Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:10, on 30.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021307 serial=DR12CEM-0321808-CKS lang=CZ
O4 - HKLM\..\Run: [PureLinkTimeBeep] C:\Documents and Settings\All Users\Data aplikací\heartwipepurelink\Glue Error.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [LogitechSetup] E:\Setup\Setup.exe /restart /l:enu
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [roam scr] C:\DOCUME~1\petr\DATAAP~1\DASHBU~1\cashhtm.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\petr\Plocha\Rapget\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7893109062
O18 - Protocol: bw+0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {6B61CEE1-BA05-4EF9-A78C-37E46474113B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 23924 bytes
děkuju!aladin
moc prosím o kontrolu logu-combofix+lopfind
moc prosím o kontrolu logu-combofix+lopfind
Naposledy upravil(a) aladin20 dne 02 pro 2008 19:02, celkem upraveno 1 x.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: moc prosím o kontrolu logu-značně spomalené pc
Máš tam dva antiviry Avast a Nod, tak si tam nech jen jeden z nich a ten druhý odinstaluj.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vlož sem ještě také log z LopFind
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vlož sem ještě také log z LopFind
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: moc prosím o kontrolu logu-značně spomalené pc
ComboFix 08-12-01.03 - petr 2008-12-02 18:11:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.637 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\petr\Data aplikací\inst.exe
c:\documents and settings\petr\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\petr\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\packet.dll
c:\windows\system32\Pncrt.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_new_drv
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-02 do 2008-12-02 )))))))))))))))))))))))))))))))
.
2008-11-30 11:55 . 2008-11-30 11:56 <DIR> d-------- C:\Temp
2008-11-30 11:55 . 2008-11-30 12:06 <DIR> d-------- c:\program files\WM Recorder
2008-11-30 11:55 . 2008-11-30 11:55 <DIR> d-------- c:\program files\WinPcap
2008-11-30 11:54 . 2008-11-30 12:49 <DIR> d-------- c:\program files\WM Recorder 10.2
2008-11-30 11:19 . 2008-11-30 12:12 <DIR> d-------- c:\program files\Serials 2005
2008-11-28 20:33 . 2008-11-28 20:33 <DIR> d-------- c:\program files\Summitsoft
2008-11-28 20:26 . 2008-11-28 20:26 <DIR> d-------- c:\program files\IPACS
2008-11-28 19:38 . 2008-11-28 19:42 <DIR> d-------- c:\program files\Air Conflicts
2008-11-27 15:59 . 2008-11-27 15:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 15:59 . 2008-11-26 15:59 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Ubisoft
2008-11-25 19:04 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Leadertech
2008-11-25 17:40 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-25 17:40 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-25 17:40 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-25 17:40 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-25 17:40 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-25 17:40 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-25 17:40 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-23 17:48 . 2008-11-23 17:48 <DIR> d-------- C:\Phenomedia AG
2008-11-20 23:47 . 2008-11-20 23:47 <DIR> d-------- C:\Phenomedia
2008-11-17 11:16 . 2008-11-17 11:34 0 --a------ c:\windows\KA.ini
2008-11-17 08:41 . 2008-11-17 08:41 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Disney Interactive Studios
2008-11-17 08:30 . 2008-11-17 08:30 <DIR> d-------- c:\program files\Disney Interactive Studios
2008-11-17 02:26 . 2008-11-17 02:26 <DIR> d-------- c:\program files\Disney Interactive
2008-11-17 02:26 . 2008-11-17 08:39 2,299 --a------ c:\windows\disney.ini
2008-11-17 02:25 . 2008-11-17 08:29 374 --a------ c:\windows\disneysy.ini
2008-11-16 20:23 . 2008-11-16 20:36 <DIR> d-------- c:\program files\Vivid WorkshopData ATI
2008-11-16 19:14 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-16 19:14 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-16 19:14 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-16 19:14 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-16 19:14 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-16 19:14 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-16 19:14 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-13 21:43 . 2008-11-13 21:43 528 -r-hs---- c:\windows\PCGWIN32.LI4
2008-11-13 21:42 . 2008-11-13 21:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Autodata Limited
2008-11-13 21:40 . 2008-11-13 21:40 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-11-12 20:46 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:45 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-07 17:47 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-11-07 17:47 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 16:53 --------- d-----w c:\program files\ESET
2008-12-01 23:47 --------- d-----w c:\documents and settings\petr\Data aplikací\Skype
2008-12-01 23:09 --------- d-----w c:\documents and settings\petr\Data aplikací\skypePM
2008-11-30 13:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 10:55 737,280 ----a-w c:\windows\iun6002.exe
2008-11-30 10:17 --------- d-----w c:\program files\Azureus
2008-11-30 10:17 --------- d-----w c:\documents and settings\petr\Data aplikací\Azureus
2008-11-30 09:36 --------- d-----w c:\documents and settings\petr\Data aplikací\uTorrent
2008-11-30 09:24 --------- d-----w c:\documents and settings\petr\Data aplikací\Vso
2008-11-29 19:52 --------- d-----w c:\program files\Ricochet Infinity
2008-11-28 15:52 --------- d-----w c:\program files\FlashGet
2008-11-27 14:58 --------- d-----w c:\program files\Java
2008-11-26 18:22 --------- d-----w c:\documents and settings\petr\Data aplikací\Ahead
2008-11-26 14:56 --------- d-----w c:\program files\Ubisoft
2008-11-25 20:45 --------- d-----w c:\program files\Electronic Arts
2008-11-25 20:18 --------- d-----w c:\program files\eMule
2008-11-25 17:49 --------- d-----w c:\program files\EA GAMES
2008-11-25 16:40 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-25 16:40 47,360 ----a-w c:\documents and settings\petr\Data aplikací\pcouffin.sys
2008-11-25 16:40 --------- d-----w c:\program files\VSO
2008-11-14 16:58 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-11-03 18:23 --------- d-----w c:\program files\XTB-Trader 4 Contest
2008-10-30 20:46 --------- d-----w c:\program files\Common Files\DirectX
2008-10-30 15:42 --------- d-----w c:\program files\Lighthouse Interactive
2008-10-30 14:59 --------- d-----w c:\program files\LuckyTender
2008-10-28 19:59 --------- d-----w c:\program files\Trend Micro
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 15:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\2DBoy
2008-10-19 15:40 --------- d-----w c:\program files\WorldOfGoo
2008-10-16 23:40 --------- d-----w c:\program files\Euro Truck Simulator
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-11 07:35 --------- d--h--w c:\program files\Zero G Registry
2008-10-05 15:36 --------- d-----w c:\documents and settings\petr\Data aplikací\PipeMania
2008-10-05 15:18 --------- d-----w c:\program files\Empire Interactive
