Logfile of random's system information tool 1.06 (written by random/random)
Run by radim at 2010-02-14 05:10:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 95 GB
Total RAM: 1023 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:28, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\O2 Mobilni internet\O2 Mobilni internet.exe
C:\Program Files\RISITkontrolalogu\RSIT.exe
C:\Program Files\trend micro\radim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D29F88E-2521-403F-A75B-3EDD448BC19C}: NameServer = 160.218.10.200 160.218.43.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFFB196D-329C-46D0-8BCD-E32B9DD0022C}: NameServer = 217.195.160.10,217.195.165.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6445 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-13 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-13 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-13 149280]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2005-09-09 88203]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
C:\Program Files\System Control Manager\MGSysCtrl.exe [2006-03-24 179200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2005-07-08 1953887]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-06-29 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe [2005-08-16 339968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe [2005-08-17 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
C:\PROGRA~1\EDIMAX\Common\RaUI.exe [2007-12-14 716800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-10-04 393216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\GAMEs\LOTR II\game.dat"="C:\GAMEs\LOTR II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Utorent\uTorrent\utorrent.exe"="C:\Program Files\Utorent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c6ffc25-0c7f-11df-b3e9-9c6978bf4be2}]
shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{812d74d8-0cd0-11df-b3ed-ecf0ea7fa33b}]
shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{812d74dc-0cd0-11df-b3ed-ecf0ea7fa33b}]
shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8568ad0d-e0cb-11de-b37b-0016174fa96c}]
shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f04a5077-e182-11de-b37d-d5c87f440030}]
shell\AutoRun\command - E:\AutoRun.exe
======List of files/folders created in the last 1 months======
2010-02-14 00:37:55 ----D---- C:\Program Files\ISTool
2010-02-14 00:37:55 ----D---- C:\Documents and Settings\radim\Data aplikací\ISTool
2010-02-14 00:37:51 ----D---- C:\Program Files\Inno Setup 5
2010-02-13 05:07:51 ----D---- C:\Program Files\Silabs
2010-02-13 05:05:48 ----D---- C:\WINDOWS\system32\Silabs
2010-02-10 16:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 16:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 16:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 16:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 16:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 16:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 16:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 16:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 16:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 05:56:10 ----D---- C:\Documents and Settings\radim\Data aplikací\Thinstall
2010-02-10 02:07:35 ----SHD---- C:\WINDOWS\ftpcache
2010-02-10 02:07:04 ----A---- C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
2010-02-09 23:48:09 ----A---- C:\WINDOWS\system32\swb_uninst.exe
2010-02-09 23:34:57 ----D---- C:\Documents and Settings\radim\Data aplikací\eBookPro6
2010-02-08 22:36:59 ----A---- C:\PlayList.txt
2010-02-08 22:35:40 ----A---- C:\WINDOWS\system32\mp3enc.dll
2010-02-08 22:35:39 ----A---- C:\WINDOWS\UNWISE.EXE
2010-02-08 22:30:21 ----A---- C:\WINDOWS\system32\vbar332.dll
2010-02-01 20:34:04 ----D---- C:\Program Files\MozBackUP
2010-02-01 10:55:22 ----D---- C:\rsit
2010-02-01 03:07:55 ----SHD---- C:\Config.Msi
2010-01-29 03:32:45 ----D---- C:\Program Files\mobilpartnerII
2010-01-22 13:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
======List of files/folders modified in the last 1 months======
2010-02-14 05:11:28 ----D---- C:\Program Files\trend micro
2010-02-14 05:11:23 ----D---- C:\WINDOWS\Prefetch
2010-02-14 05:11:02 ----D---- C:\WINDOWS\Internet Logs
2010-02-14 05:10:35 ----D---- C:\Program Files\RISITkontrolalogu
2010-02-14 05:08:50 ----D---- C:\Program Files
2010-02-14 05:07:22 ----D---- C:\WINDOWS\Temp
2010-02-14 05:07:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 01:59:45 ----D---- C:\WINDOWS
2010-02-14 01:52:14 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-02-13 21:13:23 ----D---- C:\Documents and Settings\radim\Data aplikací\vlc
2010-02-13 06:32:54 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 05:26:10 ----D---- C:\Documents and Settings\radim\Data aplikací\dvdcss
2010-02-13 05:07:52 ----HD---- C:\WINDOWS\inf
2010-02-13 05:05:48 ----D---- C:\WINDOWS\system32
2010-02-13 05:05:46 ----D---- C:\Program Files\DIFX
2010-02-13 05:05:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-11 15:16:29 ----D---- C:\WINDOWS\Debug
2010-02-11 14:46:25 ----D---- C:\WINDOWS\system32\Restore
