Dobrý den, posledních pár dnů mám problém s restartováním pc. Počítač se sám restartuje, bez jakékoliv hlášky. Nejsou v tom žádné pravidelné intervaly. Nejčastěji se restartuje při zapínání, ale však i při běhu windows.
Ted sem rád, že chvíli pc běží, tudiž bych poprosil o radu někoho zkušenějšího, děkuji.
Samovolné restartování PC Vyřešeno
Re: Samovolné restartování PC
log z RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2009-06-23 14:39:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 20 GB
Total RAM: 767 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:18, on 23. 6. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/store/general/re ... 1412758414
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7071 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll [2009-03-27 169392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-04-29 188416]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-05-28 1005960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="D:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-06-22 11:49:21 ----D---- C:\_OTM
2009-06-21 20:08:16 ----SHD---- C:\RECYCLER
2009-06-21 16:44:32 ----A---- C:\ComboFix.txt
2009-06-21 16:33:47 ----A---- C:\Boot.bak
2009-06-21 16:33:39 ----RASHD---- C:\cmdcons
2009-06-21 16:31:46 ----A---- C:\WINDOWS\zip.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\SWSC.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\SWREG.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\sed.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\PEV.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\grep.exe
2009-06-21 13:18:28 ----D---- C:\WINDOWS\ERDNT
2009-06-21 13:17:07 ----D---- C:\Qoobox
2009-06-21 12:57:58 ----D---- C:\Program Files\trend micro
2009-06-21 12:57:56 ----D---- C:\rsit
2009-06-20 19:21:38 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-11 23:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 23:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 23:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 23:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 23:22:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 23:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-08 23:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-07 23:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-07 20:23:58 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-06-07 20:13:28 ----D---- C:\WINDOWS\Prefetch
2009-06-07 20:12:32 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-07 20:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-06-07 20:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-07 20:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-07 20:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-06-07 20:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-07 20:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-07 20:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-07 20:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-07 20:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-06-07 20:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-07 20:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-07 20:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-07 20:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-07 20:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-07 20:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-06-07 20:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-07 20:01:51 ----A---- C:\WINDOWS\setuplog.txt
2009-06-07 19:59:40 ----D---- C:\WINDOWS\system32\cs-cz
2009-06-07 19:59:37 ----D---- C:\WINDOWS\system32\cs
2009-06-07 19:59:37 ----D---- C:\WINDOWS\l2schemas
2009-06-07 19:59:36 ----D---- C:\WINDOWS\system32\bits
2009-06-07 19:56:48 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-07 19:54:27 ----D---- C:\WINDOWS\network diagnostic
2009-06-07 19:52:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-07 19:48:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-03 11:51:01 ----D---- C:\Program Files\Common Files\Skype
2009-06-02 20:53:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-06-02 20:44:19 ----D---- C:\Documents and Settings\Martin\Data aplikací\Google
2009-06-02 20:36:40 ----D---- C:\Program Files\Google
2009-05-29 16:17:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sports Interactive
2009-05-29 15:59:49 ----HD---- C:\Program Files\Zero G Registry
======List of files/folders modified in the last 1 months======
2009-06-23 14:37:51 ----D---- C:\WINDOWS\Internet Logs
2009-06-23 14:36:18 ----D---- C:\Program Files\Mozilla Firefox
2009-06-23 14:35:46 ----D---- C:\WINDOWS\Temp
2009-06-23 14:04:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-23 14:04:09 ----D---- C:\WINDOWS
2009-06-23 13:59:06 ----D---- C:\WINDOWS\system32
2009-06-23 12:15:08 ----HD---- C:\WINDOWS\inf
2009-06-23 12:15:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-23 12:14:31 ----A---- C:\WINDOWS\imsins.BAK
2009-06-23 12:11:01 ----A---- C:\WINDOWS\system32\MRT.INI
2009-06-23 12:02:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-23 12:02:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-23 11:54:00 ----D---- C:\WINDOWS\system32\config
2009-06-23 11:52:39 ----D---- C:\WINDOWS\system32\wbem
2009-06-23 11:52:34 ----D---- C:\WINDOWS\Registration
2009-06-23 11:42:35 ----D---- C:\Documents and Settings\Martin\Data aplikací\Hamachi
2009-06-23 11:25:03 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-06-23 11:23:19 ----D---- C:\Documents and Settings\Martin\Data aplikací\DMCache
2009-06-23 11:10:00 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-06-22 13:11:52 ----D---- C:\WINDOWS\system32\drivers
2009-06-21 16:42:35 ----A---- C:\WINDOWS\system.ini
2009-06-21 16:38:33 ----D---- C:\WINDOWS\AppPatch
2009-06-21 16:38:25 ----D---- C:\Program Files\Common Files
2009-06-21 16:33:47 ----RASH---- C:\boot.ini
2009-06-21 12:57:58 ----RD---- C:\Program Files
2009-06-19 11:58:16 ----D---- C:\Documents and Settings\Martin\Data aplikací\Skype
2009-06-19 11:54:15 ----D---- C:\Documents and Settings\Martin\Data aplikací\skypePM
2009-06-11 23:25:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 12:13:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-08 20:46:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-08 20:24:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-08 17:54:42 ----SHD---- C:\WINDOWS\Installer
2009-06-08 11:32:32 ----D---- C:\WINDOWS\system32\DirectX
2009-06-07 23:20:11 ----D---- C:\WINDOWS\WinSxS
2009-06-07 21:01:44 ----D---- C:\TEMP
2009-06-07 20:14:40 ----D---- C:\WINDOWS\Debug
2009-06-07 20:11:31 ----D---- C:\WINDOWS\system32\Setup
2009-06-07 20:11:29 ----RSD---- C:\WINDOWS\Fonts
2009-06-07 20:06:10 ----D---- C:\Program Files\Messenger
2009-06-07 20:05:27 ----D---- C:\WINDOWS\security
2009-06-07 20:00:10 ----D---- C:\WINDOWS\ehome
2009-06-07 20:00:09 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-07 20:00:09 ----D---- C:\WINDOWS\Help
2009-06-07 20:00:08 ----D---- C:\WINDOWS\ime
2009-06-07 19:59:40 ----D---- C:\WINDOWS\system32\usmt
2009-06-07 19:59:38 ----D---- C:\Program Files\Internet Explorer
2009-06-07 19:59:36 ----D---- C:\WINDOWS\PeerNet
2009-06-07 19:59:36 ----D---- C:\Program Files\Movie Maker
2009-06-07 19:56:37 ----D---- C:\WINDOWS\system32\Restore
2009-06-07 19:56:37 ----D---- C:\WINDOWS\system32\npp
2009-06-07 19:56:36 ----D---- C:\WINDOWS\msagent
2009-06-07 19:56:34 ----D---- C:\WINDOWS\srchasst
2009-06-07 19:56:33 ----D---- C:\Program Files\NetMeeting
2009-06-07 19:56:32 ----D---- C:\WINDOWS\system32\Com
2009-06-07 19:56:30 ----D---- C:\Program Files\Windows Media Player
2009-06-07 19:56:27 ----D---- C:\Program Files\Windows NT
2009-06-07 19:56:27 ----D---- C:\Program Files\Outlook Express
2009-06-07 19:56:24 ----D---- C:\Program Files\Common Files\System
2009-06-07 19:56:04 ----D---- C:\WINDOWS\system32\oobe
2009-06-07 19:56:02 ----D---- C:\WINDOWS\system
2009-06-05 15:29:29 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2009-06-03 11:51:03 ----RD---- C:\Program Files\Skype
2009-06-03 11:51:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-06-02 20:53:02 ----SD---- C:\WINDOWS\Tasks
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-30 12:32:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-29 18:05:28 ----D---- C:\Program Files\Norton Security Scan
2009-05-29 16:17:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\Sports Interactive
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsdata.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-03 82380]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-05-28 365448]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-25 25280]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-04 47360]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 aw9oc6ol;aw9oc6ol; C:\WINDOWS\system32\drivers\aw9oc6ol.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 KLSIENET;Driver for USB Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\usb101et.sys [2004-08-17 32384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-21 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-05-28 2414984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-22 72704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-21 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2009-06-23 14:39:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 20 GB
