Antivirus Verze Poslední aktualizace Výsledek
a-squared - - -
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - -
NOD32 - - -
Norman - - -
nProtect - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - Email-Worm.Win32.LovGate.w
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Rozšiřující informace
MD5: 71c8c99909d0a49a270e2b9f6080d72c
SHA1: c5b528627ff4440769c53b148113587a66b3907a
SHA256: ab25e6b1f3e05e3ac672ec4892f43d165925d88d2b6ce3b0524d86310d881c3d
SHA512: de8e6ac34e18fc0f76254865c90d72d71e78c567472bb27f51f3fca9dc6e313aa5a74e227600429b6f07e04fbaac97ef0cc4d7600e514e27ad381c2eb5da73a3
Prosím o kontrolu môjho PC-posielam vypis z HJT
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Ten poslední výsledek patří k tomuto: c:\windows\file2.exe ?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Áno patrí k "file2.exe"
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\imsins.BAK
c:\windows\SxsCaPendDel
c:\windows\file2.exe
DirLook::
c:\program files\Microsoft
Folder::
c:\program files\AskTBar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Posielam výpis z ComboFix
ComboFix 09-02-12.03 - Ludka 2009-02-14 18:21:30.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.767.330 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ludka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\file2.exe
c:\windows\imsins.BAK
c:\windows\SxsCaPendDel
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskTBar
c:\program files\AskTBar\PopSwatr\History\allowed
c:\program files\AskTBar\PopSwatr\History\notallow
c:\windows\file2.exe
c:\windows\imsins.BAK
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-14 18:20 . 2009-02-14 18:20 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:08 . 2009-02-13 21:08 <DIR> d-------- c:\program files\Foxit Software
2009-02-06 21:29 . 2009-02-06 21:29 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-06 21:10 . 2009-02-06 21:10 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\HandBrake
2009-02-06 21:01 . 2009-02-06 21:01 <DIR> d-------- c:\program files\HandBrake
2009-02-06 12:44 . 2009-02-06 12:44 <DIR> d-------- c:\program files\Lavasoft
2009-02-06 12:44 . 2009-02-06 12:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-02-06 12:43 . 2009-02-06 12:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-02 21:44 . 2009-02-02 21:57 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-31 22:53 . 2009-01-31 22:53 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\NeroDigital(TM)
2009-01-28 20:03 . 2009-01-28 20:03 <DIR> d-------- c:\program files\PC Messenger
2009-01-26 15:34 . 2009-01-26 15:34 <DIR> d-------- c:\program files\RocketDock
2009-01-26 15:12 . 2009-01-26 15:12 <DIR> d-------- c:\program files\UberIcon
2009-01-26 15:02 . 2009-01-26 15:04 5,464 --a------ c:\windows\BricoPackFoldersDelete.cmd
2009-01-25 18:34 . 2008-04-14 07:52 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-24 22:19 . 2009-01-24 22:19 <DIR> d-------- c:\program files\Lavalys
2009-01-24 21:49 . 2009-01-25 20:58 1,348 --a------ c:\windows\vtplus32.ini
2009-01-24 21:48 . 2009-01-24 21:48 <DIR> d-------- c:\program files\Common Files\IviSDK
2009-01-24 21:48 . 2004-02-06 14:16 204,800 --a------ c:\windows\system32\Mdcustoms.ocx
2009-01-24 21:48 . 2001-01-12 11:02 53,248 --a------ c:\windows\system32\MDCustomPanels.ocx
2009-01-24 21:48 . 2006-01-25 16:49 40,960 --a------ c:\windows\system32\HcwTvTvOCX.ocx
2009-01-24 21:33 . 1999-05-06 23:00 244,232 --a------ c:\windows\system32\MsFlxGrd.ocx
2009-01-24 21:32 . 2001-07-19 08:44 393,216 --a------ c:\windows\system32\hcwsnbd9.dll
2009-01-24 21:32 . 2006-02-22 14:58 356,352 --a------ c:\windows\system32\HCWChMgr.ocx
2009-01-24 21:32 . 2004-02-13 15:58 65,536 --a------ c:\windows\system32\hcwdlg.ocx
2009-01-20 21:34 . 2009-01-20 21:34 <DIR> d-------- c:\program files\Microsoft
2009-01-17 21:14 . 2008-12-22 10:18 33,632 --a------ c:\windows\system32\DfSdkBt.exe
2009-01-17 08:56 . 2009-01-17 08:56 43,698 --a------ c:\windows\system32\xvid-uninstall.exe
2009-01-17 08:55 . 2009-01-17 08:55 <DIR> d-------- c:\program files\Gabest
2009-01-17 08:55 . 2009-01-17 18:59 <DIR> d-------- c:\program files\AutoGK
2009-01-16 16:53 . 2009-01-16 16:53 <DIR> d-------- C:\divx
2009-01-15 21:05 . 2008-11-06 17:37 120,056 --a------ c:\windows\system32\pxcpyi64.exe
2009-01-15 21:05 . 2008-11-06 17:37 118,520 --a------ c:\windows\system32\pxinsi64.exe
2009-01-14 22:08 . 2009-01-17 19:44 <DIR> d-------- c:\program files\Vista Start Menu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 08:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-13 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 19:47 --------- d-----w c:\program files\FlashGet