2010-02-11 02:38:10 ----A---- C:\WINDOWS\wincmd.ini
2010-02-10 21:07:50 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-10 16:46:32 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 16:46:28 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-10 16:46:28 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 06:05:55 ----D---- C:\Documents and Settings\radim\Data aplikací\uTorrent
2010-02-08 22:30:22 ----RSD---- C:\WINDOWS\Fonts
2010-02-07 14:25:59 ----A---- C:\WINDOWS\win.ini
2010-02-04 03:54:15 ----D---- C:\Program Files\VLC Player
2010-02-03 02:45:25 ----D---- C:\Program Files\FreeRapid
2010-02-01 21:56:34 ----D---- C:\Program Files\Mozilla Firefox
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-01 18:14:44 ----SHD---- C:\WINDOWS\Installer
2010-02-01 03:45:52 ----A---- C:\ASLog.txt
2010-02-01 03:41:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-01 03:08:04 ----D---- C:\Program Files\Microsoft ActiveSync
2010-02-01 03:08:01 ----D---- C:\WINDOWS\Help
2010-01-31 22:17:57 ----D---- C:\Program Files\CCleaner
2010-01-29 22:34:41 ----D---- C:\Program Files\O2 Mobilni internet
2010-01-29 12:49:45 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem v6081.txt
2010-01-27 23:21:50 ----D---- C:\GAMEs
2010-01-21 12:39:30 ----D---- C:\Program Files\Microsoft Silverlight
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-23 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-26 1145728]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-20 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-09 47360]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys []
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-08-25 8807424]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-04-12 639224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zpomalený comp i net a vysoká zátěž cpu . RSIT log .
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
Dobrý den 
pošlete ještě log z Combofix:
Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
pošlete ještě log z Combofix:
Stáhneme na plochu, ukončíme všechna aktivní okna a spustíme ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění potvrdíme podmínky užití
- Dále postupujeme dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
- ComboFix je třeba spustit pod účtem s právy administrátora
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
ComboFix 10-02-12.01 - radim 14.02.2010 15:47:43.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.655 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 05:56 . 2010-02-14 06:10 -------- d-----w- c:\program files\SecuniKontrolaAktualizacíSoftvare
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\ISTool
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\Inno Setup 5
2010-02-13 04:07 . 2010-02-13 04:07 -------- d-----w- c:\program files\Silabs
2010-02-13 04:05 . 2010-02-13 04:07 -------- d-----w- c:\windows\system32\Silabs
2010-02-10 01:07 . 2010-02-10 01:07 -------- d-sh--w- c:\windows\ftpcache
2010-02-10 01:07 . 2010-02-10 01:07 458881 ----a-w- c:\windows\Natura Sound Therapy Uninstaller.exe
2010-02-09 22:48 . 2010-02-09 22:48 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-02-08 21:35 . 2003-05-21 05:47 49152 ----a-w- c:\windows\system32\mp3enc.dll
2010-02-08 21:35 . 2001-09-28 16:00 164864 ----a-w- c:\windows\UNWISE.EXE
2010-02-08 21:30 . 1998-04-24 19:08 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-01 19:34 . 2010-02-01 20:27 -------- d-----w- c:\program files\MozBackUP
2010-02-01 09:55 . 2010-02-01 09:55 -------- d-----w- C:\rsit
2010-01-29 21:34 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-29 21:34 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-29 21:34 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-29 21:34 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-29 02:32 . 2010-01-29 02:33 -------- d-----w- c:\program files\mobilpartnerII
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 14:18 . 2009-12-30 16:56 9301143 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-14 04:11 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2010-02-14 04:10 . 2009-10-09 08:05 -------- d-----w- c:\program files\RISITkontrolalogu
2010-02-13 04:05 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2010-02-10 20:07 . 2009-12-04 19:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-10 15:53 . 2010-02-10 15:53 122661 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip
2010-02-06 15:18 . 2010-02-06 15:18 146467 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip
2010-02-06 15:12 . 2010-02-06 15:12 1684992 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-02-06 15:12 . 2010-02-06 15:12 1728512 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-04 02:54 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2010-02-03 01:45 . 2009-02-03 12:37 -------- d-----w- c:\program files\FreeRapid
2010-02-01 02:41 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 02:41 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 02:08 . 2007-02-11 12:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-31 21:17 . 2009-12-21 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-29 21:34 . 2009-12-02 10:17 -------- d-----w- c:\program files\O2 Mobilni internet