Total RAM: 767 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:18, on 23. 6. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/store/general/re ... 1412758414
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7071 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll [2009-03-27 169392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-04-29 188416]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-05-28 1005960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="D:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-06-22 11:49:21 ----D---- C:\_OTM
2009-06-21 20:08:16 ----SHD---- C:\RECYCLER
2009-06-21 16:44:32 ----A---- C:\ComboFix.txt
2009-06-21 16:33:47 ----A---- C:\Boot.bak
2009-06-21 16:33:39 ----RASHD---- C:\cmdcons
2009-06-21 16:31:46 ----A---- C:\WINDOWS\zip.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\SWSC.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\SWREG.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\sed.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\PEV.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-21 16:31:46 ----A---- C:\WINDOWS\grep.exe
2009-06-21 13:18:28 ----D---- C:\WINDOWS\ERDNT
2009-06-21 13:17:07 ----D---- C:\Qoobox
2009-06-21 12:57:58 ----D---- C:\Program Files\trend micro
2009-06-21 12:57:56 ----D---- C:\rsit
2009-06-20 19:21:38 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-11 23:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 23:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 23:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 23:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 23:22:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 23:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-08 23:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-07 23:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-07 20:23:58 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-06-07 20:13:28 ----D---- C:\WINDOWS\Prefetch
2009-06-07 20:12:32 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-07 20:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-06-07 20:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-07 20:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-07 20:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-06-07 20:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-07 20:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-07 20:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-07 20:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-07 20:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-06-07 20:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-07 20:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-07 20:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-07 20:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-07 20:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-07 20:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-06-07 20:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-07 20:01:51 ----A---- C:\WINDOWS\setuplog.txt
2009-06-07 19:59:40 ----D---- C:\WINDOWS\system32\cs-cz
2009-06-07 19:59:37 ----D---- C:\WINDOWS\system32\cs
2009-06-07 19:59:37 ----D---- C:\WINDOWS\l2schemas
2009-06-07 19:59:36 ----D---- C:\WINDOWS\system32\bits
2009-06-07 19:56:48 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-07 19:54:27 ----D---- C:\WINDOWS\network diagnostic
2009-06-07 19:52:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-07 19:48:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-03 11:51:01 ----D---- C:\Program Files\Common Files\Skype
2009-06-02 20:53:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-06-02 20:44:19 ----D---- C:\Documents and Settings\Martin\Data aplikací\Google
2009-06-02 20:36:40 ----D---- C:\Program Files\Google
2009-05-29 16:17:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sports Interactive
2009-05-29 15:59:49 ----HD---- C:\Program Files\Zero G Registry
======List of files/folders modified in the last 1 months======
2009-06-23 14:37:51 ----D---- C:\WINDOWS\Internet Logs
2009-06-23 14:36:18 ----D---- C:\Program Files\Mozilla Firefox
2009-06-23 14:35:46 ----D---- C:\WINDOWS\Temp
2009-06-23 14:04:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-23 14:04:09 ----D---- C:\WINDOWS
2009-06-23 13:59:06 ----D---- C:\WINDOWS\system32
2009-06-23 12:15:08 ----HD---- C:\WINDOWS\inf
2009-06-23 12:15:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-23 12:14:31 ----A---- C:\WINDOWS\imsins.BAK
2009-06-23 12:11:01 ----A---- C:\WINDOWS\system32\MRT.INI
2009-06-23 12:02:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-23 12:02:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-23 11:54:00 ----D---- C:\WINDOWS\system32\config
2009-06-23 11:52:39 ----D---- C:\WINDOWS\system32\wbem
2009-06-23 11:52:34 ----D---- C:\WINDOWS\Registration
2009-06-23 11:42:35 ----D---- C:\Documents and Settings\Martin\Data aplikací\Hamachi
2009-06-23 11:25:03 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-06-23 11:23:19 ----D---- C:\Documents and Settings\Martin\Data aplikací\DMCache
2009-06-23 11:10:00 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-06-22 13:11:52 ----D---- C:\WINDOWS\system32\drivers
2009-06-21 16:42:35 ----A---- C:\WINDOWS\system.ini
2009-06-21 16:38:33 ----D---- C:\WINDOWS\AppPatch
2009-06-21 16:38:25 ----D---- C:\Program Files\Common Files
2009-06-21 16:33:47 ----RASH---- C:\boot.ini
2009-06-21 12:57:58 ----RD---- C:\Program Files
2009-06-19 11:58:16 ----D---- C:\Documents and Settings\Martin\Data aplikací\Skype
2009-06-19 11:54:15 ----D---- C:\Documents and Settings\Martin\Data aplikací\skypePM
2009-06-11 23:25:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 12:13:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-08 20:46:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-08 20:24:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-08 17:54:42 ----SHD---- C:\WINDOWS\Installer
2009-06-08 11:32:32 ----D---- C:\WINDOWS\system32\DirectX
2009-06-07 23:20:11 ----D---- C:\WINDOWS\WinSxS
2009-06-07 21:01:44 ----D---- C:\TEMP
2009-06-07 20:14:40 ----D---- C:\WINDOWS\Debug
2009-06-07 20:11:31 ----D---- C:\WINDOWS\system32\Setup
2009-06-07 20:11:29 ----RSD---- C:\WINDOWS\Fonts
2009-06-07 20:06:10 ----D---- C:\Program Files\Messenger
2009-06-07 20:05:27 ----D---- C:\WINDOWS\security
2009-06-07 20:00:10 ----D---- C:\WINDOWS\ehome
2009-06-07 20:00:09 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-07 20:00:09 ----D---- C:\WINDOWS\Help
2009-06-07 20:00:08 ----D---- C:\WINDOWS\ime
2009-06-07 19:59:40 ----D---- C:\WINDOWS\system32\usmt
2009-06-07 19:59:38 ----D---- C:\Program Files\Internet Explorer
2009-06-07 19:59:36 ----D---- C:\WINDOWS\PeerNet
2009-06-07 19:59:36 ----D---- C:\Program Files\Movie Maker
2009-06-07 19:56:37 ----D---- C:\WINDOWS\system32\Restore
2009-06-07 19:56:37 ----D---- C:\WINDOWS\system32\npp
2009-06-07 19:56:36 ----D---- C:\WINDOWS\msagent
2009-06-07 19:56:34 ----D---- C:\WINDOWS\srchasst
2009-06-07 19:56:33 ----D---- C:\Program Files\NetMeeting
2009-06-07 19:56:32 ----D---- C:\WINDOWS\system32\Com
2009-06-07 19:56:30 ----D---- C:\Program Files\Windows Media Player
2009-06-07 19:56:27 ----D---- C:\Program Files\Windows NT
2009-06-07 19:56:27 ----D---- C:\Program Files\Outlook Express
2009-06-07 19:56:24 ----D---- C:\Program Files\Common Files\System
2009-06-07 19:56:04 ----D---- C:\WINDOWS\system32\oobe
2009-06-07 19:56:02 ----D---- C:\WINDOWS\system
2009-06-05 15:29:29 ----D---- C:\Documents and Settings\Martin\Data aplikací\Adobe
2009-06-03 11:51:03 ----RD---- C:\Program Files\Skype
2009-06-03 11:51:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-06-02 20:53:02 ----SD---- C:\WINDOWS\Tasks
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-30 12:32:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-29 18:05:28 ----D---- C:\Program Files\Norton Security Scan
2009-05-29 16:17:32 ----D---- C:\Documents and Settings\Martin\Data aplikací\Sports Interactive
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-05-28 20:25:38 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-05-28 20:25:36 ----A---- C:\WINDOWS\system32\vsdata.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-01-03 82380]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-05-28 365448]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-25 25280]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-04 47360]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 aw9oc6ol;aw9oc6ol; C:\WINDOWS\system32\drivers\aw9oc6ol.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 KLSIENET;Driver for USB Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\usb101et.sys [2004-08-17 32384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-21 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-05-28 2414984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-22 72704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-12-21 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
-----------------EOF-----------------
Re: Samovolné restartování PC
taky mam tento problém...z ničeho nic se mi restartuje pc...nekdy pet minut po startu windows nekdy treba az po pul dni...vubec nevim co stim..
