- C:\WINDOWS\Installer
2010-01-30 11:29:34 ----D---- C:\WINDOWS\WinSxS
2010-01-29 19:51:48 ----D---- C:\Program Files\QIP
2010-01-29 17:07:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-28 18:29:20 ----D---- C:\WINDOWS\system32\DirectX
2010-01-28 18:29:19 ----HD---- C:\WINDOWS\inf
2010-01-28 18:28:38 ----RSD---- C:\WINDOWS\assembly
2010-01-28 15:42:00 ----D---- C:\Games
2010-01-28 14:10:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-28 13:43:48 ----D---- C:\Program Files\AGEIA Technologies
2010-01-28 13:43:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-23 23:25:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 22:51:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-23 19:39:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2010-01-23 19:00:55 ----D---- C:\WINDOWS\Minidump
2010-01-23 19:00:55 ----D---- C:\WINDOWS\Debug
2010-01-19 06:36:26 ----D---- C:\Program Files\Avast4
2010-01-10 23:27:32 ----D---- C:\Program Files\SpeedFan
2010-01-10 20:49:34 ----D---- C:\Documents and Settings\Honza\Data aplikací\codeblocks
2010-01-09 07:24:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-08 23:19:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-05 20:56:26 ----D---- C:\Program Files\AMD OverDrive
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-04 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-04 25888]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AODDriver;AODDriver; \??\C:\Program Files\AMD OverDrive\i386\AODDriver.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-30 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AODService;AODService; C:\Program Files\AMD OverDrive\AODAssist.exe [2009-05-05 124256]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-12 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Kdy ty útoky začaly opravdu nevím. Zajímavější je, že provider nám asi před týdnem zrychlil připojení a s tím byla spojena i změna IP adresy. Útoky byli i před změnou adresy a četnost se, co sem zaznamenal, nezměnila.
ZoneAlarm zachytí v průměru tak 5-10 útoků za den.
Náběh windowsu se po vyčištění urychlil. Nezaznamenal jsem žádné další problémy. Prohlížeč se zatím nezasekl.
Pokud vás napadá ještě nějaký sken, tak jsem pro. Hlavně ať vám zbytečně nepřidělávám práci.
tady je log z RSITu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Honza at 2010-02-01 15:58:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 466 GB (49%) free of 954 GB
Total RAM: 3326 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:15, on 1.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\AMD OverDrive\AODAssist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Documents and Settings\Honza\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\!Soubory z internetu\RSIT.exe
C:\Program Files\trend micro\Honza.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD OverDrive\AODAssist.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5674 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Defraggler Volume C Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ZoneAlarm Client"=C:\Program Files\ZoneAlarm\zlclient.exe [2009-02-16 981384]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitComet"=C:\Program Files\BitLord\BitLord.exe [2005-05-07 2224128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Games\Crysis\Bin32\Crysis.exe"="C:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Games\Football Manager 2009\fm.exe"="C:\Games\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Games\Company of Heroes\RelicCOH.exe"="C:\Games\Company of Heroes\RelicCOH.exe:*:Disabled:RelicCOH"
"C:\Games\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Games\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Disabled:Relic Patch Download Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Games\Prince of Persia\Prince of Persia.exe"="C:\Games\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
"C:\Games\Prince of Persia\PrinceOfPersia_Launcher.exe"="C:\Games\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
"C:\Games\Wolverine\Binaries\Wolverine.exe"="C:\Games\Wolverine\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine"
"C:\Games\Prototype\prototypef.exe"="C:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe"="C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:@BIOS Application"
"C:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Games\Wolfenstein\MP\Wolf2MP.exe"="C:\Games\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)"
"C:\Games\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Games\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Games\Pro Evolution Soccer 2010\pes2010.exe"="C:\Games\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Documents and Settings\Honza\Plocha\Games\Pro Evolution Soccer 2010.exe"="C:\Documents and Settings\Honza\Plocha\Games\Pro Evolution Soccer 2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Games\Dragon Age\bin_ship\daorigins.exe"="C:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Games\Dragon Age\DAOriginsLauncher.exe"="C:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Games\Football Manager 2010\fm.exe"="C:\Games\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Games\World of Warcraft\Launcher.exe"="C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe"="C:\Program Files\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight"