2009-02-12 18:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-12 17:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Vso
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:05 --------- d-----w c:\program files\WinTV
2009-02-06 20:45 --------- d-----w c:\documents and settings\Ludka\Data aplikací\DivX
2009-02-05 20:32 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Roxio
2009-02-04 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-31 14:27 --------- d-----w c:\program files\Avidemux 2.4
2009-01-31 14:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2009-01-28 19:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2009-01-26 14:04 70,821 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-26 14:04 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-24 20:49 --------- d-----w c:\program files\vtplus
2009-01-17 20:14 --------- d-----w c:\program files\Ashampoo
2009-01-17 19:26 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Offline Explorer
2009-01-17 19:25 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 19:25 --------- d-----w c:\program files\Settings
2009-01-17 19:25 --------- d-----w c:\program files\DeadDiskDoctor
2009-01-17 19:25 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2009-01-17 07:55 --------- d-----w c:\program files\AviSynth 2.5
2009-01-15 20:05 --------- d-----w c:\program files\DivX
2009-01-14 21:31 106 --sha-w c:\program files\desktop.ini
2009-01-14 21:25 --------- d-----w c:\program files\LClock
2009-01-10 20:36 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nero
2009-01-09 21:31 --------- d-----w c:\program files\CDRoller
2009-01-09 21:29 --------- d-----w c:\documents and settings\Ludka\Data aplikací\CDRoller
2009-01-09 21:19 --------- d-----w c:\program files\CDDVDDataRecovery
2009-01-05 06:59 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Ahead
2009-01-05 00:01 --------- d-----w c:\documents and settings\Ludka\Data aplikací\dvdcss
2009-01-02 11:32 --------- d-----w c:\program files\Common Files\Nero
2009-01-02 11:17 --------- d-----w c:\program files\Nero
2009-01-02 11:15 --------- d-----w c:\program files\Windows Sidebar
2009-01-02 11:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-12-26 19:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-12-25 13:48 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-21 16:41 --------- d-----w c:\program files\Nokia
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\Nokia
2008-12-21 16:34 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-21 16:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 10:31 --------- d-----w c:\program files\Offline Explorer Enterprise
2008-12-14 16:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 09:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-21 19:20 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Microsoft ----
2008-11-13 09:34 203112 --a------ c:\program files\Microsoft\Office Live\OLConnector.dll
2008-11-13 09:34 128360 --a------ c:\program files\Microsoft\Office Live\OLConnectorResources.dll
2008-11-13 09:33 97128 --a------ c:\program files\Microsoft\Office Live\OfficeLiveSignIn.exe
2008-11-13 09:33 65896 --a------ c:\program files\Microsoft\Office Live\npOLW.dll
2008-09-09 15:45 7699 --a------ c:\program files\Microsoft\Office Live\muauth.cab
------- Sigcheck -------
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\explorer.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-14_ 9.25.48,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-14 15:43:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-02-14 15:43:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-02 20:12 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-01-24 106551]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv -o [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 07:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Flashget"=c:\program files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Keyboard Driver"=stkhost.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-11 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-01-17 410976]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-01-25 c:\windows\Tasks\ShutDown.job
- c:\documents and settings\Ludka\Plocha\Be~ []
2009-01-25 c:\windows\Tasks\shut_down.job
- c:\program files\ShutDown v1.22a\shut_down.exe [2006-01-24 19:26]
2009-01-25 c:\windows\Tasks\WinTV2000.job
- c:\progra~1\WinTV\WinTV2K.EXE [2006-03-01 16:37]
.