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-19 05:19 81,920 ----a-w c:\documents and settings\petr\Data aplikací\ezpinst.exe
2008-04-13 11:00 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-12-30 21:49 92,064 ----a-w c:\documents and settings\petr\mqdmmdm.sys
2006-12-30 21:49 9,232 ----a-w c:\documents and settings\petr\mqdmmdfl.sys
2006-12-30 21:49 79,328 ----a-w c:\documents and settings\petr\mqdmserd.sys
2006-12-30 21:49 66,656 ----a-w c:\documents and settings\petr\mqdmbus.sys
2006-12-30 21:49 6,208 ----a-w c:\documents and settings\petr\mqdmcmnt.sys
2006-12-30 21:49 5,936 ----a-w c:\documents and settings\petr\mqdmwhnt.sys
2006-12-30 21:49 4,048 ----a-w c:\documents and settings\petr\mqdmcr.sys
2006-12-30 21:49 25,600 ----a-w c:\documents and settings\petr\usbsermptxp.sys
2006-12-30 21:49 22,768 ----a-w c:\documents and settings\petr\usbsermpt.sys
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2006-12-27 26624]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-27 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-15 4624384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-11-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-04-07 225280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 348160]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 69632]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2004-11-15 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"MacrokeyManager"="WTMKM.exe" [2007-05-29 c:\windows\system32\WTMKM.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-06-10 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= c:\program files\ffdshow\ffdshow.ax
"VIDC.FFDS"= c:\program files\ffdshow\ffdshow.ax
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mv2Player\\Mv2PlayerPlus.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Defrag32b;Defrag32Boot;c:\windows\system32\drivers\Defrag32b.sys [2004-10-23 54424]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2006-12-27 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-11 111184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2008-04-11 9856]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-11 20560]
R2 Defrag32;Defrag32;c:\windows\system32\drivers\Defrag32.sys [2004-10-23 54424]
R2 PDSched;PDScheduler;"c:\program files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 237635]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2008-04-11 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2008-04-11 167296]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe [2008-04-24 360096]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2008-04-11 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2008-04-11 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2008-04-11 10368]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2008-04-11 9446]
S4 hpt3xx;hpt3xx; []
.
Obsah adresáře 'Naplánované úlohy'
2008-12-02 c:\windows\Tasks\AA689B7F918F11C3.job
- c:\docume~1\petr\dataap~1\dashbu~1\debugpureplay.exe []
2008-05-11 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-roam scr - c:\docume~1\petr\DATAAP~1\DASHBU~1\cashhtm.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe
HKLM-Run-PureLinkTimeBeep - c:\documents and settings\All Users\Data aplikací\heartwipepurelink\Glue Error.exe
HKLM-Run-LogitechSetup - e:\setup\Setup.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 18:18:50
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\_av_proI.tm~a02392
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Celkový čas: 2008-12-02 18:27:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-02 17:27:00
Před spuštěním: 3 135 033 344
Po spuštění: Volných bajtů: 14,041,583,616
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
264 --- E O F --- 2008-11-13 00:21:56
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.637 [GMT 1:00]
Spuštěný z: c:\documents and settings\petr\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\petr\Data aplikací\inst.exe
c:\documents and settings\petr\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\petr\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\packet.dll
c:\windows\system32\Pncrt.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_new_drv
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-02 do 2008-12-02 )))))))))))))))))))))))))))))))
.
2008-11-30 11:55 . 2008-11-30 11:56 <DIR> d-------- C:\Temp
2008-11-30 11:55 . 2008-11-30 12:06 <DIR> d-------- c:\program files\WM Recorder
2008-11-30 11:55 . 2008-11-30 11:55 <DIR> d-------- c:\program files\WinPcap
2008-11-30 11:54 . 2008-11-30 12:49 <DIR> d-------- c:\program files\WM Recorder 10.2
2008-11-30 11:19 . 2008-11-30 12:12 <DIR> d-------- c:\program files\Serials 2005
2008-11-28 20:33 . 2008-11-28 20:33 <DIR> d-------- c:\program files\Summitsoft
2008-11-28 20:26 . 2008-11-28 20:26 <DIR> d-------- c:\program files\IPACS
2008-11-28 19:38 . 2008-11-28 19:42 <DIR> d-------- c:\program files\Air Conflicts
2008-11-27 15:59 . 2008-11-27 15:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 15:59 . 2008-11-26 15:59 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Ubisoft
2008-11-25 19:04 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Leadertech
2008-11-25 17:40 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-25 17:40 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-25 17:40 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-25 17:40 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-25 17:40 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-25 17:40 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-25 17:40 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-23 17:48 . 2008-11-23 17:48 <DIR> d-------- C:\Phenomedia AG
2008-11-20 23:47 . 2008-11-20 23:47 <DIR> d-------- C:\Phenomedia
2008-11-17 11:16 . 2008-11-17 11:34 0 --a------ c:\windows\KA.ini
2008-11-17 08:41 . 2008-11-17 08:41 <DIR> d-------- c:\documents and settings\petr\Data aplikací\Disney Interactive Studios
2008-11-17 08:30 . 2008-11-17 08:30 <DIR> d-------- c:\program files\Disney Interactive Studios
2008-11-17 02:26 . 2008-11-17 02:26 <DIR> d-------- c:\program files\Disney Interactive
2008-11-17 02:26 . 2008-11-17 08:39 2,299 --a------ c:\windows\disney.ini
2008-11-17 02:25 . 2008-11-17 08:29 374 --a------ c:\windows\disneysy.ini
2008-11-16 20:23 . 2008-11-16 20:36 <DIR> d-------- c:\program files\Vivid WorkshopData ATI
2008-11-16 19:14 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-16 19:14 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-16 19:14 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-16 19:14 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-16 19:14 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-16 19:14 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-16 19:14 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-13 21:43 . 2008-11-13 21:43 528 -r-hs---- c:\windows\PCGWIN32.LI4
2008-11-13 21:42 . 2008-11-13 21:42 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Autodata Limited
2008-11-13 21:40 . 2008-11-13 21:40 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-11-12 20:46 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:45 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-07 17:47 . 2001-08-17 21:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2008-11-07 17:47 . 2001-08-17 21:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 16:53 --------- d-----w c:\program files\ESET