2010-01-24 13:19 . 2010-01-24 13:19 121334 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip
2010-01-21 11:39 . 2009-08-08 12:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 13:02 . 2010-01-14 13:02 -------- d-----w- c:\program files\NOS
2010-01-06 00:15 . 2010-01-06 00:15 -------- d-----w- c:\program files\Mobile Partner
2009-12-31 16:50 . 2009-08-13 06:29 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:45 . 2009-12-30 19:44 -------- d-----w- c:\program files\MobilPartner
2009-12-30 16:43 . 2009-12-30 16:40 -------- d-----w- c:\program files\ATFcleanerVIRY.cz
2009-12-30 10:20 . 2009-12-29 17:35 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 20:44 . 2007-12-15 19:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 20:44 . 2009-12-29 20:44 -------- d-----w- c:\program files\Zone Labs
2009-12-29 17:56 . 2007-12-15 19:19 -------- d-----w- c:\program files\ZoneAlarm
2009-12-29 17:35 . 2009-12-29 17:25 -------- d-----w- c:\program files\RevoUninstaler
2009-12-29 12:08 . 2009-12-29 12:06 -------- d-----w- c:\program files\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 13:51 . 2009-12-05 14:21 -------- d-----w- c:\program files\Opera Turbo
2009-12-26 16:45 . 2009-12-25 14:04 -------- d-----w- c:\program files\Garmin
2009-12-22 05:09 . 2004-08-18 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-08-28 11:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2007-02-07 05:07 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2009-08-13 06:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 01:11 . 2009-12-13 00:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 10:11 . 2009-08-13 06:29 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2009-08-13 06:29 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 18:22 . 2009-08-13 06:29 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 11:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 14:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 11:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 14:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 14:42 . 2009-12-29 20:44 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-29 20:44 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-29 20:44 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
path=c:\documents and settings\radim\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.2.2007 10:58 20128]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.12.2009 18:35 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-PROCCOMM&10C4&82F9 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\PROCCOMM&10C4&82F9
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 15:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-14 15:54:40
ComboFix-quarantined-files.txt 2010-02-14 14:54
Před spuštěním: 2 911 121 408
Po spuštění: 2 873 872 384
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D9EFE66C6C06A5B65B988FB5E78B62C7
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.655 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 05:56 . 2010-02-14 06:10 -------- d-----w- c:\program files\SecuniKontrolaAktualizacíSoftvare
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\ISTool
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\Inno Setup 5
2010-02-13 04:07 . 2010-02-13 04:07 -------- d-----w- c:\program files\Silabs
2010-02-13 04:05 . 2010-02-13 04:07 -------- d-----w- c:\windows\system32\Silabs
2010-02-10 01:07 . 2010-02-10 01:07 -------- d-sh--w- c:\windows\ftpcache
2010-02-10 01:07 . 2010-02-10 01:07 458881 ----a-w- c:\windows\Natura Sound Therapy Uninstaller.exe
2010-02-09 22:48 . 2010-02-09 22:48 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-02-08 21:35 . 2003-05-21 05:47 49152 ----a-w- c:\windows\system32\mp3enc.dll
2010-02-08 21:35 . 2001-09-28 16:00 164864 ----a-w- c:\windows\UNWISE.EXE
2010-02-08 21:30 . 1998-04-24 19:08 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-01 19:34 . 2010-02-01 20:27 -------- d-----w- c:\program files\MozBackUP
2010-02-01 09:55 . 2010-02-01 09:55 -------- d-----w- C:\rsit
2010-01-29 21:34 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-29 21:34 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-29 21:34 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-29 21:34 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-29 02:32 . 2010-01-29 02:33 -------- d-----w- c:\program files\mobilpartnerII
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 14:18 . 2009-12-30 16:56 9301143 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-14 04:11 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2010-02-14 04:10 . 2009-10-09 08:05 -------- d-----w- c:\program files\RISITkontrolalogu
2010-02-13 04:05 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2010-02-10 20:07 . 2009-12-04 19:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-10 15:53 . 2010-02-10 15:53 122661 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip
2010-02-06 15:18 . 2010-02-06 15:18 146467 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip
2010-02-06 15:12 . 2010-02-06 15:12 1684992 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-02-06 15:12 . 2010-02-06 15:12 1728512 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-04 02:54 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2010-02-03 01:45 . 2009-02-03 12:37 -------- d-----w- c:\program files\FreeRapid
2010-02-01 02:41 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 02:41 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 02:08 . 2007-02-11 12:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-31 21:17 . 2009-12-21 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-29 21:34 . 2009-12-02 10:17 -------- d-----w- c:\program files\O2 Mobilni internet
2010-01-24 13:19 . 2010-01-24 13:19 121334 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip
2010-01-21 11:39 . 2009-08-08 12:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 13:02 . 2010-01-14 13:02 -------- d-----w- c:\program files\NOS
2010-01-06 00:15 . 2010-01-06 00:15 -------- d-----w- c:\program files\Mobile Partner
2009-12-31 16:50 . 2009-08-13 06:29 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:45 . 2009-12-30 19:44 -------- d-----w- c:\program files\MobilPartner
2009-12-30 16:43 . 2009-12-30 16:40 -------- d-----w- c:\program files\ATFcleanerVIRY.cz
2009-12-30 10:20 . 2009-12-29 17:35 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 20:44 . 2007-12-15 19:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 20:44 . 2009-12-29 20:44 -------- d-----w- c:\program files\Zone Labs
2009-12-29 17:56 . 2007-12-15 19:19 -------- d-----w- c:\program files\ZoneAlarm
2009-12-29 17:35 . 2009-12-29 17:25 -------- d-----w- c:\program files\RevoUninstaler
2009-12-29 12:08 . 2009-12-29 12:06 -------- d-----w- c:\program files\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 13:51 . 2009-12-05 14:21 -------- d-----w- c:\program files\Opera Turbo
2009-12-26 16:45 . 2009-12-25 14:04 -------- d-----w- c:\program files\Garmin
2009-12-22 05:09 . 2004-08-18 11:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-08-28 11:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2007-02-07 05:07 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2009-08-13 06:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 01:11 . 2009-12-13 00:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 10:11 . 2009-08-13 06:29 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2009-08-13 06:29 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 18:22 . 2009-08-13 06:29 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 11:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 14:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 11:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 14:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 14:42 . 2009-12-29 20:44 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-29 20:44 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-29 20:44 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
path=c:\documents and settings\radim\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.2.2007 10:58 20128]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.12.2009 18:35 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-PROCCOMM&10C4&82F9 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\PROCCOMM&10C4&82F9
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 15:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-14 15:54:40
ComboFix-quarantined-files.txt 2010-02-14 14:54
Před spuštěním: 2 911 121 408
Po spuštění: 2 873 872 384
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D9EFE66C6C06A5B65B988FB5E78B62C7
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
otevřte poznámkový blok (Notepad) a zkopírujte do něj následující text:
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFixKillAll::
File::
c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
ComboFix 10-02-12.01 - radim 15.02.2010 20:22:32.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.616 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\radim\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100215-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\Internet Logs\tvDebug.Zip"
"c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip"
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-14 05:56 . 2010-02-14 06:10 -------- d-----w- c:\program files\SecuniKontrolaAktualizacíSoftvare
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\ISTool
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\Inno Setup 5
2010-02-13 04:07 . 2010-02-13 04:07 -------- d-----w- c:\program files\Silabs
2010-02-13 04:05 . 2010-02-13 04:07 -------- d-----w- c:\windows\system32\Silabs
2010-02-10 01:07 . 2010-02-10 01:07 -------- d-sh--w- c:\windows\ftpcache
2010-02-10 01:07 . 2010-02-10 01:07 458881 ----a-w- c:\windows\Natura Sound Therapy Uninstaller.exe
2010-02-09 22:48 . 2010-02-09 22:48 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-02-08 21:35 . 2003-05-21 05:47 49152 ----a-w- c:\windows\system32\mp3enc.dll