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Stiahnuť položku pomocou FlashGetu - c:\program files\FlashGet\jc_link.htm
IE: &Stiahnuť všetky položky pomocou FlashGetu - c:\program files\FlashGet\jc_all.htm
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download with &Shareaza - c:\program files\P2P Rocket\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {817D4158-4FB2-4C06-A0F2-22ECBEE30B38} = 85.237.0.65 85.237.1.66
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 18:23:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-02-14 18:25:26
ComboFix-quarantined-files.txt 2009-02-14 17:25:05
ComboFix2.txt 2009-02-14 08:27:16
ComboFix3.txt 2009-01-25 19:40:13
Před spuštěním: Volných bajtů: 30 216 687 616
Po spuštění: Volných bajtů: 30,181,998,592
285 --- E O F --- 2009-02-12 18:10:29
ComboFix 09-02-12.03 - Ludka 2009-02-14 18:21:30.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.767.330 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ludka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\file2.exe
c:\windows\imsins.BAK
c:\windows\SxsCaPendDel
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskTBar
c:\program files\AskTBar\PopSwatr\History\allowed
c:\program files\AskTBar\PopSwatr\History\notallow
c:\windows\file2.exe
c:\windows\imsins.BAK
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-14 18:20 . 2009-02-14 18:20 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:08 . 2009-02-13 21:08 <DIR> d-------- c:\program files\Foxit Software
2009-02-06 21:29 . 2009-02-06 21:29 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-06 21:10 . 2009-02-06 21:10 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\HandBrake
2009-02-06 21:01 . 2009-02-06 21:01 <DIR> d-------- c:\program files\HandBrake
2009-02-06 12:44 . 2009-02-06 12:44 <DIR> d-------- c:\program files\Lavasoft
2009-02-06 12:44 . 2009-02-06 12:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-02-06 12:43 . 2009-02-06 12:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-02 21:44 . 2009-02-02 21:57 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-31 22:53 . 2009-01-31 22:53 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\NeroDigital(TM)
2009-01-28 20:03 . 2009-01-28 20:03 <DIR> d-------- c:\program files\PC Messenger
2009-01-26 15:34 . 2009-01-26 15:34 <DIR> d-------- c:\program files\RocketDock
2009-01-26 15:12 . 2009-01-26 15:12 <DIR> d-------- c:\program files\UberIcon
2009-01-26 15:02 . 2009-01-26 15:04 5,464 --a------ c:\windows\BricoPackFoldersDelete.cmd
2009-01-25 18:34 . 2008-04-14 07:52 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-24 22:19 . 2009-01-24 22:19 <DIR> d-------- c:\program files\Lavalys
2009-01-24 21:49 . 2009-01-25 20:58 1,348 --a------ c:\windows\vtplus32.ini
2009-01-24 21:48 . 2009-01-24 21:48 <DIR> d-------- c:\program files\Common Files\IviSDK
2009-01-24 21:48 . 2004-02-06 14:16 204,800 --a------ c:\windows\system32\Mdcustoms.ocx
2009-01-24 21:48 . 2001-01-12 11:02 53,248 --a------ c:\windows\system32\MDCustomPanels.ocx
2009-01-24 21:48 . 2006-01-25 16:49 40,960 --a------ c:\windows\system32\HcwTvTvOCX.ocx
2009-01-24 21:33 . 1999-05-06 23:00 244,232 --a------ c:\windows\system32\MsFlxGrd.ocx
2009-01-24 21:32 . 2001-07-19 08:44 393,216 --a------ c:\windows\system32\hcwsnbd9.dll
2009-01-24 21:32 . 2006-02-22 14:58 356,352 --a------ c:\windows\system32\HCWChMgr.ocx
2009-01-24 21:32 . 2004-02-13 15:58 65,536 --a------ c:\windows\system32\hcwdlg.ocx
2009-01-20 21:34 . 2009-01-20 21:34 <DIR> d-------- c:\program files\Microsoft
2009-01-17 21:14 . 2008-12-22 10:18 33,632 --a------ c:\windows\system32\DfSdkBt.exe
2009-01-17 08:56 . 2009-01-17 08:56 43,698 --a------ c:\windows\system32\xvid-uninstall.exe
2009-01-17 08:55 . 2009-01-17 08:55 <DIR> d-------- c:\program files\Gabest
2009-01-17 08:55 . 2009-01-17 18:59 <DIR> d-------- c:\program files\AutoGK
2009-01-16 16:53 . 2009-01-16 16:53 <DIR> d-------- C:\divx
2009-01-15 21:05 . 2008-11-06 17:37 120,056 --a------ c:\windows\system32\pxcpyi64.exe
2009-01-15 21:05 . 2008-11-06 17:37 118,520 --a------ c:\windows\system32\pxinsi64.exe
2009-01-14 22:08 . 2009-01-17 19:44 <DIR> d-------- c:\program files\Vista Start Menu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 08:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-13 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 19:47 --------- d-----w c:\program files\FlashGet
2009-02-12 18:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-12 17:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Vso
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:05 --------- d-----w c:\program files\WinTV
2009-02-06 20:45 --------- d-----w c:\documents and settings\Ludka\Data aplikací\DivX
2009-02-05 20:32 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Roxio
2009-02-04 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-31 14:27 --------- d-----w c:\program files\Avidemux 2.4
2009-01-31 14:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2009-01-28 19:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2009-01-26 14:04 70,821 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-26 14:04 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-24 20:49 --------- d-----w c:\program files\vtplus
2009-01-17 20:14 --------- d-----w c:\program files\Ashampoo