2008-12-01 23:47 --------- d-----w c:\documents and settings\petr\Data aplikací\Skype
2008-12-01 23:09 --------- d-----w c:\documents and settings\petr\Data aplikací\skypePM
2008-11-30 13:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-30 10:55 737,280 ----a-w c:\windows\iun6002.exe
2008-11-30 10:17 --------- d-----w c:\program files\Azureus
2008-11-30 10:17 --------- d-----w c:\documents and settings\petr\Data aplikací\Azureus
2008-11-30 09:36 --------- d-----w c:\documents and settings\petr\Data aplikací\uTorrent
2008-11-30 09:24 --------- d-----w c:\documents and settings\petr\Data aplikací\Vso
2008-11-29 19:52 --------- d-----w c:\program files\Ricochet Infinity
2008-11-28 15:52 --------- d-----w c:\program files\FlashGet
2008-11-27 14:58 --------- d-----w c:\program files\Java
2008-11-26 18:22 --------- d-----w c:\documents and settings\petr\Data aplikací\Ahead
2008-11-26 14:56 --------- d-----w c:\program files\Ubisoft
2008-11-25 20:45 --------- d-----w c:\program files\Electronic Arts
2008-11-25 20:18 --------- d-----w c:\program files\eMule
2008-11-25 17:49 --------- d-----w c:\program files\EA GAMES
2008-11-25 16:40 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-25 16:40 47,360 ----a-w c:\documents and settings\petr\Data aplikací\pcouffin.sys
2008-11-25 16:40 --------- d-----w c:\program files\VSO
2008-11-14 16:58 --------- d-----w c:\program files\ABBYY FineReader 8.0 Professional Edition
2008-11-03 18:23 --------- d-----w c:\program files\XTB-Trader 4 Contest
2008-10-30 20:46 --------- d-----w c:\program files\Common Files\DirectX
2008-10-30 15:42 --------- d-----w c:\program files\Lighthouse Interactive
2008-10-30 14:59 --------- d-----w c:\program files\LuckyTender
2008-10-28 19:59 --------- d-----w c:\program files\Trend Micro
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 15:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\2DBoy
2008-10-19 15:40 --------- d-----w c:\program files\WorldOfGoo
2008-10-16 23:40 --------- d-----w c:\program files\Euro Truck Simulator
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-11 07:35 --------- d--h--w c:\program files\Zero G Registry
2008-10-05 15:36 --------- d-----w c:\documents and settings\petr\Data aplikací\PipeMania
2008-10-05 15:18 --------- d-----w c:\program files\Empire Interactive
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-19 05:19 81,920 ----a-w c:\documents and settings\petr\Data aplikací\ezpinst.exe
2008-04-13 11:00 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2006-12-30 21:49 92,064 ----a-w c:\documents and settings\petr\mqdmmdm.sys
2006-12-30 21:49 9,232 ----a-w c:\documents and settings\petr\mqdmmdfl.sys
2006-12-30 21:49 79,328 ----a-w c:\documents and settings\petr\mqdmserd.sys
2006-12-30 21:49 66,656 ----a-w c:\documents and settings\petr\mqdmbus.sys
2006-12-30 21:49 6,208 ----a-w c:\documents and settings\petr\mqdmcmnt.sys
2006-12-30 21:49 5,936 ----a-w c:\documents and settings\petr\mqdmwhnt.sys
2006-12-30 21:49 4,048 ----a-w c:\documents and settings\petr\mqdmcr.sys
2006-12-30 21:49 25,600 ----a-w c:\documents and settings\petr\usbsermptxp.sys
2006-12-30 21:49 22,768 ----a-w c:\documents and settings\petr\usbsermpt.sys
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OEXPRESS"="c:\windows\OETRN.EXE" [2006-12-27 26624]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-27 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-15 4624384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-11-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-04-07 225280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 348160]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 69632]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2004-11-15 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"MacrokeyManager"="WTMKM.exe" [2007-05-29 c:\windows\system32\WTMKM.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-06-10 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= c:\program files\ffdshow\ffdshow.ax
"VIDC.FFDS"= c:\program files\ffdshow\ffdshow.ax
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mv2Player\\Mv2PlayerPlus.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Defrag32b;Defrag32Boot;c:\windows\system32\drivers\Defrag32b.sys [2004-10-23 54424]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2006-12-27 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-11 111184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys [2008-04-11 9856]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-11 20560]
R2 Defrag32;Defrag32;c:\windows\system32\drivers\Defrag32.sys [2004-10-23 54424]
R2 PDSched;PDScheduler;"c:\program files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 237635]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [2008-04-11 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2008-04-11 167296]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe [2008-04-24 360096]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2008-04-11 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2008-04-11 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2008-04-11 10368]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2008-04-11 9446]
S4 hpt3xx;hpt3xx; []
.
Obsah adresáře 'Naplánované úlohy'
2008-12-02 c:\windows\Tasks\AA689B7F918F11C3.job
- c:\docume~1\petr\dataap~1\dashbu~1\debugpureplay.exe []
2008-05-11 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-roam scr - c:\docume~1\petr\DATAAP~1\DASHBU~1\cashhtm.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe
HKLM-Run-PureLinkTimeBeep - c:\documents and settings\All Users\Data aplikací\heartwipepurelink\Glue Error.exe
HKLM-Run-LogitechSetup - e:\setup\Setup.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 18:18:50
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\_av_proI.tm~a02392
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Celkový čas: 2008-12-02 18:27:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-02 17:27:00
Před spuštěním: 3 135 033 344
Po spuštění: Volných bajtů: 14,041,583,616
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
264 --- E O F --- 2008-11-13 00:21:56
Re: moc prosím o kontrolu logu-značně spomalené pc
přidán log z lopfind.........
LopFind v4 © Čas: 18:39:06,04 Datum: út 02.12.2008
******************************************
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\All Users\DATAAP~1
13.11.2008 21:42 <DIR> Autodata Limited
19.10.2008 16:45 <DIR> 2DBoy
14.08.2008 17:09 <DIR> ESET
03.08.2008 22:40 <DIR> Autodesk
06.07.2008 16:46 <DIR> QuickTime
10.06.2008 16:32 <DIR> Logitech
06.06.2008 18:46 <DIR> Sierra
27.05.2008 01:00 <DIR> PC Drivers HeadQuarters
21.05.2008 15:33 <DIR> MSScanAppDataDir
04.05.2008 14:47 <DIR> CyberLink
13.04.2008 12:00 32 ezsid.dat
13.04.2008 06:39 <DIR> Adobe
12.04.2008 17:31 <DIR> Tablet
11.04.2008 21:52 <DIR> Ulead Systems
11.04.2008 21:18 <DIR> ATI
10.02.2007 17:53 <DIR> heartwipepurelink
21.01.2007 09:19 <DIR> Ahead
14.01.2007 23:10 <DIR> InstallShield
07.01.2007 22:15 <DIR> Skype
03.01.2007 18:14 382 hpzinstall.log
01.01.2007 11:15 <DIR> Windows Genuine Advantage
29.12.2006 21:51 <DIR> BVRP Software
29.12.2006 09:40 <DIR> nView_Profiles
27.12.2006 14:53 <DIR> DVD Shrink
27.12.2006 11:33 62 desktop.ini
27.12.2006 11:32 <DIR> Microsoft
27.12.2006 11:32 <DIR> .
