Zdravím, mam hrozne pomaly internet (prakaticky nepouzitelny), vytizeni cpu skoro na 100%, netmonitor me ukazuje plnou aktivitu procesu services (a svchost), který odesíla data neznamo kam. Prosím poradte, predem diky. Výpis z combofixu:
ComboFix 10-01-19.08 - Administrator 20.01.2010 20:54:35.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.1475 [GMT 1:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-614266077-972239720-897709346-500
c:\recycled\Recycled
c:\users\Administrator\AppData\Roaming\avdrn.dat
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\system32\AutoRun.inf
D:\services.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 20:08 . 2003-07-30 02:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys
2010-01-20 20:06 . 2010-01-20 20:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-20 20:06 . 2010-01-20 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-20 10:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:09 . 2007-11-15 04:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-20 20:07 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-19 14:42 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\Ask.com
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-02 21:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - nmemok
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKLM-Run-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM-Run-Network Traffic Monitor - (no file)
AddRemove-Mihov Image Resizer - c:\program files\Mihov Image Resizer\Uninstall.exe
AddRemove-Pocket Fractals (Pocket PC) - c:\program files\SpaceTime Mathematics\Pocket Fractals\uninstall.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4888)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\system32\conime.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
d:\xampp\filezillaftp\filezillaserver.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
d:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\IfxPsdSv.exe
c:\windows\RtHDVCpl.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\TouchKit\xTouchMon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2010-01-20 21:19:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-20 20:19
Před spuštěním: Volných bajtů: 72 038 658 048
Po spuštění: Volných bajtů: 72 999 829 504
- - End Of File - - 07414F49DE1E5AF03DB5FB9CAD4F20C1
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
services.exe, pomaly NB a internet
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: services.exe, pomaly NB a internet
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\acovcnt.exe
Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: services.exe, pomaly NB a internet
Diky, pocitac se zrychlil, uz je zase zatizeni v klidu na jednotkach procent... Porad ale mam problemy s tim service.exe, kterej posila buhvico na spousty adres a dokonale tak blokuje internet (mam dva notebooky napojeni na jeden router, abych toto vubec mohl psat, tak vzdycky musim ten nakazenej pocitac odpojit) a posila data napr na 218.102.23.50 (coz vypada na nejaky cinany).
Soucasnej log z combofix:
ComboFix 10-01-19.08 - Administrator 21.01.2010 11:48:59.2.2 - x86
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:07 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-16 10:28 . 2010-01-15 16:07 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-01-16 10:28 . 2010-01-15 16:07 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-01-16 10:28 . 2010-01-15 16:07 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-01-16 10:28 . 2010-01-15 16:07 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-20 10:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 10:42 . 2009-09-25 14:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 10:41 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-19 14:42 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 15:14 . 2009-10-05 15:08 2668672 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-11-05 15:14 . 2009-11-05 15:14 25214 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe
2009-11-02 19:42 . 2009-10-02 21:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [14.12.2009 21:46 691696]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - nmemok
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-21 11:59:32
ComboFix-quarantined-files.txt 2010-01-21 10:59
ComboFix2.txt 2010-01-20 20:19
Před spuštěním: Volných bajtů: 72 952 197 120
Po spuštění: Volných bajtů: 72 887 631 872
- - End Of File - - 4B170DF9B3C01624E92C4A28FFE1BC72
Soucasnej log z combofix:
ComboFix 10-01-19.08 - Administrator 21.01.2010 11:48:59.2.2 - x86
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:07 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-16 10:28 . 2010-01-15 16:07 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-01-16 10:28 . 2010-01-15 16:07 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-01-16 10:28 . 2010-01-15 16:07 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-01-16 10:28 . 2010-01-15 16:07 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-20 10:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 10:42 . 2009-09-25 14:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 10:41 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-19 14:42 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 15:14 . 2009-10-05 15:08 2668672 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-11-05 15:14 . 2009-11-05 15:14 25214 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe
2009-11-02 19:42 . 2009-10-02 21:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [14.12.2009 21:46 691696]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - nmemok
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-21 11:59:32
ComboFix-quarantined-files.txt 2010-01-21 10:59
ComboFix2.txt 2010-01-20 20:19
Před spuštěním: Volných bajtů: 72 952 197 120
Po spuštění: Volných bajtů: 72 887 631 872
- - End Of File - - 4B170DF9B3C01624E92C4A28FFE1BC72
Re: services.exe, pomaly NB a internet
Prosim, fakt jsem z toho uz zoufalej... Kdyz se to vyresi, mate u me par dolaru pres paypal 
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: services.exe, pomaly NB a internet
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: services.exe, pomaly NB a internet
Po par minutach se skener zastavi na souboru nmemok.sys (objevil se i v logu viz prispevek nahore), ohlasi ze objevil virus a cely antivirus se jakoby zasekne... Mam ten soubor smazat?
Re: services.exe, pomaly NB a internet
Hm tak v tom /system32/drivers/mnemok.sys je Rootkit.Win32.Agent.abmh, kaspersky pise ze ho odstrani po restartu, ale nevede se mu... je tam porad...
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: services.exe, pomaly NB a internet
Spusťte CF tímto skriptem:
Collect::
c:\windows\system32\drivers\mnemok.sys
Driver::
mnemok
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: services.exe, pomaly NB a internet
Sakra to je zmetek... Porad to tam je... Vsechno ostatni uz je v pohode, jen ten services.exe mi porad vyuziva linku uplne naplno... uz nevim co vyzkouset...