2009-01-17 19:26 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Offline Explorer
2009-01-17 19:25 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 19:25 --------- d-----w c:\program files\Settings
2009-01-17 19:25 --------- d-----w c:\program files\DeadDiskDoctor
2009-01-17 19:25 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2009-01-17 07:55 --------- d-----w c:\program files\AviSynth 2.5
2009-01-15 20:05 --------- d-----w c:\program files\DivX
2009-01-14 21:31 106 --sha-w c:\program files\desktop.ini
2009-01-14 21:25 --------- d-----w c:\program files\LClock
2009-01-10 20:36 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nero
2009-01-09 21:31 --------- d-----w c:\program files\CDRoller
2009-01-09 21:29 --------- d-----w c:\documents and settings\Ludka\Data aplikací\CDRoller
2009-01-09 21:19 --------- d-----w c:\program files\CDDVDDataRecovery
2009-01-05 06:59 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Ahead
2009-01-05 00:01 --------- d-----w c:\documents and settings\Ludka\Data aplikací\dvdcss
2009-01-02 11:32 --------- d-----w c:\program files\Common Files\Nero
2009-01-02 11:17 --------- d-----w c:\program files\Nero
2009-01-02 11:15 --------- d-----w c:\program files\Windows Sidebar
2009-01-02 11:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-12-26 19:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-12-25 13:48 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-21 16:41 --------- d-----w c:\program files\Nokia
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\Nokia
2008-12-21 16:34 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-21 16:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 10:31 --------- d-----w c:\program files\Offline Explorer Enterprise
2008-12-14 16:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 09:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-21 19:20 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Microsoft ----
2008-11-13 09:34 203112 --a------ c:\program files\Microsoft\Office Live\OLConnector.dll
2008-11-13 09:34 128360 --a------ c:\program files\Microsoft\Office Live\OLConnectorResources.dll
2008-11-13 09:33 97128 --a------ c:\program files\Microsoft\Office Live\OfficeLiveSignIn.exe
2008-11-13 09:33 65896 --a------ c:\program files\Microsoft\Office Live\npOLW.dll
2008-09-09 15:45 7699 --a------ c:\program files\Microsoft\Office Live\muauth.cab
------- Sigcheck -------
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\explorer.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-14_ 9.25.48,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-14 15:43:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-02-14 15:43:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-02 20:12 1569304 --a------ c:\program files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2008-11-02 1569304]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-01-24 106551]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv -o [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 07:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Flashget"=c:\program files\FlashGet\flashget.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Keyboard Driver"=stkhost.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-11 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-01-17 410976]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-01-25 c:\windows\Tasks\ShutDown.job
- c:\documents and settings\Ludka\Plocha\Be~ []
2009-01-25 c:\windows\Tasks\shut_down.job
- c:\program files\ShutDown v1.22a\shut_down.exe [2006-01-24 19:26]
2009-01-25 c:\windows\Tasks\WinTV2000.job
- c:\progra~1\WinTV\WinTV2K.EXE [2006-03-01 16:37]
.
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Stiahnuť položku pomocou FlashGetu - c:\program files\FlashGet\jc_link.htm
IE: &Stiahnuť všetky položky pomocou FlashGetu - c:\program files\FlashGet\jc_all.htm
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download with &Shareaza - c:\program files\P2P Rocket\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {817D4158-4FB2-4C06-A0F2-22ECBEE30B38} = 85.237.0.65 85.237.1.66
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 18:23:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-02-14 18:25:26
ComboFix-quarantined-files.txt 2009-02-14 17:25:05
ComboFix2.txt 2009-02-14 08:27:16
ComboFix3.txt 2009-01-25 19:40:13
Před spuštěním: Volných bajtů: 30 216 687 616
Po spuštění: Volných bajtů: 30,181,998,592
285 --- E O F --- 2009-02-12 18:10:29
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Výpis z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:57, on 14.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5728104421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8919112008
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D4158-4FB2-4C06-A0F2-22ECBEE30B38}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11810 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:57, on 14.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5728104421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8919112008
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D4158-4FB2-4C06-A0F2-22ECBEE30B38}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11810 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Takže ještě poslední script:
Postup stejný.Pak vlož log z CF a HJT.