27.12.2006 11:32 <DIR> ..
3 souborů, 476 bajtů
Adresářů: 25, Volných bajtů: 14068400128
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\petr\DATAAP~1
26.11.2008 15:59 <DIR> Ubisoft
25.11.2008 19:04 <DIR> Leadertech
25.11.2008 17:44 668 vso_ts_preview.xml
17.11.2008 08:41 <DIR> Disney Interactive Studios
05.10.2008 16:36 <DIR> PipeMania
27.09.2008 10:02 <DIR> ABBYY
07.09.2008 08:54 <DIR> SPORE
03.08.2008 22:41 <DIR> Autodesk
19.07.2008 17:45 9353 Hodnoty oddělené čárkami (Windows).EML
19.07.2008 06:19 34 pcouffin.log
19.07.2008 06:19 81920 ezpinst.exe
19.07.2008 06:19 7887 pcouffin.cat
19.07.2008 06:19 47360 pcouffin.sys
19.07.2008 06:19 1144 pcouffin.inf
12.07.2008 23:06 <DIR> Vso
29.06.2008 09:10 <DIR> Ace
19.05.2008 00:49 <DIR> Player
10.05.2008 14:06 <DIR> Help
04.05.2008 14:49 <DIR> CyberLink
04.05.2008 10:02 <DIR> Expert SoftWorks
04.05.2008 09:37 <DIR> ICQ
24.04.2008 16:22 <DIR> Ulead Systems
23.04.2008 17:51 <DIR> Ice Age 2
19.04.2008 07:30 5368 froggy_scorebox
19.04.2008 07:30 936 pl_accounts.pl_acc
19.04.2008 07:30 556 Troll.options
13.04.2008 12:00 <DIR> skypePM
11.04.2008 21:24 <DIR> DAEMON Tools
11.04.2008 21:18 <DIR> ATI
24.02.2007 09:28 <DIR> Simple Star
24.02.2007 09:28 134 Setup.txt
23.02.2007 04:59 <DIR> Nero
10.02.2007 17:53 <DIR> NetPumper
03.02.2007 12:46 <DIR> dash burn name
21.01.2007 09:24 <DIR> Ahead
15.01.2007 20:43 <DIR> Sun
14.01.2007 23:33 <DIR> Corel
14.01.2007 19:33 <DIR> Azureus
14.01.2007 08:52 <DIR> uTorrent
06.01.2007 13:21 <DIR> BSplayer Pro
03.01.2007 19:41 <DIR> AdobeUM
03.01.2007 19:40 <DIR> Adobe
03.01.2007 18:24 <DIR> Hewlett-Packard
01.01.2007 21:54 <DIR> Macromedia
31.12.2006 01:06 <DIR> Nokia Multimedia Player
30.12.2006 22:28 <DIR> InstallShield
28.12.2006 21:50 <DIR> Skype
28.12.2006 16:30 80 MusicCatalystGT.txt
27.12.2006 15:49 <DIR> BSplayer
27.12.2006 13:19 2508 $_hpcst$.hpc
27.12.2006 10:49 <DIR> Identities
27.12.2006 10:49 62 desktop.ini
27.12.2006 10:49 <DIR> ..
27.12.2006 10:49 <DIR> .
27.12.2006 10:49 <DIR> Microsoft
14 souborů, 158010 bajtů
Adresářů: 41, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\Default User\DATAAP~1
27.12.2006 11:33 62 desktop.ini
27.12.2006 11:32 <DIR> ..
27.12.2006 11:32 <DIR> Microsoft
27.12.2006 11:32 <DIR> .
1 souborů, 62 bajtů
Adresářů: 3, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\LocalService\DATAAP~1
23.04.2008 15:25 2508 $_hpcst$.hpc
27.12.2006 10:48 <DIR> ..
27.12.2006 10:48 <DIR> Microsoft
27.12.2006 10:48 <DIR> .
1 souborů, 2508 bajtů
Adresářů: 3, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\NetworkService\DATAAP~1
27.12.2006 10:48 <DIR> ..
27.12.2006 10:48 <DIR> Microsoft
27.12.2006 10:48 <DIR> .
0 souborů, 0 bajtů
Adresářů: 3, Volných bajtů: 14068396032
******************************************
2) Zjišťování přítomnosti ve složce Program Files:
a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Program Files
30.11.2008 11:55 <DIR> .
30.11.2008 11:55 <DIR> ..
20.04.2008 07:40 <DIR> 3GP Player
01.03.2007 21:00 <DIR> A4Tech
14.11.2008 17:58 <DIR> ABBYY FineReader 8.0 Professional Edition
28.06.2008 04:17 <DIR> Activision Value
23.07.2008 21:14 <DIR> Adobe
24.02.2007 19:04 <DIR> Ahead
28.11.2008 19:42 <DIR> Air Conflicts
16.04.2008 18:00 <DIR> Allok RM RMVB to AVI MPEG DVD Converter
27.12.2006 12:44 <DIR> Alwil Software
30.01.2007 18:26 <DIR> Aspyr
17.05.2008 14:08 <DIR> Atari
11.04.2008 20:51 <DIR> ATI Technologies
26.04.2008 09:19 <DIR> audiograbber
03.08.2008 22:37 <DIR> Autodesk
30.11.2008 11:17 <DIR> Azureus
27.12.2006 15:50 <DIR> BSplayer_WhenUSave_Installer
28.12.2006 12:30 <DIR> CityTime Alarms for Smartphone
27.12.2006 11:44 <DIR> C-Media 3D Audio
02.12.2008 18:12 <DIR> Common Files
27.12.2006 10:41 <DIR> ComPlus Applications
14.01.2007 23:07 <DIR> Corel
04.05.2008 14:43 <DIR> CyberLink
11.04.2008 21:24 <DIR> DAEMON Tools
30.08.2008 22:51 <DIR> DAEMON Tools Lite
05.02.2007 17:24 <DIR> DaemonTools_WhenUSave_Installer
26.02.2007 21:15 <DIR> dash burn name
27.12.2006 14:58 <DIR> directx 9c
17.11.2008 02:26 <DIR> Disney Interactive
17.11.2008 08:30 <DIR> Disney Interactive Studios
23.09.2008 15:17 <DIR> Doc Convertor
28.09.2008 00:09 <DIR> DreamWorks Interactive
27.12.2006 14:53 <DIR> DVD Shrink
19.07.2008 06:12 <DIR> DVDFab Decrypter 3
19.07.2008 06:20 <DIR> DVDFab Platinum 3
25.11.2008 18:49 <DIR> EA GAMES
25.11.2008 21:45 <DIR> Electronic Arts