2010-02-08 21:35 . 2001-09-28 16:00 164864 ----a-w- c:\windows\UNWISE.EXE
2010-02-08 21:30 . 1998-04-24 19:08 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-01 19:34 . 2010-02-01 20:27 -------- d-----w- c:\program files\MozBackUP
2010-02-01 09:55 . 2010-02-01 09:55 -------- d-----w- C:\rsit
2010-01-29 21:34 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-29 21:34 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-29 21:34 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-29 21:34 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-29 02:32 . 2010-01-29 02:33 -------- d-----w- c:\program files\mobilpartnerII
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 04:11 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2010-02-14 04:10 . 2009-10-09 08:05 -------- d-----w- c:\program files\RISITkontrolalogu
2010-02-13 04:05 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2010-02-10 20:07 . 2009-12-04 19:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-04 02:54 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2010-02-03 01:45 . 2009-02-03 12:37 -------- d-----w- c:\program files\FreeRapid
2010-02-01 02:41 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 02:41 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 02:08 . 2007-02-11 12:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-31 21:17 . 2009-12-21 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-29 21:34 . 2009-12-02 10:17 -------- d-----w- c:\program files\O2 Mobilni internet
2010-01-21 11:39 . 2009-08-08 12:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 13:02 . 2010-01-14 13:02 -------- d-----w- c:\program files\NOS
2010-01-06 00:15 . 2010-01-06 00:15 -------- d-----w- c:\program files\Mobile Partner
2009-12-31 16:50 . 2009-08-13 06:29 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:45 . 2009-12-30 19:44 -------- d-----w- c:\program files\MobilPartner
2009-12-30 16:43 . 2009-12-30 16:40 -------- d-----w- c:\program files\ATFcleanerVIRY.cz
2009-12-30 10:20 . 2009-12-29 17:35 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 20:44 . 2007-12-15 19:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 20:44 . 2009-12-29 20:44 -------- d-----w- c:\program files\Zone Labs
2009-12-29 17:56 . 2007-12-15 19:19 -------- d-----w- c:\program files\ZoneAlarm
2009-12-29 17:35 . 2009-12-29 17:25 -------- d-----w- c:\program files\RevoUninstaler
2009-12-29 12:08 . 2009-12-29 12:06 -------- d-----w- c:\program files\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 13:51 . 2009-12-05 14:21 -------- d-----w- c:\program files\Opera Turbo
2009-12-26 16:45 . 2009-12-25 14:04 -------- d-----w- c:\program files\Garmin
2009-12-22 05:09 . 2004-08-18 11:00 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-08-28 11:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2007-02-07 05:07 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2009-08-13 06:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 01:11 . 2009-12-13 00:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 10:11 . 2009-08-13 06:29 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2009-08-13 06:29 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 18:22 . 2009-08-13 06:29 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 11:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 14:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 11:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 14:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 14:42 . 2009-12-29 20:44 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-29 20:44 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-29 20:44 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
path=c:\documents and settings\radim\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.2.2007 10:58 20128]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.12.2009 18:35 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://neviditelnypes.lidovky.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://neviditelnypes.lidovky.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\o2flash.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-15 20:33:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-15 19:33
ComboFix2.txt 2010-02-15 19:02
ComboFix3.txt 2010-02-14 14:54
Před spuštěním: 2 692 288 512
Po spuštění: 2 638 741 504
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 45159EE3B4E2D9FE0AAB5BB2AE1399E5
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.616 [GMT 1:00]
Spuštěný z: c:\documents and settings\radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\radim\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100215-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\Internet Logs\tvDebug.Zip"
"c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip"
"c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip"
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\tvDebug.Zip
c:\windows\Internet Logs\vsmon_2nd_2010_01_24_14_13_49_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2010_02_06_16_12_42_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2010_02_10_16_47_52_small.dmp.zip