Kód: Vybrat vše
Folder::
c:\windows\SxsCaPendDel
Registry::
[-HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[-HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Keyboard Driver"=- Postup stejný.Pak vlož log z CF a HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
ComboFix 09-02-12.03 - Ludka 2009-02-14 18:48:50.8 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.767.318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ludka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SxsCaPendDel
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-13 21:08 . 2009-02-13 21:08 <DIR> d-------- c:\program files\Foxit Software
2009-02-06 21:29 . 2009-02-06 21:29 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-06 21:10 . 2009-02-06 21:10 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\HandBrake
2009-02-06 21:01 . 2009-02-06 21:01 <DIR> d-------- c:\program files\HandBrake
2009-02-06 12:44 . 2009-02-06 12:44 <DIR> d-------- c:\program files\Lavasoft
2009-02-06 12:44 . 2009-02-06 12:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-02-06 12:43 . 2009-02-06 12:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-31 22:53 . 2009-01-31 22:53 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\NeroDigital(TM)
2009-01-28 20:03 . 2009-01-28 20:03 <DIR> d-------- c:\program files\PC Messenger
2009-01-26 15:34 . 2009-01-26 15:34 <DIR> d-------- c:\program files\RocketDock
2009-01-26 15:12 . 2009-01-26 15:12 <DIR> d-------- c:\program files\UberIcon
2009-01-26 15:02 . 2009-01-26 15:04 5,464 --a------ c:\windows\BricoPackFoldersDelete.cmd
2009-01-25 18:34 . 2008-04-14 07:52 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-24 22:19 . 2009-01-24 22:19 <DIR> d-------- c:\program files\Lavalys
2009-01-24 21:49 . 2009-01-25 20:58 1,348 --a------ c:\windows\vtplus32.ini
2009-01-24 21:48 . 2009-01-24 21:48 <DIR> d-------- c:\program files\Common Files\IviSDK
2009-01-24 21:48 . 2004-02-06 14:16 204,800 --a------ c:\windows\system32\Mdcustoms.ocx
2009-01-24 21:48 . 2001-01-12 11:02 53,248 --a------ c:\windows\system32\MDCustomPanels.ocx
2009-01-24 21:48 . 2006-01-25 16:49 40,960 --a------ c:\windows\system32\HcwTvTvOCX.ocx
2009-01-24 21:33 . 1999-05-06 23:00 244,232 --a------ c:\windows\system32\MsFlxGrd.ocx
2009-01-24 21:32 . 2001-07-19 08:44 393,216 --a------ c:\windows\system32\hcwsnbd9.dll
2009-01-24 21:32 . 2006-02-22 14:58 356,352 --a------ c:\windows\system32\HCWChMgr.ocx
2009-01-24 21:32 . 2004-02-13 15:58 65,536 --a------ c:\windows\system32\hcwdlg.ocx
2009-01-20 21:34 . 2009-01-20 21:34 <DIR> d-------- c:\program files\Microsoft
2009-01-17 21:14 . 2008-12-22 10:18 33,632 --a------ c:\windows\system32\DfSdkBt.exe
2009-01-17 08:56 . 2009-01-17 08:56 43,698 --a------ c:\windows\system32\xvid-uninstall.exe
2009-01-17 08:55 . 2009-01-17 08:55 <DIR> d-------- c:\program files\Gabest
2009-01-17 08:55 . 2009-01-17 18:59 <DIR> d-------- c:\program files\AutoGK
2009-01-16 16:53 . 2009-01-16 16:53 <DIR> d-------- C:\divx
2009-01-15 21:05 . 2008-11-06 17:37 120,056 --a------ c:\windows\system32\pxcpyi64.exe
2009-01-15 21:05 . 2008-11-06 17:37 118,520 --a------ c:\windows\system32\pxinsi64.exe
2009-01-14 22:08 . 2009-01-17 19:44 <DIR> d-------- c:\program files\Vista Start Menu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 08:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-13 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 19:47 --------- d-----w c:\program files\FlashGet
2009-02-12 18:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-12 17:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Vso
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:05 --------- d-----w c:\program files\WinTV
2009-02-06 20:45 --------- d-----w c:\documents and settings\Ludka\Data aplikací\DivX
2009-02-05 20:32 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Roxio
2009-02-04 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-31 14:27 --------- d-----w c:\program files\Avidemux 2.4
2009-01-31 14:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2009-01-28 19:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2009-01-26 14:04 70,821 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-26 14:04 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-24 20:49 --------- d-----w c:\program files\vtplus
2009-01-17 20:14 --------- d-----w c:\program files\Ashampoo
2009-01-17 19:26 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Offline Explorer
2009-01-17 19:25 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 19:25 --------- d-----w c:\program files\Settings
2009-01-17 19:25 --------- d-----w c:\program files\DeadDiskDoctor
2009-01-17 19:25 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2009-01-17 07:55 --------- d-----w c:\program files\AviSynth 2.5
2009-01-15 20:05 --------- d-----w c:\program files\DivX
2009-01-14 21:31 106 --sha-w c:\program files\desktop.ini
2009-01-14 21:25 --------- d-----w c:\program files\LClock
2009-01-10 20:36 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nero
2009-01-09 21:31 --------- d-----w c:\program files\CDRoller
2009-01-09 21:29 --------- d-----w c:\documents and settings\Ludka\Data aplikací\CDRoller
2009-01-09 21:19 --------- d-----w c:\program files\CDDVDDataRecovery
2009-01-05 06:59 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Ahead
2009-01-05 00:01 --------- d-----w c:\documents and settings\Ludka\Data aplikací\dvdcss
2009-01-02 11:32 --------- d-----w c:\program files\Common Files\Nero
2009-01-02 11:17 --------- d-----w c:\program files\Nero
2009-01-02 11:15 --------- d-----w c:\program files\Windows Sidebar
2009-01-02 11:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-12-26 19:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-12-25 13:48 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-21 16:41 --------- d-----w c:\program files\Nokia
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\Nokia
2008-12-21 16:34 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-21 16:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 10:31 --------- d-----w c:\program files\Offline Explorer Enterprise
2008-12-14 16:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 09:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-21 19:20 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.