05.10.2008 16:18 <DIR> Empire Interactive
25.11.2008 21:18 <DIR> eMule
02.12.2008 17:53 <DIR> ESET
17.10.2008 00:40 <DIR> Euro Truck Simulator
14.09.2008 07:13 <DIR> ffdshow
07.03.2007 21:06 <DIR> Fichiers communs
28.11.2008 16:52 <DIR> FlashGet
14.05.2008 23:08 <DIR> FLVPlayer
24.02.2007 09:52 <DIR> Formosoft
17.02.2007 12:50 <DIR> FOTOLAB Home Print Service
27.09.2008 09:16 <DIR> Foxit Software
24.04.2008 11:01 <DIR> Free Notes & Office Ink
24.02.2007 19:08 <DIR> Gemeinsame Dateien
01.02.2007 20:50 <DIR> GSpot
12.08.2008 17:34 <DIR> HD Tune
03.01.2007 18:20 <DIR> Hewlett-Packard
24.03.2007 19:22 <DIR> ICQLite
30.11.2008 14:11 <DIR> InstallShield Installation Information
16.10.2008 00:14 <DIR> Internet Explorer
28.11.2008 20:26 <DIR> IPACS
27.11.2008 15:58 <DIR> Java
28.12.2006 01:11 <DIR> Jeyo Mobile Companion
06.07.2008 16:43 <DIR> Legacy Interactive
30.10.2008 16:42 <DIR> Lighthouse Interactive
03.05.2008 09:38 <DIR> Lineage II
30.12.2006 22:28 <DIR> LiveUpdate
10.06.2008 16:32 <DIR> Logitech
05.06.2008 17:50 <DIR> LucasArts
30.10.2008 15:59 <DIR> LuckyTender
07.09.2008 21:07 <DIR> Messenger
01.10.2008 22:59 <DIR> Microsoft ActiveSync
27.12.2006 10:45 <DIR> microsoft frontpage
01.10.2008 22:23 <DIR> Microsoft Office
11.06.2008 18:55 <DIR> Microsoft Silverlight
27.12.2006 12:00 <DIR> Microsoft Visual Studio
27.12.2006 12:01 <DIR> Microsoft Works
27.12.2006 12:04 <DIR> Microsoft.NET
31.12.2006 00:59 <DIR> MIKSOFT
31.12.2006 01:01 <DIR> Mobilator
29.12.2006 21:14 <DIR> Motorola
30.12.2006 22:50 <DIR> Motorola Phone Tools
20.01.2007 00:17 <DIR> MOV to AVI MPEG WMV Converter
07.09.2008 21:01 <DIR> Movie Maker
13.07.2008 08:52 <DIR> MP3 Player Utilities 3.13
27.12.2006 15:44 <DIR> MP3 Player Utilities 3.60
11.04.2008 21:09 <DIR> MSBuild
24.04.2008 04:25 <DIR> MSECache
27.12.2006 10:40 <DIR> MSN
27.12.2006 10:40 <DIR> MSN Gaming Zone
04.01.2007 09:59 <DIR> MSXML 4.0
12.04.2008 12:30 <DIR> MSXML 6.0
28.12.2006 15:29 <DIR> Music Catalyst GT
12.04.2008 16:20 <DIR> Mv2Player
07.09.2008 20:56 <DIR> NetMeeting
10.02.2007 18:02 <DIR> NetPumper
31.12.2006 01:02 <DIR> Nokia
27.12.2006 10:43 <DIR> Online Services
07.09.2008 20:56 <DIR> Outlook Express
01.09.2008 21:26 <DIR> Paint.NET
13.07.2008 10:34 <DIR> PC Drivers HeadQuarters
11.04.2008 18:17 <DIR> PCCloneEX
20.05.2008 10:08 <DIR> Player
12.04.2008 17:32 <DIR> Power Presenter RE
10.07.2008 14:50 <DIR> Power Video Converter
27.12.2006 15:39 <DIR> Raxco
11.04.2008 16:43 <DIR> Realtek AC97
11.04.2008 21:03 <DIR> Reference Assemblies
13.04.2008 07:32 <DIR> ReflexiveArcade
29.11.2008 20:52 <DIR> Ricochet Infinity
24.04.2008 18:02 <DIR> Ricochet Xtreme
24.02.2007 09:35 <DIR> ScreenSaver.com
30.11.2008 12:12 <DIR> Serials 2005
09.05.2008 08:16 <DIR> Shiny
23.04.2008 17:47 <DIR> Sierra
13.04.2008 12:00 <DIR> Skype
11.05.2008 12:03 <DIR> SMS Posílač
06.08.2008 17:47 <DIR> Softinterface, Inc
04.05.2008 10:40 <DIR> Správce CD a DVD
28.11.2008 20:33 <DIR> Summitsoft
24.07.2008 17:46 <DIR> Sytexis Software
06.07.2008 16:55 <DIR> TalonSoft
11.02.2007 16:49 <DIR> Testy Autoškola
09.06.2008 00:00 <DIR> ThirdWire
09.05.2008 20:05 <DIR> THQ
10.05.2008 14:06 <DIR> totalcmd
27.12.2006 12:30 <DIR> translator
28.10.2008 20:59 <DIR> Trend Micro
26.11.2008 15:56 <DIR> Ubisoft
24.04.2008 16:16 <DIR> Ulead Systems
03.08.2008 22:40 <DIR> Uninstall Information
14.01.2007 08:52 <DIR> uTorrent
27.12.2006 11:39 <DIR> VIA
16.11.2008 20:36 <DIR> Vivid WorkshopData ATI
25.11.2008 17:40 <DIR> VSO
06.01.2007 13:21 <DIR> Webteh
23.04.2008 14:37 <DIR> Windows Media Connect 2
07.09.2008 20:56 <DIR> Windows Media Player
07.09.2008 20:56 <DIR> Windows NT
04.01.2007 07:45 <DIR> WindowsUpdate
11.04.2008 22:42 <DIR> WinFast
30.11.2008 11:55 <DIR> WinPcap
27.12.2006 15:52 <DIR> WinRAR
30.11.2008 12:06 <DIR> WM Recorder
30.11.2008 12:49 <DIR> WM Recorder 10.2
19.10.2008 16:40 <DIR> WorldOfGoo
27.12.2006 10:45 <DIR> xerox
24.07.2008 17:28 <DIR> Xi
03.11.2008 19:23 <DIR> XTB-Trader 4 Contest
23.07.2008 21:20 <DIR> Zeallsoft
11.10.2008 08:35 <DIR> Zero G Registry
20.04.2008 20:17 <DIR> Zoo Digital Publishing
19.04.2008 07:23 <DIR> Žabka Kuňkalka na Kouzelné louce
01.01.2007 17:19 <DIR> Žolíky Carioca
0 souborů, 0 bajtů
Adresářů: 151, Volných bajtů: 14 068 379 648
b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:
Adresář C:\Program Files\NetPumper Přítomen !