Re: Samovolné restartování PC
Mě se to stalo, když jsem zadal heslo, tak se to restartovalo, ale asi po páté mi naběhla modrá smrt a vše šlape...
Re: Samovolné restartování PC
Jenže mě se to děje už tak 3-4den,... 
Neví někdo co s tim? 
Neví někdo co s tim? Re: Samovolné restartování PC
ja tenhle problem resim uz asi rok...spis sem pc nepotreboval rok pouzivat, mel jsem notas, ale ted zas pc potrebuju tak jsem to začal resit ale nevim cim by to mohlo byt :(
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Samovolné restartování PC
Prosil bych všechny, co mají problém, ať si založí vlastní topic a tam vloží log z HJT a nepletly se do jednoho topicu jednoho uživatele.
*****************************************************************************************************************************************
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
-----**********************************************************************************************************************************---
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
*****************************************************************************************************************************************
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou zmáčknout
"Fix checked"):
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
-----**********************************************************************************************************************************---
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Samovolné restartování PC
Malwarebytes' Anti-Malware 1.38
Verze databáze: 2324
Windows 5.1.2600 Service Pack 3
23. 6. 2009 15:32:33
mbam-log-2009-06-23 (15-32-33).txt
Typ skenu: Rychlý sken
Objektu skenováno: 96398
Uplynulý cas: 6 minute(s), 57 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Verze databáze: 2324
Windows 5.1.2600 Service Pack 3
23. 6. 2009 15:32:33
mbam-log-2009-06-23 (15-32-33).txt
Typ skenu: Rychlý sken
Objektu skenováno: 96398
Uplynulý cas: 6 minute(s), 57 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Samovolné restartování PC
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Samovolné restartování PC
ComboFix 09-06-20.02 - Martin . 06. 2009 15:43.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.429 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090501-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 13:39 . 2009-06-23 13:40 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-23 13:23 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 13:23 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 13:23 . 2009-06-23 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 09:52 . 2009-06-23 09:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-22 10:59 . 2009-06-23 09:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2009-06-22 09:49 . 2009-06-22 09:49 -------- d-----w- C:\_OTM
2009-06-21 10:57 . 2009-06-23 13:22 -------- d-----w- c:\program files\trend micro
2009-06-21 10:57 . 2009-06-21 11:02 -------- d-----w- C:\rsit
2009-06-08 18:47 . 2009-06-08 18:47 528 ----a-w- c:\windows\eReg.dat
2009-06-07 18:23 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-07 18:17 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-07 18:17 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-07 18:17 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-07 18:17 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-07 18:17 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-07 18:17 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-07 18:17 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-07 18:17 . 2009-02-09 10:56 728064 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-07 18:17 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-07 18:17 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-07 18:17 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-07 18:17 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-07 18:16 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-07 18:15 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-07 18:15 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs-cz
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\l2schemas
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\bits
2009-06-07 17:56 . 2009-06-07 18:00 -------- d-----w- c:\windows\ServicePackFiles
2009-06-03 09:51 . 2009-06-03 09:51 -------- d-----w- c:\program files\Common Files\Skype
2009-06-02 18:36 . 2009-06-03 08:10 -------- d-----w- c:\program files\Google
2009-05-29 13:59 . 2009-05-29 14:03 -------- d--h--w- c:\program files\Zero G Registry
2009-05-29 13:58 . 2009-05-29 13:58 -------- d--h--w- c:\documents and settings\Martin\InstallAnywhere
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 13:24 . 2008-12-21 16:55 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-23 11:59 . 2009-06-23 12:00 99328 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-23 11:59 . 2009-06-23 12:00 3573248 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-23 09:25 . 2009-06-23 09:55 82432 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-23 09:19 . 2009-06-23 09:21 16384 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-23 09:19 . 2009-06-23 09:21 3567616 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-23 09:14 . 2009-06-23 09:19 3573248 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-23 09:14 . 2009-06-23 09:19 187904 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-23 09:08 . 2009-06-23 09:08 60779 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip
2009-06-23 08:46 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 08:46 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-06-22 20:16 . 2009-06-23 08:37 101888 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-22 12:26 . 2009-06-22 12:45 8704 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-22 12:24 . 2009-06-22 12:26 163840 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-22 11:03 . 2009-06-22 11:28 8704 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-22 10:55 . 2009-06-22 11:03 121856 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-22 10:55 . 2009-06-22 11:03 3578880 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-22 09:53 . 2009-06-22 09:54 13824 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-22 09:52 . 2009-06-22 09:53 3573760 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-06-22 09:52 . 2009-06-22 09:53 1900544 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-22 09:26 . 2009-06-22 09:27 3571200 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-19 20:03 . 2009-06-19 20:15 3544064 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-06-14 15:22 . 2009-06-14 15:25 330752 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-06-12 19:01 . 2009-06-13 11:52 849920 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-06-08 18:46 . 2008-12-21 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:24 . 2008-12-21 17:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-08 10:05 . 2009-06-08 10:06 794624 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-06-07 18:03 . 2008-10-26 23:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-07 18:03 . 2008-10-26 23:10 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-05 17:30 . 2009-06-05 19:43 781824 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-06-05 17:30 . 2009-06-05 19:43 2940928 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-06-03 09:51 . 2009-01-08 16:41 -------- d-----r- c:\program files\Skype
2009-06-02 15:36 . 2009-06-02 17:18 141824 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-06-01 12:03 . 2009-06-01 14:01 64000 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-31 21:47 . 2009-06-01 09:35 317440 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-30 10:32 . 2009-05-23 12:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-29 16:05 . 2009-05-23 12:29 -------- d-----w- c:\program files\Norton Security Scan