------- Sigcheck -------
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\explorer.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-14_ 9.25.48,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-14 15:43:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-02-14 15:43:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-01-24 106551]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv -o [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 07:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Flashget"=c:\program files\FlashGet\flashget.exe /min
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-11 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-01-17 410976]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-01-25 c:\windows\Tasks\ShutDown.job
- c:\documents and settings\Ludka\Plocha\Be~ []
2009-01-25 c:\windows\Tasks\shut_down.job
- c:\program files\ShutDown v1.22a\shut_down.exe [2006-01-24 19:26]
2009-01-25 c:\windows\Tasks\WinTV2000.job
- c:\progra~1\WinTV\WinTV2K.EXE [2006-03-01 16:37]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Stiahnuť položku pomocou FlashGetu - c:\program files\FlashGet\jc_link.htm
IE: &Stiahnuť všetky položky pomocou FlashGetu - c:\program files\FlashGet\jc_all.htm
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download with &Shareaza - c:\program files\P2P Rocket\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {817D4158-4FB2-4C06-A0F2-22ECBEE30B38} = 85.237.0.65 85.237.1.66
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 18:51:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-02-14 18:53:06
ComboFix-quarantined-files.txt 2009-02-14 17:53:03
ComboFix2.txt 2009-02-14 17:25:27
ComboFix3.txt 2009-02-14 08:27:16
ComboFix4.txt 2009-01-25 19:40:13
Před spuštěním: Volných bajtů: 30 161 764 352
Po spuštění: Volných bajtů: 30,146,101,248
260 --- E O F --- 2009-02-12 18:10:29
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.767.318 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ludka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ludka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SxsCaPendDel
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-14 do 2009-02-14 )))))))))))))))))))))))))))))))
.
2009-02-13 21:08 . 2009-02-13 21:08 <DIR> d-------- c:\program files\Foxit Software
2009-02-06 21:29 . 2009-02-06 21:29 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-06 21:10 . 2009-02-06 21:10 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\HandBrake
2009-02-06 21:01 . 2009-02-06 21:01 <DIR> d-------- c:\program files\HandBrake
2009-02-06 12:44 . 2009-02-06 12:44 <DIR> d-------- c:\program files\Lavasoft
2009-02-06 12:44 . 2009-02-06 12:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-02-06 12:43 . 2009-02-06 12:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-31 22:53 . 2009-01-31 22:53 <DIR> d-------- c:\documents and settings\Ludka\Data aplikací\NeroDigital(TM)
2009-01-28 20:03 . 2009-01-28 20:03 <DIR> d-------- c:\program files\PC Messenger
2009-01-26 15:34 . 2009-01-26 15:34 <DIR> d-------- c:\program files\RocketDock
2009-01-26 15:12 . 2009-01-26 15:12 <DIR> d-------- c:\program files\UberIcon
2009-01-26 15:02 . 2009-01-26 15:04 5,464 --a------ c:\windows\BricoPackFoldersDelete.cmd
2009-01-25 18:34 . 2008-04-14 07:52 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-24 22:19 . 2009-01-24 22:19 <DIR> d-------- c:\program files\Lavalys
2009-01-24 21:49 . 2009-01-25 20:58 1,348 --a------ c:\windows\vtplus32.ini
2009-01-24 21:48 . 2009-01-24 21:48 <DIR> d-------- c:\program files\Common Files\IviSDK
2009-01-24 21:48 . 2004-02-06 14:16 204,800 --a------ c:\windows\system32\Mdcustoms.ocx
2009-01-24 21:48 . 2001-01-12 11:02 53,248 --a------ c:\windows\system32\MDCustomPanels.ocx
2009-01-24 21:48 . 2006-01-25 16:49 40,960 --a------ c:\windows\system32\HcwTvTvOCX.ocx
2009-01-24 21:33 . 1999-05-06 23:00 244,232 --a------ c:\windows\system32\MsFlxGrd.ocx
2009-01-24 21:32 . 2001-07-19 08:44 393,216 --a------ c:\windows\system32\hcwsnbd9.dll
2009-01-24 21:32 . 2006-02-22 14:58 356,352 --a------ c:\windows\system32\HCWChMgr.ocx
2009-01-24 21:32 . 2004-02-13 15:58 65,536 --a------ c:\windows\system32\hcwdlg.ocx
2009-01-20 21:34 . 2009-01-20 21:34 <DIR> d-------- c:\program files\Microsoft