******************************************
3) Vyhledávání a odstranění podezřelých .job souborů:
a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\WINDOWS\Tasks
26.02.2007 21:15 258 AA689B7F918F11C3.job
03.01.2007 18:24 340 FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
27.12.2006 10:44 6 SA.DAT
27.12.2006 10:41 65 desktop.ini
27.12.2006 10:41 <DIR> ..
27.12.2006 10:41 <DIR> .
4 souborů, 669 bajtů
Adresářů: 2, Volných bajtů: 14 068 387 840
––––––––––––––––––––––––––––––––––––––––––
b) Zjišťování vlastností přítomných .job souborů:
––––––––––––––––––––––––––––––––––––––––––
c) Nalezené a odstraněné nežádoucí soubory:
AA689B7F918F11C3.job
––––––––––––––––––––––––––––––––––––––––––
d) Soubory přítomné v adresáři po vymazání:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\WINDOWS\Tasks
03.01.2007 18:24 340 FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
27.12.2006 10:44 6 SA.DAT
27.12.2006 10:41 65 desktop.ini
27.12.2006 10:41 <DIR> ..
27.12.2006 10:41 <DIR> .
3 souborů, 411 bajtů
Adresářů: 2, Volných bajtů: 14 068 387 840
******************************************
4) Zjišťování přítomnosti v registru:
a) Vyhledávání spouštěcích bodů v registru:
Nebyly nalezeny žádné spouštěcí body v registru.
b) Export výjimek IE pop-up blockeru:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"sis.cat.com"=hex:00,00
"PopupMgr"="yes"
c) Export povolení Windows firewallu:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
»»»»»»»»»»»»» Konec výpisu «««««««««««««««
LopFind v4 © Čas: 18:39:06,04 Datum: út 02.12.2008
******************************************
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\All Users\DATAAP~1
13.11.2008 21:42 <DIR> Autodata Limited
19.10.2008 16:45 <DIR> 2DBoy
14.08.2008 17:09 <DIR> ESET
03.08.2008 22:40 <DIR> Autodesk
06.07.2008 16:46 <DIR> QuickTime
10.06.2008 16:32 <DIR> Logitech
06.06.2008 18:46 <DIR> Sierra
27.05.2008 01:00 <DIR> PC Drivers HeadQuarters
21.05.2008 15:33 <DIR> MSScanAppDataDir
04.05.2008 14:47 <DIR> CyberLink
13.04.2008 12:00 32 ezsid.dat
13.04.2008 06:39 <DIR> Adobe
12.04.2008 17:31 <DIR> Tablet
11.04.2008 21:52 <DIR> Ulead Systems
11.04.2008 21:18 <DIR> ATI
10.02.2007 17:53 <DIR> heartwipepurelink
21.01.2007 09:19 <DIR> Ahead
14.01.2007 23:10 <DIR> InstallShield
07.01.2007 22:15 <DIR> Skype
03.01.2007 18:14 382 hpzinstall.log
01.01.2007 11:15 <DIR> Windows Genuine Advantage
29.12.2006 21:51 <DIR> BVRP Software
29.12.2006 09:40 <DIR> nView_Profiles
27.12.2006 14:53 <DIR> DVD Shrink
27.12.2006 11:33 62 desktop.ini
27.12.2006 11:32 <DIR> Microsoft
27.12.2006 11:32 <DIR> .
27.12.2006 11:32 <DIR> ..
3 souborů, 476 bajtů
Adresářů: 25, Volných bajtů: 14068400128
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\petr\DATAAP~1
26.11.2008 15:59 <DIR> Ubisoft
25.11.2008 19:04 <DIR> Leadertech
25.11.2008 17:44 668 vso_ts_preview.xml
17.11.2008 08:41 <DIR> Disney Interactive Studios
05.10.2008 16:36 <DIR> PipeMania
27.09.2008 10:02 <DIR> ABBYY
07.09.2008 08:54 <DIR> SPORE
03.08.2008 22:41 <DIR> Autodesk
19.07.2008 17:45 9353 Hodnoty oddělené čárkami (Windows).EML
19.07.2008 06:19 34 pcouffin.log
19.07.2008 06:19 81920 ezpinst.exe
19.07.2008 06:19 7887 pcouffin.cat
19.07.2008 06:19 47360 pcouffin.sys
19.07.2008 06:19 1144 pcouffin.inf
12.07.2008 23:06 <DIR> Vso
29.06.2008 09:10 <DIR> Ace
19.05.2008 00:49 <DIR> Player
10.05.2008 14:06 <DIR> Help
04.05.2008 14:49 <DIR> CyberLink
04.05.2008 10:02 <DIR> Expert SoftWorks
04.05.2008 09:37 <DIR> ICQ
24.04.2008 16:22 <DIR> Ulead Systems
23.04.2008 17:51 <DIR> Ice Age 2
19.04.2008 07:30 5368 froggy_scorebox
19.04.2008 07:30 936 pl_accounts.pl_acc
19.04.2008 07:30 556 Troll.options
13.04.2008 12:00 <DIR> skypePM
11.04.2008 21:24 <DIR> DAEMON Tools
11.04.2008 21:18 <DIR> ATI
24.02.2007 09:28 <DIR> Simple Star
24.02.2007 09:28 134 Setup.txt
23.02.2007 04:59 <DIR> Nero
10.02.2007 17:53 <DIR> NetPumper
03.02.2007 12:46 <DIR> dash burn name
21.01.2007 09:24 <DIR> Ahead
15.01.2007 20:43 <DIR> Sun
14.01.2007 23:33 <DIR> Corel
14.01.2007 19:33 <DIR> Azureus
14.01.2007 08:52 <DIR> uTorrent
06.01.2007 13:21 <DIR> BSplayer Pro
03.01.2007 19:41 <DIR> AdobeUM
03.01.2007 19:40 <DIR> Adobe
03.01.2007 18:24 <DIR> Hewlett-Packard
01.01.2007 21:54 <DIR> Macromedia
31.12.2006 01:06 <DIR> Nokia Multimedia Player
30.12.2006 22:28 <DIR> InstallShield
28.12.2006 21:50 <DIR> Skype
28.12.2006 16:30 80 MusicCatalystGT.txt
27.12.2006 15:49 <DIR> BSplayer
27.12.2006 13:19 2508 $_hpcst$.hpc
27.12.2006 10:49 <DIR> Identities
27.12.2006 10:49 62 desktop.ini
27.12.2006 10:49 <DIR> ..