2009-05-29 15:38 . 2009-05-29 15:40 3202048 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-05-28 18:25 . 2008-12-21 16:55 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-05-28 18:25 . 2008-12-21 16:55 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-05-22 08:37 . 2009-05-22 08:50 2824192 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-05-21 21:35 . 2009-05-22 06:57 445440 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-05-21 20:35 . 2009-05-21 20:35 -------- d-----w- c:\program files\TVAnts
2009-05-15 20:13 . 2009-05-16 08:26 1249280 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-05-10 09:33 . 2009-05-10 09:43 2797568 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-05-09 10:57 . 2009-01-02 13:51 -------- d-----w- c:\program files\hp deskjet 3420 series
2009-05-09 10:55 . 2009-01-02 13:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 15:56 . 2009-05-05 15:56 -------- d-----w- c:\program files\Fractalis Software
2009-05-05 15:56 . 2008-12-21 17:12 720896 ----a-w- c:\windows\iun6002.exe
2009-04-30 16:18 . 2009-04-30 16:19 2758656 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-04-29 20:29 . 2009-02-19 16:58 6770800 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-04-29 20:28 . 2009-04-29 20:29 435200 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-04-29 04:35 . 2004-08-17 13:49 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:35 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 21:46 . 2009-04-25 09:05 272384 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-04-19 21:20 . 2009-04-20 07:45 1131008 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k(2)(2).sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll
2009-04-10 13:50 . 2009-04-10 13:51 2663936 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-04-03 15:36 . 2009-04-03 17:32 449536 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-03-28 13:30 . 2009-03-28 18:05 218624 ----a-w- c:\windows\Internet Logs\xDBF.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-06-21_14.42.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
+ 2008-12-21 17:16 . 2008-07-09 07:36 18296 c:\windows\system32\spmsg.dll
- 2008-12-21 17:16 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 40128 c:\windows\system32\perfc009.dat
+ 2009-02-20 08:12 . 2009-04-29 04:35 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:12 . 2009-02-20 08:12 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 667136 c:\windows\system32\wininet(2).dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 619520 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 619008 c:\windows\system32\urlmon(2).dll
+ 2004-08-17 13:49 . 2008-04-14 03:21 584704 c:\windows\system32\rpcrt4(5).dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 311740 c:\windows\system32\perfh009.dat
+ 2008-10-26 23:48 . 2009-06-23 11:59 207304 c:\windows\system32\FNTCACHE.DAT
- 2008-10-26 23:48 . 2009-06-21 14:03 207304 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-20 05:10 . 2009-04-29 04:35 667648 c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
- 2004-08-17 13:49 . 2009-03-02 23:11 1499648 c:\windows\system32\shdocvw.dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 1499648 c:\windows\system32\shdocvw.dll
+ 2009-06-21 10:34 . 2009-06-23 09:54 1521584 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-17 13:49 . 2009-04-29 04:35 3089920 c:\windows\system32\mshtml.dll
+ 2008-10-27 13:06 . 2009-04-19 19:52 1847168 c:\windows\system32\dllcache\win32k.sys
- 2008-08-20 05:10 . 2009-03-02 23:11 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 3089920 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-07 18:24 . 2009-06-23 09:10 12749243 c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-12-21 18:46 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21. 12. 2008 19:57 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21. 12. 2008 19:57 20560]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [27. 10. 2008 2:38 32384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30. 12. 2008 22:48 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30. 12. 2008 22:48 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30. 12. 2008 22:48 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30. 12. 2008 22:48 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30. 12. 2008 22:48 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30. 12. 2008 22:48 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30. 12. 2008 22:48 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Connection Wizard,ShellNext = hxxp://store.adobe.com/store/general/re ... 1412758414
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 15:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):db,75,47,12,96,6d,8a,37,9a,b8,50,51,d6,cf,0a,1a,a1,c4,50,44,e3,
4d,5e,0f,4f,db,1c,f0,e0,2f,60,6f,2c,d2,3d,16,57,2d,cf,7a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f6b12322-7ebf-4a36-a9d6-4bb46c13c95c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,a9,bb,7a,82,01,cb,69,2c,b8,c1,05,42,6b,6a,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-23 15:50
ComboFix-quarantined-files.txt 2009-06-23 13:49
ComboFix2.txt 2009-06-21 14:44
Před spuštěním: 3 078 119 424
Po spuštění: 3 080 282 112
246 --- E O F --- 2009-06-23 10:15
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.429 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090501-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 13:39 . 2009-06-23 13:40 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-23 13:23 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 13:23 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 13:23 . 2009-06-23 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 09:52 . 2009-06-23 09:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-22 10:59 . 2009-06-23 09:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2009-06-22 09:49 . 2009-06-22 09:49 -------- d-----w- C:\_OTM
2009-06-21 10:57 . 2009-06-23 13:22 -------- d-----w- c:\program files\trend micro
2009-06-21 10:57 . 2009-06-21 11:02 -------- d-----w- C:\rsit
2009-06-08 18:47 . 2009-06-08 18:47 528 ----a-w- c:\windows\eReg.dat
2009-06-07 18:23 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-07 18:17 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-07 18:17 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-07 18:17 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-07 18:17 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-07 18:17 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-07 18:17 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-07 18:17 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-07 18:17 . 2009-02-09 10:56 728064 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-07 18:17 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-07 18:17 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-07 18:17 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-07 18:17 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-07 18:16 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-07 18:15 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-07 18:15 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs-cz
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\l2schemas
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\bits
2009-06-07 17:56 . 2009-06-07 18:00 -------- d-----w- c:\windows\ServicePackFiles
2009-06-03 09:51 . 2009-06-03 09:51 -------- d-----w- c:\program files\Common Files\Skype
2009-06-02 18:36 . 2009-06-03 08:10 -------- d-----w- c:\program files\Google
2009-05-29 13:59 . 2009-05-29 14:03 -------- d--h--w- c:\program files\Zero G Registry
2009-05-29 13:58 . 2009-05-29 13:58 -------- d--h--w- c:\documents and settings\Martin\InstallAnywhere
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 13:24 . 2008-12-21 16:55 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-23 11:59 . 2009-06-23 12:00 99328 ----a-w- c:\windows\Internet Logs\xDB33.tmp
2009-06-23 11:59 . 2009-06-23 12:00 3573248 ----a-w- c:\windows\Internet Logs\xDB34.tmp
2009-06-23 09:25 . 2009-06-23 09:55 82432 ----a-w- c:\windows\Internet Logs\xDB32.tmp
2009-06-23 09:19 . 2009-06-23 09:21 16384 ----a-w- c:\windows\Internet Logs\xDB30.tmp
2009-06-23 09:19 . 2009-06-23 09:21 3567616 ----a-w- c:\windows\Internet Logs\xDB31.tmp
2009-06-23 09:14 . 2009-06-23 09:19 3573248 ----a-w- c:\windows\Internet Logs\xDB2F.tmp