2009-01-17 21:14 . 2008-12-22 10:18 33,632 --a------ c:\windows\system32\DfSdkBt.exe
2009-01-17 08:56 . 2009-01-17 08:56 43,698 --a------ c:\windows\system32\xvid-uninstall.exe
2009-01-17 08:55 . 2009-01-17 08:55 <DIR> d-------- c:\program files\Gabest
2009-01-17 08:55 . 2009-01-17 18:59 <DIR> d-------- c:\program files\AutoGK
2009-01-16 16:53 . 2009-01-16 16:53 <DIR> d-------- C:\divx
2009-01-15 21:05 . 2008-11-06 17:37 120,056 --a------ c:\windows\system32\pxcpyi64.exe
2009-01-15 21:05 . 2008-11-06 17:37 118,520 --a------ c:\windows\system32\pxinsi64.exe
2009-01-14 22:08 . 2009-01-17 19:44 <DIR> d-------- c:\program files\Vista Start Menu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 08:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-13 19:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 19:47 --------- d-----w c:\program files\FlashGet
2009-02-12 18:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-02-12 17:22 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Vso
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 20:05 --------- d-----w c:\program files\WinTV
2009-02-06 20:45 --------- d-----w c:\documents and settings\Ludka\Data aplikací\DivX
2009-02-05 20:32 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Roxio
2009-02-04 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-31 14:27 --------- d-----w c:\program files\Avidemux 2.4
2009-01-31 14:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\gtk-2.0
2009-01-28 19:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2009-01-26 14:04 70,821 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-26 14:04 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-01-24 20:49 --------- d-----w c:\program files\vtplus
2009-01-17 20:14 --------- d-----w c:\program files\Ashampoo
2009-01-17 19:26 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Offline Explorer
2009-01-17 19:25 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-17 19:25 --------- d-----w c:\program files\Settings
2009-01-17 19:25 --------- d-----w c:\program files\DeadDiskDoctor
2009-01-17 19:25 --------- d-----w c:\documents and settings\Ludka\Data aplikací\uTorrent
2009-01-17 07:55 --------- d-----w c:\program files\AviSynth 2.5
2009-01-15 20:05 --------- d-----w c:\program files\DivX
2009-01-14 21:31 106 --sha-w c:\program files\desktop.ini
2009-01-14 21:25 --------- d-----w c:\program files\LClock
2009-01-10 20:36 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nero
2009-01-09 21:31 --------- d-----w c:\program files\CDRoller
2009-01-09 21:29 --------- d-----w c:\documents and settings\Ludka\Data aplikací\CDRoller
2009-01-09 21:19 --------- d-----w c:\program files\CDDVDDataRecovery
2009-01-05 06:59 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Ahead
2009-01-05 00:01 --------- d-----w c:\documents and settings\Ludka\Data aplikací\dvdcss
2009-01-02 11:32 --------- d-----w c:\program files\Common Files\Nero
2009-01-02 11:17 --------- d-----w c:\program files\Nero
2009-01-02 11:15 --------- d-----w c:\program files\Windows Sidebar
2009-01-02 11:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-12-26 19:20 --------- d-----w c:\documents and settings\Ludka\Data aplikací\Nokia
2008-12-25 13:48 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-12-21 16:41 --------- d-----w c:\program files\Nokia
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-21 16:41 --------- d-----w c:\program files\Common Files\Nokia
2008-12-21 16:34 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-21 16:26 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 10:31 --------- d-----w c:\program files\Offline Explorer Enterprise
2008-12-14 16:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 09:27 --------- d-----w c:\documents and settings\Ludka\Data aplikací\PC Suite
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-21 19:20 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-17 07:23 81,920 ----a-w c:\documents and settings\Ludka\Data aplikací\ezpinst.exe
2008-11-17 07:23 47,360 ----a-w c:\documents and settings\Ludka\Data aplikací\pcouffin.sys
2008-07-15 20:51 3,361,792 ----a-w c:\program files\StrongDC.exe
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.