27.12.2006 10:49 <DIR> .
27.12.2006 10:49 <DIR> Microsoft
14 souborů, 158010 bajtů
Adresářů: 41, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\Default User\DATAAP~1
27.12.2006 11:33 62 desktop.ini
27.12.2006 11:32 <DIR> ..
27.12.2006 11:32 <DIR> Microsoft
27.12.2006 11:32 <DIR> .
1 souborů, 62 bajtů
Adresářů: 3, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\LocalService\DATAAP~1
23.04.2008 15:25 2508 $_hpcst$.hpc
27.12.2006 10:48 <DIR> ..
27.12.2006 10:48 <DIR> Microsoft
27.12.2006 10:48 <DIR> .
1 souborů, 2508 bajtů
Adresářů: 3, Volných bajtů: 14068396032
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Documents and Settings\NetworkService\DATAAP~1
27.12.2006 10:48 <DIR> ..
27.12.2006 10:48 <DIR> Microsoft
27.12.2006 10:48 <DIR> .
0 souborů, 0 bajtů
Adresářů: 3, Volných bajtů: 14068396032
******************************************
2) Zjišťování přítomnosti ve složce Program Files:
a) Výpis obsahu Program Files složky pro zjištění duplicitních kopií podezřelých adresářů:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\Program Files
30.11.2008 11:55 <DIR> .
30.11.2008 11:55 <DIR> ..
20.04.2008 07:40 <DIR> 3GP Player
01.03.2007 21:00 <DIR> A4Tech
14.11.2008 17:58 <DIR> ABBYY FineReader 8.0 Professional Edition
28.06.2008 04:17 <DIR> Activision Value
23.07.2008 21:14 <DIR> Adobe
24.02.2007 19:04 <DIR> Ahead
28.11.2008 19:42 <DIR> Air Conflicts
16.04.2008 18:00 <DIR> Allok RM RMVB to AVI MPEG DVD Converter
27.12.2006 12:44 <DIR> Alwil Software
30.01.2007 18:26 <DIR> Aspyr
17.05.2008 14:08 <DIR> Atari
11.04.2008 20:51 <DIR> ATI Technologies
26.04.2008 09:19 <DIR> audiograbber
03.08.2008 22:37 <DIR> Autodesk
30.11.2008 11:17 <DIR> Azureus
27.12.2006 15:50 <DIR> BSplayer_WhenUSave_Installer
28.12.2006 12:30 <DIR> CityTime Alarms for Smartphone
27.12.2006 11:44 <DIR> C-Media 3D Audio
02.12.2008 18:12 <DIR> Common Files
27.12.2006 10:41 <DIR> ComPlus Applications
14.01.2007 23:07 <DIR> Corel
04.05.2008 14:43 <DIR> CyberLink
11.04.2008 21:24 <DIR> DAEMON Tools
30.08.2008 22:51 <DIR> DAEMON Tools Lite
05.02.2007 17:24 <DIR> DaemonTools_WhenUSave_Installer
26.02.2007 21:15 <DIR> dash burn name
27.12.2006 14:58 <DIR> directx 9c
17.11.2008 02:26 <DIR> Disney Interactive
17.11.2008 08:30 <DIR> Disney Interactive Studios
23.09.2008 15:17 <DIR> Doc Convertor
28.09.2008 00:09 <DIR> DreamWorks Interactive
27.12.2006 14:53 <DIR> DVD Shrink
19.07.2008 06:12 <DIR> DVDFab Decrypter 3
19.07.2008 06:20 <DIR> DVDFab Platinum 3
25.11.2008 18:49 <DIR> EA GAMES
25.11.2008 21:45 <DIR> Electronic Arts
05.10.2008 16:18 <DIR> Empire Interactive
25.11.2008 21:18 <DIR> eMule
02.12.2008 17:53 <DIR> ESET
17.10.2008 00:40 <DIR> Euro Truck Simulator
14.09.2008 07:13 <DIR> ffdshow
07.03.2007 21:06 <DIR> Fichiers communs
28.11.2008 16:52 <DIR> FlashGet
14.05.2008 23:08 <DIR> FLVPlayer
24.02.2007 09:52 <DIR> Formosoft
17.02.2007 12:50 <DIR> FOTOLAB Home Print Service
27.09.2008 09:16 <DIR> Foxit Software
24.04.2008 11:01 <DIR> Free Notes & Office Ink
24.02.2007 19:08 <DIR> Gemeinsame Dateien
01.02.2007 20:50 <DIR> GSpot
12.08.2008 17:34 <DIR> HD Tune
03.01.2007 18:20 <DIR> Hewlett-Packard
24.03.2007 19:22 <DIR> ICQLite
30.11.2008 14:11 <DIR> InstallShield Installation Information
16.10.2008 00:14 <DIR> Internet Explorer
28.11.2008 20:26 <DIR> IPACS
27.11.2008 15:58 <DIR> Java
28.12.2006 01:11 <DIR> Jeyo Mobile Companion
06.07.2008 16:43 <DIR> Legacy Interactive
30.10.2008 16:42 <DIR> Lighthouse Interactive
03.05.2008 09:38 <DIR> Lineage II
30.12.2006 22:28 <DIR> LiveUpdate
10.06.2008 16:32 <DIR> Logitech
05.06.2008 17:50 <DIR> LucasArts
30.10.2008 15:59 <DIR> LuckyTender
07.09.2008 21:07 <DIR> Messenger
01.10.2008 22:59 <DIR> Microsoft ActiveSync
27.12.2006 10:45 <DIR> microsoft frontpage
01.10.2008 22:23 <DIR> Microsoft Office
11.06.2008 18:55 <DIR> Microsoft Silverlight
27.12.2006 12:00 <DIR> Microsoft Visual Studio
27.12.2006 12:01 <DIR> Microsoft Works
27.12.2006 12:04 <DIR> Microsoft.NET
31.12.2006 00:59 <DIR> MIKSOFT
31.12.2006 01:01 <DIR> Mobilator
29.12.2006 21:14 <DIR> Motorola
30.12.2006 22:50 <DIR> Motorola Phone Tools
20.01.2007 00:17 <DIR> MOV to AVI MPEG WMV Converter
07.09.2008 21:01 <DIR> Movie Maker
13.07.2008 08:52 <DIR> MP3 Player Utilities 3.13
27.12.2006 15:44 <DIR> MP3 Player Utilities 3.60
11.04.2008 21:09 <DIR> MSBuild
24.04.2008 04:25 <DIR> MSECache
27.12.2006 10:40 <DIR> MSN
27.12.2006 10:40 <DIR> MSN Gaming Zone
04.01.2007 09:59 <DIR> MSXML 4.0
12.04.2008 12:30 <DIR> MSXML 6.0
28.12.2006 15:29 <DIR> Music Catalyst GT
12.04.2008 16:20 <DIR> Mv2Player
07.09.2008 20:56 <DIR> NetMeeting
10.02.2007 18:02 <DIR> NetPumper
31.12.2006 01:02 <DIR> Nokia