"C:\Games\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"C:\Games\RESIDENT EVIL 5\RE5DX9.EXE"="C:\Games\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"C:\Games\RESIDENT EVIL 5\RE5DX10.EXE"="C:\Games\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-01 15:58:07 ----D---- C:\rsit
2010-02-01 15:49:50 ----SHD---- C:\RECYCLER
2010-02-01 11:35:42 ----D---- C:\Program Files\FileHoop Update Checker
2010-02-01 11:12:29 ----A---- C:\Boot.bak
2010-02-01 11:12:26 ----RASHD---- C:\cmdcons
2010-01-31 14:17:12 ----D---- C:\Documents and Settings\Honza\Data aplikací\Malwarebytes
2010-01-31 14:17:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-31 14:17:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-30 18:12:28 ----D---- C:\Program Files\trend micro
2010-01-30 11:30:17 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-01-30 11:30:16 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-01-30 11:30:16 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-01-30 11:30:14 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-01-30 11:30:13 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-01-30 11:30:13 ----D---- C:\Program Files\ZoneAlarm
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-01-30 11:30:13 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-01-30 11:29:35 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-01-30 11:29:35 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-01-30 11:29:34 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-01-30 11:29:33 ----D---- C:\WINDOWS\Internet Logs
2010-01-28 13:38:56 ----D---- C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP
2010-01-27 13:56:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
2010-01-23 23:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-17 09:44:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Rumbic Studio
2010-01-13 17:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 09:14:24 ----D---- C:\Documents and Settings\Honza\Data aplikací\Dreamsdwell Stories
2010-01-08 23:15:46 ----D---- C:\Program Files\CCleaner
2010-01-06 17:35:00 ----D---- C:\Program Files\Common Files\DirectX
2010-01-06 17:31:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Divinity 2
======List of files/folders modified in the last 1 months======
2010-02-01 15:58:15 ----D---- C:\WINDOWS\Prefetch
2010-02-01 15:57:24 ----D---- C:\WINDOWS\system32
2010-02-01 15:57:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-01 15:57:09 ----D---- C:\!Soubory z internetu
2010-02-01 15:56:25 ----A---- C:\WINDOWS\wincmd.ini
2010-02-01 15:54:04 ----D---- C:\WINDOWS\Temp
2010-02-01 15:53:58 ----D---- C:\WINDOWS
2010-02-01 15:53:09 ----SHD---- C:\System Volume Information
2010-02-01 15:53:09 ----D---- C:\WINDOWS\system32\Restore
2010-02-01 15:51:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-01 15:38:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-01 13:25:08 ----D---- C:\WINDOWS\system32\drivers
2010-02-01 13:19:04 ----A---- C:\WINDOWS\system.ini
2010-02-01 13:15:40 ----D---- C:\WINDOWS\system32\config
2010-02-01 13:14:56 ----D---- C:\WINDOWS\AppPatch
2010-02-01 13:14:55 ----D---- C:\Program Files\Common Files
2010-02-01 11:35:42 ----RD---- C:\Program Files
2010-02-01 11:12:29 ----RASH---- C:\boot.ini
2010-01-31 23:09:11 ----SD---- C:\WINDOWS\Tasks
2010-01-31 22:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-31 22:44:49 ----D---- C:\!Torrents
2010-01-31 21:36:16 ----D---- C:\Michael
2010-01-30 21:38:12 ----D---- C:\Mamka
2010-01-30 21:37:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-30 20:16:30 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 11:29:34 ----SHD---- C:\WINDOWS\Installer
2010-01-30 11:29:34 ----D---- C:\WINDOWS\WinSxS
2010-01-29 19:51:48 ----D---- C:\Program Files\QIP
2010-01-29 17:07:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-28 18:29:20 ----D---- C:\WINDOWS\system32\DirectX
2010-01-28 18:29:19 ----HD---- C:\WINDOWS\inf
2010-01-28 18:28:38 ----RSD---- C:\WINDOWS\assembly
2010-01-28 15:42:00 ----D---- C:\Games
2010-01-28 14:10:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-28 13:43:48 ----D---- C:\Program Files\AGEIA Technologies
2010-01-28 13:43:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-23 23:25:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-23 22:51:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-23 19:39:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache
2010-01-23 19:00:55 ----D---- C:\WINDOWS\Minidump
2010-01-23 19:00:55 ----D---- C:\WINDOWS\Debug
2010-01-19 06:36:26 ----D---- C:\Program Files\Avast4
2010-01-10 23:27:32 ----D---- C:\Program Files\SpeedFan
2010-01-10 20:49:34 ----D---- C:\Documents and Settings\Honza\Data aplikací\codeblocks
2010-01-09 07:24:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-08 23:19:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-05 20:56:26 ----D---- C:\Program Files\AMD OverDrive
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-04 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-04 25888]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AODDriver;AODDriver; \??\C:\Program Files\AMD OverDrive\i386\AODDriver.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-30 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AODService;AODService; C:\Program Files\AMD OverDrive\AODAssist.exe [2009-05-05 124256]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-12 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Přispějete na provoz fóra?