2009-06-23 09:14 . 2009-06-23 09:19 187904 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2009-06-23 09:08 . 2009-06-23 09:08 60779 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip
2009-06-23 08:46 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 08:46 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-06-22 20:16 . 2009-06-23 08:37 101888 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2009-06-22 12:26 . 2009-06-22 12:45 8704 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2009-06-22 12:24 . 2009-06-22 12:26 163840 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2009-06-22 11:03 . 2009-06-22 11:28 8704 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2009-06-22 10:55 . 2009-06-22 11:03 121856 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2009-06-22 10:55 . 2009-06-22 11:03 3578880 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2009-06-22 09:53 . 2009-06-22 09:54 13824 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2009-06-22 09:52 . 2009-06-22 09:53 3573760 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2009-06-22 09:52 . 2009-06-22 09:53 1900544 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2009-06-22 09:26 . 2009-06-22 09:27 3571200 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2009-06-19 20:03 . 2009-06-19 20:15 3544064 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2009-06-14 15:22 . 2009-06-14 15:25 330752 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2009-06-12 19:01 . 2009-06-13 11:52 849920 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2009-06-08 18:46 . 2008-12-21 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:24 . 2008-12-21 17:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-08 10:05 . 2009-06-08 10:06 794624 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-06-07 18:03 . 2008-10-26 23:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-07 18:03 . 2008-10-26 23:10 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-05 17:30 . 2009-06-05 19:43 781824 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-06-05 17:30 . 2009-06-05 19:43 2940928 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-06-03 09:51 . 2009-01-08 16:41 -------- d-----r- c:\program files\Skype
2009-06-02 15:36 . 2009-06-02 17:18 141824 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-06-01 12:03 . 2009-06-01 14:01 64000 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-31 21:47 . 2009-06-01 09:35 317440 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-30 10:32 . 2009-05-23 12:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-29 16:05 . 2009-05-23 12:29 -------- d-----w- c:\program files\Norton Security Scan
2009-05-29 15:38 . 2009-05-29 15:40 3202048 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-05-28 18:25 . 2008-12-21 16:55 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-05-28 18:25 . 2008-12-21 16:55 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-05-22 08:37 . 2009-05-22 08:50 2824192 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2009-05-21 21:35 . 2009-05-22 06:57 445440 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2009-05-21 20:35 . 2009-05-21 20:35 -------- d-----w- c:\program files\TVAnts
2009-05-15 20:13 . 2009-05-16 08:26 1249280 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2009-05-10 09:33 . 2009-05-10 09:43 2797568 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2009-05-09 10:57 . 2009-01-02 13:51 -------- d-----w- c:\program files\hp deskjet 3420 series
2009-05-09 10:55 . 2009-01-02 13:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 15:56 . 2009-05-05 15:56 -------- d-----w- c:\program files\Fractalis Software
2009-05-05 15:56 . 2008-12-21 17:12 720896 ----a-w- c:\windows\iun6002.exe
2009-04-30 16:18 . 2009-04-30 16:19 2758656 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2009-04-29 20:29 . 2009-02-19 16:58 6770800 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-04-29 20:28 . 2009-04-29 20:29 435200 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2009-04-29 04:35 . 2004-08-17 13:49 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:35 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 21:46 . 2009-04-25 09:05 272384 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2009-04-19 21:20 . 2009-04-20 07:45 1131008 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k(2)(2).sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll
2009-04-10 13:50 . 2009-04-10 13:51 2663936 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-04-03 15:36 . 2009-04-03 17:32 449536 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-03-28 13:30 . 2009-03-28 18:05 218624 ----a-w- c:\windows\Internet Logs\xDBF.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-06-21_14.42.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
+ 2008-12-21 17:16 . 2008-07-09 07:36 18296 c:\windows\system32\spmsg.dll
- 2008-12-21 17:16 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 40128 c:\windows\system32\perfc009.dat
+ 2009-02-20 08:12 . 2009-04-29 04:35 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:12 . 2009-02-20 08:12 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 667136 c:\windows\system32\wininet(2).dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 619520 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 619008 c:\windows\system32\urlmon(2).dll
+ 2004-08-17 13:49 . 2008-04-14 03:21 584704 c:\windows\system32\rpcrt4(5).dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 311740 c:\windows\system32\perfh009.dat
+ 2008-10-26 23:48 . 2009-06-23 11:59 207304 c:\windows\system32\FNTCACHE.DAT
- 2008-10-26 23:48 . 2009-06-21 14:03 207304 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-20 05:10 . 2009-04-29 04:35 667648 c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
- 2004-08-17 13:49 . 2009-03-02 23:11 1499648 c:\windows\system32\shdocvw.dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 1499648 c:\windows\system32\shdocvw.dll
+ 2009-06-21 10:34 . 2009-06-23 09:54 1521584 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-17 13:49 . 2009-04-29 04:35 3089920 c:\windows\system32\mshtml.dll
+ 2008-10-27 13:06 . 2009-04-19 19:52 1847168 c:\windows\system32\dllcache\win32k.sys
- 2008-08-20 05:10 . 2009-03-02 23:11 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 3089920 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-07 18:24 . 2009-06-23 09:10 12749243 c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-12-21 18:46 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21. 12. 2008 19:57 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21. 12. 2008 19:57 20560]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [27. 10. 2008 2:38 32384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30. 12. 2008 22:48 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30. 12. 2008 22:48 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30. 12. 2008 22:48 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30. 12. 2008 22:48 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30. 12. 2008 22:48 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30. 12. 2008 22:48 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30. 12. 2008 22:48 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Connection Wizard,ShellNext = hxxp://store.adobe.com/store/general/re ... 1412758414
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 15:47
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):db,75,47,12,96,6d,8a,37,9a,b8,50,51,d6,cf,0a,1a,a1,c4,50,44,e3,
4d,5e,0f,4f,db,1c,f0,e0,2f,60,6f,2c,d2,3d,16,57,2d,cf,7a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f6b12322-7ebf-4a36-a9d6-4bb46c13c95c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,a9,bb,7a,82,01,cb,69,2c,b8,c1,05,42,6b,6a,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-06-23 15:50
ComboFix-quarantined-files.txt 2009-06-23 13:49
ComboFix2.txt 2009-06-21 14:44
Před spuštěním: 3 078 119 424
Po spuštění: 3 080 282 112
246 --- E O F --- 2009-06-23 10:15
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Samovolné restartování PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\eReg.dat
c:\windows\Internet Logs\xDB33.tmp
c:\windows\Internet Logs\xDB34.tmp
c:\windows\Internet Logs\xDB32.tmp