27.12.2006 10:43 <DIR> Online Services
07.09.2008 20:56 <DIR> Outlook Express
01.09.2008 21:26 <DIR> Paint.NET
13.07.2008 10:34 <DIR> PC Drivers HeadQuarters
11.04.2008 18:17 <DIR> PCCloneEX
20.05.2008 10:08 <DIR> Player
12.04.2008 17:32 <DIR> Power Presenter RE
10.07.2008 14:50 <DIR> Power Video Converter
27.12.2006 15:39 <DIR> Raxco
11.04.2008 16:43 <DIR> Realtek AC97
11.04.2008 21:03 <DIR> Reference Assemblies
13.04.2008 07:32 <DIR> ReflexiveArcade
29.11.2008 20:52 <DIR> Ricochet Infinity
24.04.2008 18:02 <DIR> Ricochet Xtreme
24.02.2007 09:35 <DIR> ScreenSaver.com
30.11.2008 12:12 <DIR> Serials 2005
09.05.2008 08:16 <DIR> Shiny
23.04.2008 17:47 <DIR> Sierra
13.04.2008 12:00 <DIR> Skype
11.05.2008 12:03 <DIR> SMS Posílač
06.08.2008 17:47 <DIR> Softinterface, Inc
04.05.2008 10:40 <DIR> Správce CD a DVD
28.11.2008 20:33 <DIR> Summitsoft
24.07.2008 17:46 <DIR> Sytexis Software
06.07.2008 16:55 <DIR> TalonSoft
11.02.2007 16:49 <DIR> Testy Autoškola
09.06.2008 00:00 <DIR> ThirdWire
09.05.2008 20:05 <DIR> THQ
10.05.2008 14:06 <DIR> totalcmd
27.12.2006 12:30 <DIR> translator
28.10.2008 20:59 <DIR> Trend Micro
26.11.2008 15:56 <DIR> Ubisoft
24.04.2008 16:16 <DIR> Ulead Systems
03.08.2008 22:40 <DIR> Uninstall Information
14.01.2007 08:52 <DIR> uTorrent
27.12.2006 11:39 <DIR> VIA
16.11.2008 20:36 <DIR> Vivid WorkshopData ATI
25.11.2008 17:40 <DIR> VSO
06.01.2007 13:21 <DIR> Webteh
23.04.2008 14:37 <DIR> Windows Media Connect 2
07.09.2008 20:56 <DIR> Windows Media Player
07.09.2008 20:56 <DIR> Windows NT
04.01.2007 07:45 <DIR> WindowsUpdate
11.04.2008 22:42 <DIR> WinFast
30.11.2008 11:55 <DIR> WinPcap
27.12.2006 15:52 <DIR> WinRAR
30.11.2008 12:06 <DIR> WM Recorder
30.11.2008 12:49 <DIR> WM Recorder 10.2
19.10.2008 16:40 <DIR> WorldOfGoo
27.12.2006 10:45 <DIR> xerox
24.07.2008 17:28 <DIR> Xi
03.11.2008 19:23 <DIR> XTB-Trader 4 Contest
23.07.2008 21:20 <DIR> Zeallsoft
11.10.2008 08:35 <DIR> Zero G Registry
20.04.2008 20:17 <DIR> Zoo Digital Publishing
19.04.2008 07:23 <DIR> Žabka Kuňkalka na Kouzelné louce
01.01.2007 17:19 <DIR> Žolíky Carioca
0 souborů, 0 bajtů
Adresářů: 151, Volných bajtů: 14 068 379 648
b) Vyhledávání podvodných sponzorovaných programů ve složce Program Files:
Adresář C:\Program Files\NetPumper Přítomen !
******************************************
3) Vyhledávání a odstranění podezřelých .job souborů:
a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\WINDOWS\Tasks
26.02.2007 21:15 258 AA689B7F918F11C3.job
03.01.2007 18:24 340 FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
27.12.2006 10:44 6 SA.DAT
27.12.2006 10:41 65 desktop.ini
27.12.2006 10:41 <DIR> ..
27.12.2006 10:41 <DIR> .
4 souborů, 669 bajtů
Adresářů: 2, Volných bajtů: 14 068 387 840
––––––––––––––––––––––––––––––––––––––––––
b) Zjišťování vlastností přítomných .job souborů:
––––––––––––––––––––––––––––––––––––––––––
c) Nalezené a odstraněné nežádoucí soubory:
AA689B7F918F11C3.job
––––––––––––––––––––––––––––––––––––––––––
d) Soubory přítomné v adresáři po vymazání:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je ECB4-CF1E.
Výpis adresáře C:\WINDOWS\Tasks
03.01.2007 18:24 340 FRU Task #Hewlett-Packard#hp psc 1200 series#1167845020.job
27.12.2006 10:44 6 SA.DAT
27.12.2006 10:41 65 desktop.ini
27.12.2006 10:41 <DIR> ..
27.12.2006 10:41 <DIR> .
3 souborů, 411 bajtů
Adresářů: 2, Volných bajtů: 14 068 387 840
******************************************
4) Zjišťování přítomnosti v registru:
a) Vyhledávání spouštěcích bodů v registru:
Nebyly nalezeny žádné spouštěcí body v registru.
b) Export výjimek IE pop-up blockeru:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"sis.cat.com"=hex:00,00
"PopupMgr"="yes"
c) Export povolení Windows firewallu:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
»»»»»»»»»»»»» Konec výpisu «««««««««««««««
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: moc prosím o kontrolu logu-combofix+lopfind
Odinstaluj přes přidat nebo odebrat programy:
NetPumper
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Dej sem pak i nový log z HJT.
NetPumper
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
DirLook::
C:\Temp
FileLook::
c:\documents and settings\petr\mqdmmdm.sys
Folder::
C:\Documents and Settings\All Users\Data aplikací\heartwipepurelink
C:\Documents and Settings\petr\Data aplikací\NetPumper
C:\Documents and Settings\petr\Data aplikací\dash burn name
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\Program Files\dash burn name
C:\Program Files\NetPumper
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Dej sem pak i nový log z HJT.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 126 hostů