Aktualni combofix.log:
ComboFix 10-01-19.08 - Administrator 21.01.2010 23:46:22.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.1836 [GMT 1:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 18:40 . 2010-01-21 20:06 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-21 18:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\90965572.sys
2010-01-21 18:38 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\9096557.sys
2010-01-21 18:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\90965571.sys
2010-01-21 18:34 . 2010-01-21 18:34 -------- d-----w- c:\program files\CCleaner
2010-01-21 18:34 . 2010-01-21 18:36 61061464 ----a-w- C:\setup_9.0.0.722_21.01.2010_18-00.exe
2010-01-21 18:34 . 2010-01-21 18:34 3165824 ----a-w- C:\ccleaner.exe
2010-01-21 16:01 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-21 16:01 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-21 16:01 . 2010-01-21 16:01 -------- d-----w- c:\programdata\Avira
2010-01-21 16:01 . 2010-01-21 16:01 -------- d-----w- c:\program files\Avira
2010-01-21 15:32 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-21 13:48 . 2010-01-21 22:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:07 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-16 10:28 . 2010-01-15 16:07 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-01-16 10:28 . 2010-01-15 16:07 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-01-16 10:28 . 2010-01-15 16:07 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-01-16 10:28 . 2010-01-15 16:07 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-21 16:51 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 22:39 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-21 14:27 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-21 10:42 . 2009-09-25 14:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 10:12 . 2009-10-02 21:56 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 15:14 . 2009-10-05 15:08 2668672 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-11-05 15:14 . 2009-11-05 15:14 25214 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_21.01.2010_18-00.lnk - c:\users\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_21.01.2010_18-00\startup.exe [2010-1-21 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 90965572;90965572 Boot Guard Driver;c:\windows\System32\drivers\90965572.sys [21.1.2010 19:38 37392]
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 90965571;90965571;c:\windows\System32\drivers\90965571.sys [21.1.2010 19:38 128016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R1 setup_9.0.0.722_21.01.2010_18-00drv;setup_9.0.0.722_21.01.2010_18-00drv;c:\windows\System32\drivers\9096557.sys [21.1.2010 19:38 311312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.1.2010 17:01 108289]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [14.12.2009 21:46 691696]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - nmemok
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 23:56
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-21 23:59:52
ComboFix-quarantined-files.txt 2010-01-21 22:59
ComboFix2.txt 2010-01-21 15:04
ComboFix3.txt 2010-01-21 10:59
ComboFix4.txt 2010-01-20 20:19
Před spuštěním: Volných bajtů: 74 543 669 248
Po spuštění: Volných bajtů: 74 510 278 656
- - End Of File - - 6B53103341CEC273039C8385E3F80782
Aktualni combofix.log:
ComboFix 10-01-19.08 - Administrator 21.01.2010 23:46:22.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.1836 [GMT 1:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 18:40 . 2010-01-21 20:06 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-21 18:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\90965572.sys
2010-01-21 18:38 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\9096557.sys
2010-01-21 18:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\90965571.sys
2010-01-21 18:34 . 2010-01-21 18:34 -------- d-----w- c:\program files\CCleaner
2010-01-21 18:34 . 2010-01-21 18:36 61061464 ----a-w- C:\setup_9.0.0.722_21.01.2010_18-00.exe
2010-01-21 18:34 . 2010-01-21 18:34 3165824 ----a-w- C:\ccleaner.exe
2010-01-21 16:01 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-21 16:01 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-21 16:01 . 2010-01-21 16:01 -------- d-----w- c:\programdata\Avira
2010-01-21 16:01 . 2010-01-21 16:01 -------- d-----w- c:\program files\Avira
2010-01-21 15:32 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-21 13:48 . 2010-01-21 22:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:07 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-16 10:28 . 2010-01-15 16:07 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-01-16 10:28 . 2010-01-15 16:07 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-01-16 10:28 . 2010-01-15 16:07 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-01-16 10:28 . 2010-01-15 16:07 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-21 16:51 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 22:39 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-21 14:27 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-21 10:42 . 2009-09-25 14:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 10:12 . 2009-10-02 21:56 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 15:14 . 2009-10-05 15:08 2668672 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-11-05 15:14 . 2009-11-05 15:14 25214 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_21.01.2010_18-00.lnk - c:\users\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_21.01.2010_18-00\startup.exe [2010-1-21 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 90965572;90965572 Boot Guard Driver;c:\windows\System32\drivers\90965572.sys [21.1.2010 19:38 37392]
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 90965571;90965571;c:\windows\System32\drivers\90965571.sys [21.1.2010 19:38 128016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R1 setup_9.0.0.722_21.01.2010_18-00drv;setup_9.0.0.722_21.01.2010_18-00drv;c:\windows\System32\drivers\9096557.sys [21.1.2010 19:38 311312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.1.2010 17:01 108289]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [14.12.2009 21:46 691696]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - nmemok
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]
2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 23:56
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-21 23:59:52
ComboFix-quarantined-files.txt 2010-01-21 22:59
ComboFix2.txt 2010-01-21 15:04
ComboFix3.txt 2010-01-21 10:59
ComboFix4.txt 2010-01-20 20:19
Před spuštěním: Volných bajtů: 74 543 669 248
Po spuštění: Volných bajtů: 74 510 278 656
- - End Of File - - 6B53103341CEC273039C8385E3F80782
-
Rudy
- Site Admin
- Příspěvky: 119381
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: services.exe, pomaly NB a internet
Spusťte znovu ComboFix tímto skriptem:
Collect::
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\90965572.sys
c:\windows\system32\drivers\9096557.sys
c:\windows\system32\drivers\90965571.sys
Driver::
90965572
9096557
90965571
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?