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-14 05:56 . 2010-02-14 06:10 -------- d-----w- c:\program files\SecuniKontrolaAktualizacíSoftvare
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\ISTool
2010-02-13 23:37 . 2010-02-13 23:37 -------- d-----w- c:\program files\Inno Setup 5
2010-02-13 04:07 . 2010-02-13 04:07 -------- d-----w- c:\program files\Silabs
2010-02-13 04:05 . 2010-02-13 04:07 -------- d-----w- c:\windows\system32\Silabs
2010-02-10 01:07 . 2010-02-10 01:07 -------- d-sh--w- c:\windows\ftpcache
2010-02-10 01:07 . 2010-02-10 01:07 458881 ----a-w- c:\windows\Natura Sound Therapy Uninstaller.exe
2010-02-09 22:48 . 2010-02-09 22:48 286720 ----a-w- c:\windows\system32\swb_uninst.exe
2010-02-08 21:35 . 2003-05-21 05:47 49152 ----a-w- c:\windows\system32\mp3enc.dll
2010-02-08 21:35 . 2001-09-28 16:00 164864 ----a-w- c:\windows\UNWISE.EXE
2010-02-08 21:30 . 1998-04-24 19:08 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-02-01 19:34 . 2010-02-01 20:27 -------- d-----w- c:\program files\MozBackUP
2010-02-01 09:55 . 2010-02-01 09:55 -------- d-----w- C:\rsit
2010-01-29 21:34 . 2008-09-26 17:01 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-29 21:34 . 2008-09-26 17:01 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-29 21:34 . 2008-09-26 17:01 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-29 21:34 . 2008-09-26 17:00 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-29 02:32 . 2010-01-29 02:33 -------- d-----w- c:\program files\mobilpartnerII
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 04:11 . 2009-12-28 20:52 -------- d-----w- c:\program files\trend micro
2010-02-14 04:10 . 2009-10-09 08:05 -------- d-----w- c:\program files\RISITkontrolalogu
2010-02-13 04:05 . 2009-12-25 14:04 -------- d-----w- c:\program files\DIFX
2010-02-10 20:07 . 2009-12-04 19:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-04 02:54 . 2007-02-09 14:31 -------- d-----w- c:\program files\VLC Player
2010-02-03 01:45 . 2009-02-03 12:37 -------- d-----w- c:\program files\FreeRapid
2010-02-01 02:41 . 2004-08-18 11:00 81034 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 02:41 . 2004-08-18 11:00 434234 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 02:08 . 2007-02-11 12:11 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-31 21:17 . 2009-12-21 22:21 -------- d-----w- c:\program files\CCleaner
2010-01-29 21:34 . 2009-12-02 10:17 -------- d-----w- c:\program files\O2 Mobilni internet
2010-01-21 11:39 . 2009-08-08 12:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 13:02 . 2010-01-14 13:02 -------- d-----w- c:\program files\NOS
2010-01-06 00:15 . 2010-01-06 00:15 -------- d-----w- c:\program files\Mobile Partner
2009-12-31 16:50 . 2009-08-13 06:29 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:45 . 2009-12-30 19:44 -------- d-----w- c:\program files\MobilPartner
2009-12-30 16:43 . 2009-12-30 16:40 -------- d-----w- c:\program files\ATFcleanerVIRY.cz
2009-12-30 10:20 . 2009-12-29 17:35 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 20:44 . 2007-12-15 19:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 20:44 . 2009-12-29 20:44 -------- d-----w- c:\program files\Zone Labs
2009-12-29 17:56 . 2007-12-15 19:19 -------- d-----w- c:\program files\ZoneAlarm
2009-12-29 17:35 . 2009-12-29 17:25 -------- d-----w- c:\program files\RevoUninstaler
2009-12-29 12:08 . 2009-12-29 12:06 -------- d-----w- c:\program files\TCleanerOdstraneníistícíchUtilitzPC
2009-12-28 13:51 . 2009-12-05 14:21 -------- d-----w- c:\program files\Opera Turbo
2009-12-26 16:45 . 2009-12-25 14:04 -------- d-----w- c:\program files\Garmin
2009-12-22 05:09 . 2004-08-18 11:00 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2009-08-28 11:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2007-02-07 05:07 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2009-08-13 06:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 01:11 . 2009-12-13 00:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 10:11 . 2009-08-13 06:29 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2009-08-13 06:29 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 21:35 . 2009-12-04 21:35 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-12-04 18:22 . 2009-08-13 06:29 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 11:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 14:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 11:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 14:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-09-11 08:25 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-09-11 08:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-09-11 08:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-11 08:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-11 08:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-09-11 08:25 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-09-11 08:25 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-09-11 08:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-09-11 08:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 14:42 . 2009-12-29 20:44 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 14:42 . 2009-12-29 20:44 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 14:42 . 2009-12-29 20:44 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-21 16:03 . 2004-08-18 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-04-14 18:41 . 2008-04-14 18:41 1086613 ----a-w- c:\program files\PowerISO39.exe