------- Sigcheck -------
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 07:52 976384 13e794e5591776cbc71055a7b3cc1d5f c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-17 14:49 1032704 53114d57ab73a406ac7f602227781a99 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\explorer.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
2004-08-17 14:49 111104 e9f9cd3c7f2e56505a0ac166580120e3 c:\windows\SoftwareDistribution\Download\eb0bafef2d63e64c417e80e803ff8747\backup\wuauclt.exe
2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-14_ 9.25.48,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-14 15:43:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-02-14 15:43:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\Ludka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-01-24 106551]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrpConv]
grpconv -o [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 07:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"AMP WinOFF"=c:\program files\amp winoff\winoff.exe -quiet
"Somefox"=c:\docume~1\Ludka\LOCALS~1\Temp\video198.cfg.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Flashget"=c:\program files\FlashGet\flashget.exe /min
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"c:\\Program Files\\StrongDC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\P2P Rocket\\P2P Rocket.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 9\\Nero ShowTime\\ShowTime.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-11 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2004-11-02 262144]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-09-04 11970]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-11 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-09-04 138816]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [2006-09-04 11841]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-09-04 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-09-04 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-09-04 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-09-04 23104]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\Ludka\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2009-01-17 410976]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-01-25 c:\windows\Tasks\ShutDown.job
- c:\documents and settings\Ludka\Plocha\Be~ []
2009-01-25 c:\windows\Tasks\shut_down.job
- c:\program files\ShutDown v1.22a\shut_down.exe [2006-01-24 19:26]
2009-01-25 c:\windows\Tasks\WinTV2000.job
- c:\progra~1\WinTV\WinTV2K.EXE [2006-03-01 16:37]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)
.
------- Doplňkový sken -------
.
mWindow Title = Microsoft Internet Explorer
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Stiahnuť položku pomocou FlashGetu - c:\program files\FlashGet\jc_link.htm
IE: &Stiahnuť všetky položky pomocou FlashGetu - c:\program files\FlashGet\jc_all.htm
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download with &Shareaza - c:\program files\P2P Rocket\Plugins\RazaWebHook.dll/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: {817D4158-4FB2-4C06-A0F2-22ECBEE30B38} = 85.237.0.65 85.237.1.66
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 18:51:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-02-14 18:53:06
ComboFix-quarantined-files.txt 2009-02-14 17:53:03
ComboFix2.txt 2009-02-14 17:25:27
ComboFix3.txt 2009-02-14 08:27:16
ComboFix4.txt 2009-01-25 19:40:13
Před spuštěním: Volných bajtů: 30 161 764 352
Po spuštění: Volných bajtů: 30,146,101,248
260 --- E O F --- 2009-02-12 18:10:29
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:29, on 14.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\Notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5728104421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8919112008
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D4158-4FB2-4C06-A0F2-22ECBEE30B38}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11615 bytes
Scan saved at 18:54:29, on 14.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\Notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: T-Mobile PC Messenger - {9D940EED-467E-4732-96B3-8BAF0D5AFDFF} - C:\Program Files\PC Messenger\PCMessengerBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5728104421
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8919112008
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D4158-4FB2-4C06-A0F2-22ECBEE30B38}: NameServer = 85.237.0.65 85.237.1.66
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 11615 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Pokud nejsou problémy , je to vše.
Kód: Vybrat vše
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\P2P Rocket\Plugins\RazaWebHook.dllComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Inak ešte raz VOPRED ĎAKUJEM za tvoj čas, za to že si sa venoval môjmu problému. A tiež by som sa chcel spýtať ak to nevadí na tvoj názor, totižto uvažujem, že preinštalujem celý Windows, naposledy som to urobil, myslím že počas leta a sám vidím, že je toho tu už veľa, myslím tých zbytočností a v konečnom dôsledku sa mi aj tak nepodarilo doriešiť ten problém z "režimom spánku", nie že by to bolo pre môj Comp príliž dôležité ale aj tak sa to občas hodí, hlavne keď chcem spustiť časové nahrávanie z televíznej karty.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu môjho PC-posielam vypis z HJT
Nevím , co přesně myslíš, aby se vypínal režim spánku při spuštění programu pro TV kartu?
To by mělo být nastaveno v tom programu. Mám sat. kartu a tamto tak je u všech programů , které k ní používám.
Nebo se Ti jedná spíše o probuzení na začátku nahrávání. Můžeš dát nové téma do jiné sekce , měl by Ti někdo poradit.
To by mělo být nastaveno v tom programu. Mám sat. kartu a tamto tak je u všech programů , které k ní používám.
Nebo se Ti jedná spíše o probuzení na začátku nahrávání. Můžeš dát nové téma do jiné sekce , měl by Ti někdo poradit.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 91 hostů