c:\windows\Internet Logs\xDB30.tmp
c:\windows\Internet Logs\xDB31.tmp
c:\windows\Internet Logs\xDB2F.tmp
c:\windows\Internet Logs\xDB2E.tmp
c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip
c:\windows\Internet Logs\xDB2D.tmp
c:\windows\Internet Logs\xDB2C.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB26.tmp
c:\windows\Internet Logs\xDB25.tmp
c:\windows\Internet Logs\xDB24.tmp
c:\windows\Internet Logs\xDB23.tmp
c:\windows\Internet Logs\xDB22.tmp
c:\windows\Internet Logs\xDB21.tmp
c:\windows\Internet Logs\xDB20.tmp
c:\windows\Internet Logs\xDB1E.tmp
c:\windows\Internet Logs\xDB1F.tmp
c:\windows\Internet Logs\xDB1D.tmp
c:\windows\Internet Logs\xDB1C.tmp
c:\windows\Internet Logs\xDB1B.tmp
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB18.tmp
c:\windows\Internet Logs\xDB17.tmp
c:\windows\Internet Logs\xDB16.tmp
c:\windows\Internet Logs\xDB15.tmp
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB13.tmp
c:\windows\Internet Logs\xDB12.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\Internet Logs\xDB10.tmp
c:\windows\Internet Logs\xDBF.tmp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\eReg.dat
c:\windows\Internet Logs\xDB33.tmp
c:\windows\Internet Logs\xDB34.tmp
c:\windows\Internet Logs\xDB32.tmp
c:\windows\Internet Logs\xDB30.tmp
c:\windows\Internet Logs\xDB31.tmp
c:\windows\Internet Logs\xDB2F.tmp
c:\windows\Internet Logs\xDB2E.tmp
c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip
c:\windows\Internet Logs\xDB2D.tmp
c:\windows\Internet Logs\xDB2C.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB26.tmp
c:\windows\Internet Logs\xDB25.tmp
c:\windows\Internet Logs\xDB24.tmp
c:\windows\Internet Logs\xDB23.tmp
c:\windows\Internet Logs\xDB22.tmp
c:\windows\Internet Logs\xDB21.tmp
c:\windows\Internet Logs\xDB20.tmp
c:\windows\Internet Logs\xDB1E.tmp
c:\windows\Internet Logs\xDB1F.tmp
c:\windows\Internet Logs\xDB1D.tmp
c:\windows\Internet Logs\xDB1C.tmp
c:\windows\Internet Logs\xDB1B.tmp
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB18.tmp
c:\windows\Internet Logs\xDB17.tmp
c:\windows\Internet Logs\xDB16.tmp
c:\windows\Internet Logs\xDB15.tmp
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB13.tmp
c:\windows\Internet Logs\xDB12.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\Internet Logs\xDB10.tmp
c:\windows\Internet Logs\xDBF.tmp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Samovolné restartování PC
ComboFIX
ComboFix 09-06-20.02 - Martin . 06. 2009 16:49.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090501-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\eReg.dat"
"c:\windows\Internet Logs\tvDebug.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip"
"c:\windows\Internet Logs\xDB10.tmp"
"c:\windows\Internet Logs\xDB11.tmp"
"c:\windows\Internet Logs\xDB12.tmp"
"c:\windows\Internet Logs\xDB13.tmp"
"c:\windows\Internet Logs\xDB14.tmp"
"c:\windows\Internet Logs\xDB15.tmp"
"c:\windows\Internet Logs\xDB16.tmp"
"c:\windows\Internet Logs\xDB17.tmp"
"c:\windows\Internet Logs\xDB18.tmp"
"c:\windows\Internet Logs\xDB19.tmp"
"c:\windows\Internet Logs\xDB1A.tmp"
"c:\windows\Internet Logs\xDB1B.tmp"
"c:\windows\Internet Logs\xDB1C.tmp"
"c:\windows\Internet Logs\xDB1D.tmp"
"c:\windows\Internet Logs\xDB1E.tmp"
"c:\windows\Internet Logs\xDB1F.tmp"
"c:\windows\Internet Logs\xDB20.tmp"
"c:\windows\Internet Logs\xDB21.tmp"
"c:\windows\Internet Logs\xDB22.tmp"
"c:\windows\Internet Logs\xDB23.tmp"
"c:\windows\Internet Logs\xDB24.tmp"
"c:\windows\Internet Logs\xDB25.tmp"
"c:\windows\Internet Logs\xDB26.tmp"
"c:\windows\Internet Logs\xDB27.tmp"
"c:\windows\Internet Logs\xDB28.tmp"
"c:\windows\Internet Logs\xDB29.tmp"
"c:\windows\Internet Logs\xDB2A.tmp"
"c:\windows\Internet Logs\xDB2B.tmp"
"c:\windows\Internet Logs\xDB2C.tmp"
"c:\windows\Internet Logs\xDB2D.tmp"
"c:\windows\Internet Logs\xDB2E.tmp"
"c:\windows\Internet Logs\xDB2F.tmp"
"c:\windows\Internet Logs\xDB30.tmp"
"c:\windows\Internet Logs\xDB31.tmp"
"c:\windows\Internet Logs\xDB32.tmp"
"c:\windows\Internet Logs\xDB33.tmp"
"c:\windows\Internet Logs\xDB34.tmp"
"c:\windows\Internet Logs\xDBF.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\eReg.dat
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip
c:\windows\Internet Logs\xDB10.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\Internet Logs\xDB12.tmp
c:\windows\Internet Logs\xDB13.tmp
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB15.tmp
c:\windows\Internet Logs\xDB16.tmp
c:\windows\Internet Logs\xDB17.tmp
c:\windows\Internet Logs\xDB18.tmp
c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB1B.tmp
c:\windows\Internet Logs\xDB1C.tmp
c:\windows\Internet Logs\xDB1D.tmp
c:\windows\Internet Logs\xDB1E.tmp
c:\windows\Internet Logs\xDB1F.tmp
c:\windows\Internet Logs\xDB20.tmp
c:\windows\Internet Logs\xDB21.tmp
c:\windows\Internet Logs\xDB22.tmp
c:\windows\Internet Logs\xDB23.tmp
c:\windows\Internet Logs\xDB24.tmp
c:\windows\Internet Logs\xDB25.tmp
c:\windows\Internet Logs\xDB26.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB2C.tmp
c:\windows\Internet Logs\xDB2D.tmp
c:\windows\Internet Logs\xDB2E.tmp
c:\windows\Internet Logs\xDB2F.tmp
c:\windows\Internet Logs\xDB30.tmp
c:\windows\Internet Logs\xDB31.tmp
c:\windows\Internet Logs\xDB32.tmp
c:\windows\Internet Logs\xDB33.tmp
c:\windows\Internet Logs\xDB34.tmp
c:\windows\Internet Logs\xDBF.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 13:39 . 2009-06-23 13:40 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-23 13:23 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 13:23 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 13:23 . 2009-06-23 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 09:52 . 2009-06-23 09:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-22 10:59 . 2009-06-23 09:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2009-06-22 09:49 . 2009-06-22 09:49 -------- d-----w- C:\_OTM
2009-06-21 10:57 . 2009-06-23 13:22 -------- d-----w- c:\program files\trend micro
2009-06-21 10:57 . 2009-06-21 11:02 -------- d-----w- C:\rsit
2009-06-07 18:23 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-07 18:17 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-07 18:17 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-07 18:17 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-07 18:17 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-07 18:17 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-07 18:17 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-07 18:17 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-07 18:17 . 2009-02-09 10:56 728064 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-07 18:17 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-07 18:17 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-07 18:17 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-07 18:17 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-07 18:16 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-07 18:15 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-07 18:15 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs-cz
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\l2schemas
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\bits
2009-06-07 17:56 . 2009-06-07 18:00 -------- d-----w- c:\windows\ServicePackFiles
2009-06-03 09:51 . 2009-06-03 09:51 -------- d-----w- c:\program files\Common Files\Skype
2009-06-02 18:36 . 2009-06-03 08:10 -------- d-----w- c:\program files\Google
2009-05-29 13:59 . 2009-05-29 14:03 -------- d--h--w- c:\program files\Zero G Registry
2009-05-29 13:58 . 2009-05-29 13:58 -------- d--h--w- c:\documents and settings\Martin\InstallAnywhere
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 13:50 . 2008-12-21 16:55 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-23 08:46 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 08:46 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-06-08 18:46 . 2008-12-21 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:24 . 2008-12-21 17:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-07 18:03 . 2008-10-26 23:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-07 18:03 . 2008-10-26 23:10 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-03 09:51 . 2009-01-08 16:41 -------- d-----r- c:\program files\Skype