2007-12-27 18:46 . 2007-12-27 18:45 1734996 ----a-w- c:\program files\free-ipod-video-converter.exe
2007-02-08 17:36 . 2007-02-08 17:36 11855 ----a-w- c:\program files\DCPlusPlus0694CZ.rar
2007-02-08 17:24 . 2007-02-08 16:46 4277889 ----a-w- c:\program files\sdc203.rar
2007-02-08 17:11 . 2007-02-08 17:11 1201644 ----a-w- c:\program files\wrar37b3.exe
2007-02-08 17:08 . 2007-02-08 17:07 2072464 ----a-w- c:\program files\tcmd7pb3.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-07-08 1953887]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Wireless Utility.lnk
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^radim^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
path=c:\documents and settings\radim\Nabídka Start\Programy\Po spuštění\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-09-09 03:20 88203 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 13:53 1312080 ----a-w- c:\program files\MAMBMalwere\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-03-24 14:23 179200 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 03:22 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-07-08 15:01 1953887 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 00:03 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2005-08-16 20:54 339968 ----a-w- c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 11:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-23 07:43 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2005-08-17 14:57 90112 ----a-w- c:\windows\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\GAMEs\\LOTR II\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Utorent\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23859:TCP"= 23859:TCP:BitComet 23859 TCP
"23859:UDP"= 23859:UDP:BitComet 23859 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.2.2006 8:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.2.2006 9:01 29056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.9.2009 9:25 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.9.2009 9:25 20560]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [7.2.2007 10:58 40960]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [7.2.2007 10:58 20128]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29.12.2009 18:35 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [4.12.2009 22:35 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:34 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://neviditelnypes.lidovky.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {CFFB196D-329C-46D0-8BCD-E32B9DD0022C} = 217.195.160.10,217.195.165.131
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://neviditelnypes.lidovky.cz/
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\radim\Data aplikací\Mozilla\Firefox\Profiles\35yix5ng.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\golm\Real Alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera Turbo\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\VLC Player\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-507921405-706699826-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,6e,22,45,a7,0c,3c,94,8d,ed,49,35,f2,ae,94,4d,3f,bc,ff,0a,a8,a6,f4,
1a,8d,e2,19,f5,0c,85,79,8f,5a,34,f5,5e,1c,16,4d,21,82,f0,28,ed,23,e5,26,d2,\
"??"=hex:33,11,23,de,0b,d9,1f,29,a6,ce,2a,8b,3d,1b,54,1f
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\o2flash.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-15 20:33:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-15 19:33
ComboFix2.txt 2010-02-15 19:02
ComboFix3.txt 2010-02-14 14:54
Před spuštěním: 2 692 288 512
Po spuštění: 2 638 741 504
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 45159EE3B4E2D9FE0AAB5BB2AE1399E5
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
OK, použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů
a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:
po spuštění staženého souboru se objeví okno:
zatrhněte Select All, klikněte na Empty Selected a Exit
stejným způsobem vymažte případně cache Firefoxu a Opery
restartujte PC
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
Použil jsem všechny tři programy , tak snad 
Děkuji .
Děkuji .
-
meteorolog
- Vzorný návštěvník
- Příspěvky: 308
- Registrován: 07 led 2007 15:20
- Bydliště: Pardubice
Re: zpomalený comp i net a vysoká zátěž cpu . RSIT log .
nemáte zač
"Život je život, louka je louka, koukneš se do trávy – a vidíš brouka."
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
"Neodpovídej tupci na jeho tupost, aby ses mu sám nezačal podobat. Odpověz tupci na jeho tupost, aby si přestal moudrý připadat...."
(Přísloví krále Šalomouna)
Přispějete na provoz fóra?