2009-05-30 10:32 . 2009-05-23 12:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-29 16:05 . 2009-05-23 12:29 -------- d-----w- c:\program files\Norton Security Scan
2009-05-28 18:25 . 2008-12-21 16:55 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-05-28 18:25 . 2008-12-21 16:55 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-05-21 20:35 . 2009-05-21 20:35 -------- d-----w- c:\program files\TVAnts
2009-05-09 10:57 . 2009-01-02 13:51 -------- d-----w- c:\program files\hp deskjet 3420 series
2009-05-09 10:55 . 2009-01-02 13:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 15:56 . 2009-05-05 15:56 -------- d-----w- c:\program files\Fractalis Software
2009-05-05 15:56 . 2008-12-21 17:12 720896 ----a-w- c:\windows\iun6002.exe
2009-04-29 04:35 . 2004-08-17 13:49 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:35 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k(2)(2).sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\sysprs7.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-21_14.42.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
+ 2008-12-21 17:16 . 2008-07-09 07:36 18296 c:\windows\system32\spmsg.dll
- 2008-12-21 17:16 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 40128 c:\windows\system32\perfc009.dat
+ 2009-02-20 08:12 . 2009-04-29 04:35 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:12 . 2009-02-20 08:12 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 667136 c:\windows\system32\wininet(2).dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 619520 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 619008 c:\windows\system32\urlmon(2).dll
+ 2004-08-17 13:49 . 2008-04-14 03:21 584704 c:\windows\system32\rpcrt4(5).dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 311740 c:\windows\system32\perfh009.dat
+ 2008-10-26 23:48 . 2009-06-23 11:59 207304 c:\windows\system32\FNTCACHE.DAT
- 2008-10-26 23:48 . 2009-06-21 14:03 207304 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-20 05:10 . 2009-04-29 04:35 667648 c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
- 2004-08-17 13:49 . 2009-03-02 23:11 1499648 c:\windows\system32\shdocvw.dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 1499648 c:\windows\system32\shdocvw.dll
+ 2009-06-21 10:34 . 2009-06-23 09:54 1521584 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-17 13:49 . 2009-04-29 04:35 3089920 c:\windows\system32\mshtml.dll
+ 2008-10-27 13:06 . 2009-04-19 19:52 1847168 c:\windows\system32\dllcache\win32k.sys
- 2008-08-20 05:10 . 2009-03-02 23:11 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 3089920 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-07 18:24 . 2009-06-23 09:10 12749243 c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-12-21 18:46 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21. 12. 2008 19:57 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21. 12. 2008 19:57 20560]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [27. 10. 2008 2:38 32384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30. 12. 2008 22:48 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30. 12. 2008 22:48 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30. 12. 2008 22:48 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30. 12. 2008 22:48 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30. 12. 2008 22:48 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30. 12. 2008 22:48 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30. 12. 2008 22:48 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Connection Wizard,ShellNext = hxxp://store.adobe.com/store/general/re ... 1412758414
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 16:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):db,75,47,12,96,6d,8a,37,9a,b8,50,51,d6,cf,0a,1a,a1,c4,50,44,e3,
4d,5e,0f,4f,db,1c,f0,e0,2f,60,6f,2c,d2,3d,16,57,2d,cf,7a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f6b12322-7ebf-4a36-a9d6-4bb46c13c95c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,a9,bb,7a,82,01,cb,69,2c,b8,c1,05,42,6b,6a,\
.
Celkový čas: 2009-06-23 16:54
ComboFix-quarantined-files.txt 2009-06-23 14:54
ComboFix2.txt 2009-06-23 13:50
ComboFix3.txt 2009-06-21 14:44
Před spuštěním: 3 083 063 296
Po spuštění: 3 071 922 176
283 --- E O F --- 2009-06-23 10:15
--------------------------------------------------------------------------------------------------
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:37, on 23. 6. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/store/general/re ... 1412758414
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6459 bytes
ComboFix 09-06-20.02 - Martin . 06. 2009 16:49.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.432 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090501-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\eReg.dat"
"c:\windows\Internet Logs\tvDebug.zip"
"c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip"
"c:\windows\Internet Logs\xDB10.tmp"
"c:\windows\Internet Logs\xDB11.tmp"
"c:\windows\Internet Logs\xDB12.tmp"
"c:\windows\Internet Logs\xDB13.tmp"
"c:\windows\Internet Logs\xDB14.tmp"
"c:\windows\Internet Logs\xDB15.tmp"
"c:\windows\Internet Logs\xDB16.tmp"
"c:\windows\Internet Logs\xDB17.tmp"
"c:\windows\Internet Logs\xDB18.tmp"
"c:\windows\Internet Logs\xDB19.tmp"
"c:\windows\Internet Logs\xDB1A.tmp"
"c:\windows\Internet Logs\xDB1B.tmp"
"c:\windows\Internet Logs\xDB1C.tmp"
"c:\windows\Internet Logs\xDB1D.tmp"
"c:\windows\Internet Logs\xDB1E.tmp"
"c:\windows\Internet Logs\xDB1F.tmp"
"c:\windows\Internet Logs\xDB20.tmp"
"c:\windows\Internet Logs\xDB21.tmp"
"c:\windows\Internet Logs\xDB22.tmp"
"c:\windows\Internet Logs\xDB23.tmp"
"c:\windows\Internet Logs\xDB24.tmp"
"c:\windows\Internet Logs\xDB25.tmp"
"c:\windows\Internet Logs\xDB26.tmp"
"c:\windows\Internet Logs\xDB27.tmp"
"c:\windows\Internet Logs\xDB28.tmp"
"c:\windows\Internet Logs\xDB29.tmp"
"c:\windows\Internet Logs\xDB2A.tmp"
"c:\windows\Internet Logs\xDB2B.tmp"
"c:\windows\Internet Logs\xDB2C.tmp"
"c:\windows\Internet Logs\xDB2D.tmp"
"c:\windows\Internet Logs\xDB2E.tmp"
"c:\windows\Internet Logs\xDB2F.tmp"
"c:\windows\Internet Logs\xDB30.tmp"
"c:\windows\Internet Logs\xDB31.tmp"
"c:\windows\Internet Logs\xDB32.tmp"
"c:\windows\Internet Logs\xDB33.tmp"
"c:\windows\Internet Logs\xDB34.tmp"
"c:\windows\Internet Logs\xDBF.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\eReg.dat
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2009_06_22_22_16_28_small.dmp.zip
c:\windows\Internet Logs\xDB10.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\Internet Logs\xDB12.tmp
c:\windows\Internet Logs\xDB13.tmp
c:\windows\Internet Logs\xDB14.tmp
c:\windows\Internet Logs\xDB15.tmp
c:\windows\Internet Logs\xDB16.tmp
c:\windows\Internet Logs\xDB17.tmp
c:\windows\Internet Logs\xDB18.tmp
c:\windows\Internet Logs\xDB19.tmp
c:\windows\Internet Logs\xDB1A.tmp
c:\windows\Internet Logs\xDB1B.tmp
c:\windows\Internet Logs\xDB1C.tmp
c:\windows\Internet Logs\xDB1D.tmp
c:\windows\Internet Logs\xDB1E.tmp
c:\windows\Internet Logs\xDB1F.tmp
c:\windows\Internet Logs\xDB20.tmp
c:\windows\Internet Logs\xDB21.tmp
c:\windows\Internet Logs\xDB22.tmp
c:\windows\Internet Logs\xDB23.tmp
c:\windows\Internet Logs\xDB24.tmp
c:\windows\Internet Logs\xDB25.tmp
c:\windows\Internet Logs\xDB26.tmp
c:\windows\Internet Logs\xDB27.tmp
c:\windows\Internet Logs\xDB28.tmp
c:\windows\Internet Logs\xDB29.tmp
c:\windows\Internet Logs\xDB2A.tmp
c:\windows\Internet Logs\xDB2B.tmp
c:\windows\Internet Logs\xDB2C.tmp
c:\windows\Internet Logs\xDB2D.tmp
c:\windows\Internet Logs\xDB2E.tmp
c:\windows\Internet Logs\xDB2F.tmp
c:\windows\Internet Logs\xDB30.tmp
c:\windows\Internet Logs\xDB31.tmp
c:\windows\Internet Logs\xDB32.tmp
c:\windows\Internet Logs\xDB33.tmp
c:\windows\Internet Logs\xDB34.tmp
c:\windows\Internet Logs\xDBF.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 13:39 . 2009-06-23 13:40 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-23 13:23 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 13:23 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 13:23 . 2009-06-23 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 09:52 . 2009-06-23 09:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-22 10:59 . 2009-06-23 09:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací
2009-06-22 09:49 . 2009-06-22 09:49 -------- d-----w- C:\_OTM
2009-06-21 10:57 . 2009-06-23 13:22 -------- d-----w- c:\program files\trend micro
2009-06-21 10:57 . 2009-06-21 11:02 -------- d-----w- C:\rsit
2009-06-07 18:23 . 2009-05-28 18:25 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-07 18:17 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-07 18:17 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-07 18:17 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-07 18:17 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-07 18:17 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-07 18:17 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-07 18:17 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-07 18:17 . 2009-02-09 10:56 728064 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-07 18:17 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-07 18:17 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-07 18:17 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-07 18:17 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-07 18:16 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-07 18:15 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-07 18:15 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs-cz
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\l2schemas
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\cs
2009-06-07 17:59 . 2009-06-07 17:59 -------- d-----w- c:\windows\system32\bits
2009-06-07 17:56 . 2009-06-07 18:00 -------- d-----w- c:\windows\ServicePackFiles
2009-06-03 09:51 . 2009-06-03 09:51 -------- d-----w- c:\program files\Common Files\Skype
2009-06-02 18:36 . 2009-06-03 08:10 -------- d-----w- c:\program files\Google
2009-05-29 13:59 . 2009-05-29 14:03 -------- d--h--w- c:\program files\Zero G Registry
2009-05-29 13:58 . 2009-05-29 13:58 -------- d--h--w- c:\documents and settings\Martin\InstallAnywhere
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 13:50 . 2008-12-21 16:55 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-23 08:46 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 08:46 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2009-06-08 18:46 . 2008-12-21 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:24 . 2008-12-21 17:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-07 18:03 . 2008-10-26 23:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-07 18:03 . 2008-10-26 23:10 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-03 09:51 . 2009-01-08 16:41 -------- d-----r- c:\program files\Skype
2009-05-30 10:32 . 2009-05-23 12:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-29 16:05 . 2009-05-23 12:29 -------- d-----w- c:\program files\Norton Security Scan
2009-05-28 18:25 . 2008-12-21 16:55 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-05-28 18:25 . 2008-12-21 16:55 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-05-21 20:35 . 2009-05-21 20:35 -------- d-----w- c:\program files\TVAnts
2009-05-09 10:57 . 2009-01-02 13:51 -------- d-----w- c:\program files\hp deskjet 3420 series
2009-05-09 10:55 . 2009-01-02 13:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 15:56 . 2009-05-05 15:56 -------- d-----w- c:\program files\Fractalis Software
2009-05-05 15:56 . 2008-12-21 17:12 720896 ----a-w- c:\windows\iun6002.exe
2009-04-29 04:35 . 2004-08-17 13:49 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:35 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k(2)(2).sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4(2)(2).dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-04-10 09:52 . 2009-04-10 09:52 1025 ----a-w- c:\windows\system32\sysprs7.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-21_14.42.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-06-23 12:35 . 2009-06-23 12:35 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
+ 2008-12-21 17:16 . 2008-07-09 07:36 18296 c:\windows\system32\spmsg.dll
- 2008-12-21 17:16 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 40128 c:\windows\system32\perfc009.dat
+ 2009-02-20 08:12 . 2009-04-29 04:35 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:12 . 2009-02-20 08:12 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 667136 c:\windows\system32\wininet(2).dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 619520 c:\windows\system32\urlmon.dll
+ 2004-08-17 13:49 . 2009-02-20 08:12 619008 c:\windows\system32\urlmon(2).dll
+ 2004-08-17 13:49 . 2008-04-14 03:21 584704 c:\windows\system32\rpcrt4(5).dll
+ 2001-10-25 14:00 . 2009-06-23 08:46 311740 c:\windows\system32\perfh009.dat
+ 2008-10-26 23:48 . 2009-06-23 11:59 207304 c:\windows\system32\FNTCACHE.DAT
- 2008-10-26 23:48 . 2009-06-21 14:03 207304 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-20 05:10 . 2009-04-29 04:35 667648 c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-15 14:54 . 2009-04-15 14:54 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:33 . 2009-05-07 15:33 346624 c:\windows\system32\dllcache\localspl.dll
- 2004-08-17 13:49 . 2009-03-02 23:11 1499648 c:\windows\system32\shdocvw.dll
+ 2004-08-17 13:49 . 2009-04-29 04:35 1499648 c:\windows\system32\shdocvw.dll
+ 2009-06-21 10:34 . 2009-06-23 09:54 1521584 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-17 13:49 . 2009-04-29 04:35 3089920 c:\windows\system32\mshtml.dll
+ 2008-10-27 13:06 . 2009-04-19 19:52 1847168 c:\windows\system32\dllcache\win32k.sys
- 2008-08-20 05:10 . 2009-03-02 23:11 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 1499648 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:10 . 2009-04-29 04:35 3089920 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-07 18:24 . 2009-06-23 09:10 12749243 c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-12-21 18:46 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-29 188416]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-28 1005960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21. 12. 2008 19:57 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21. 12. 2008 19:57 20560]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [27. 10. 2008 2:38 32384]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30. 12. 2008 22:48 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30. 12. 2008 22:48 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30. 12. 2008 22:48 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30. 12. 2008 22:48 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30. 12. 2008 22:48 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30. 12. 2008 22:48 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30. 12. 2008 22:48 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Connection Wizard,ShellNext = hxxp://store.adobe.com/store/general/re ... 1412758414
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 16:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):db,75,47,12,96,6d,8a,37,9a,b8,50,51,d6,cf,0a,1a,a1,c4,50,44,e3,
4d,5e,0f,4f,db,1c,f0,e0,2f,60,6f,2c,d2,3d,16,57,2d,cf,7a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f6b12322-7ebf-4a36-a9d6-4bb46c13c95c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,a9,bb,7a,82,01,cb,69,2c,b8,c1,05,42,6b,6a,\
.
Celkový čas: 2009-06-23 16:54
ComboFix-quarantined-files.txt 2009-06-23 14:54
ComboFix2.txt 2009-06-23 13:50
ComboFix3.txt 2009-06-21 14:44
Před spuštěním: 3 083 063 296
Po spuštění: 3 071 922 176
283 --- E O F --- 2009-06-23 10:15
--------------------------------------------------------------------------------------------------
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:37, on 23. 6. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/store/general/re ... 1412758414
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6459 bytes
-
- Mohlo by vás zajímat
- Odpovědi
- Zobrazení
- Poslední příspěvek
-
- 9
- 1724
-
od Elbeckho
Zobrazit poslední příspěvek
02 pro 2024 15:23
-
- 9
- 4725
-
od Alferi
Zobrazit poslední příspěvek
19 lis 2024 07:58
-
- 19
- 17971
-
od RIKI22
Zobrazit poslední příspěvek
06 kvě 2025 22:44
Zpět na “Problémy s hardwarem”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů