Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:43, on 18.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Milan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{afa0db72-d709-4aa1-88bf-28cd3d51869b} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F8C6D1F-1995-40EF-9CAA-3ECC40F19A87} - C:\WINDOWS\system32\efcDVllL.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Milan\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {C30CC15C-F138-45F4-9D8C-56B6F519D3C7} - C:\WINDOWS\system32\efcYOeCv.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] F:\honza\gta\gta4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {3BA4271E-5C1E-48E2-B432-D8BF420DD31D} - http://scanning-computer-online.com/dow ... nstall.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} (ICAHsmEngine Class) - https://ib24.csob.cz/comp/ICAHsmEngine.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://kamery.ovanet.cz/activex/AxisCamControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: efcDVllL - efcDVllL.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
--
End of file - 14338 bytes
Prosím o kontrolu Logu
Prosím o kontrolu Logu
Naposledy upravil(a) Beliq dne 18 srp 2009 16:59, celkem upraveno 1 x.
Re: Prosím o kontrolu Logu
btw toolbary a takové věci vůbec nepoužívám a jak se dívám je tam toho hodně,, ( instaluje to otec když si instaluje nějakou aplikaci,, a teď to začalo cca minutu načítat jak najede PC ) hry se můžou a další věci ohledně nich jako steam atd smazat nepoužívá se tady,, ( bratr ) díky
Re: Prosím o kontrolu Logu
Ahoj. Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Vloz sem obsah DDS.txt.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu Logu
DDS (Ver_09-07-30.01) - NTFSx86
Run by Milan at 18:56:20,18 on Łt 18.08.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2757 [GMT 2:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\WTMKM.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Milan\Plocha\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://search.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\milan\data aplikací\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\program files\icqtoolbar\toolbaru.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} - c:\windows\system32\efcDVllL.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\milan\data aplikací\microsoft\internet explorer\qipsearchbar.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {c30cc15c-f138-45f4-9d8c-56b6f519d3c7} - c:\windows\system32\efcYOeCv.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ETS Findbar: {edb7fe49-617e-4a16-b585-1521c0ac9fcf} - c:\program files\ets\tbET1.dll
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [RGSC] f:\honza\gta\gta4\rockstar games social club\RGSCLauncher.exe /silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [FlashGet] "c:\program files\flashget network\flashget universal\FlashGet.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [MacrokeyManager] WTMKM.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\internet download manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\internet download manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\internet download manager\IEGetAll.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: csob.cz\ib24
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {3BA4271E-5C1E-48E2-B432-D8BF420DD31D} - hxxp://scanning-computer-online.com/dow ... nstall.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://ib24.csob.cz/comp/ICAHsmEngine.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://kamery.ovanet.cz/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: efcDVllL - efcDVllL.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} - c:\windows\system32\efcDVllL.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcYOeCv
LSA: Notification Packages = scecli scecli scecli
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\milan\dataap~1\mozilla\firefox\profiles\j664568f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\milan\data aplikací\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-25 12552]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2009-2-21 22272]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-25 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-25 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-25 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-15 138624]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-25 297752]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2008-4-4 61776]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-9-24 69120]
R3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [2008-4-4 195263]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S3 arusb(TP-LINK);TP-LINK TL-WN821N 11N Wireless Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [2009-3-16 418304]
=============== Created Last 30 ================
2009-08-18 16:37 <DIR> --d----- c:\program files\Trend Micro
2009-08-16 16:47 120,568 -------- c:\windows\system32\pxcpyi64.exe
2009-08-16 16:47 118,256 -------- c:\windows\system32\pxinsi64.exe
2009-08-03 10:37 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-03 10:37 1,409 a------- c:\windows\QTFont.for
2009-07-31 21:11 <DIR> --d----- c:\docume~1\milan\dataap~1\BITS
2009-07-31 21:09 <DIR> --d----- C:\profiles
2009-07-31 21:09 <DIR> --d----- c:\program files\FlashGet Network
2009-07-25 11:24 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-25 11:18 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-25 11:18 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-25 11:18 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-25 11:17 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-25 11:17 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-25 11:17 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\AVG Security Toolbar
2009-07-25 11:17 <DIR> --d----- c:\program files\AVG
2009-07-25 11:17 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\avg8
2009-07-24 21:31 2,194 a------- c:\windows\SmartMapsEvropa.INI
2009-07-24 21:25 <DIR> --d----- c:\program files\PLANstudio
2009-07-21 16:01 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\STORMWARE
2009-07-21 15:32 345,600 a------- c:\windows\system\qtim32.dll
2009-07-21 15:26 117 a------- c:\windows\StwPh.INI
2009-07-21 15:20 12 a------- c:\windows\system32\trip.phd
==================== Find3M ====================
2009-07-15 09:29 427,336 a------- c:\windows\system32\perfh005.dat
2009-07-15 09:29 77,706 a------- c:\windows\system32\perfc005.dat
2009-07-08 12:13 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-06-29 18:00 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 17:59 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 17:59 17,408 a------- c:\windows\system32\corpol.dll
2009-06-21 17:29 386,568 a------- c:\docume~1\milan\dataap~1\GDIPFONTCACHEV1.DAT
2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-04 13:21 189,472 a------- c:\windows\system32\PnkBstrB.exe
2009-06-04 09:40 129,520 -------- c:\windows\system32\pxafs.dll
2009-06-03 21:11 1,293,824 a------- c:\windows\system32\quartz.dll
2009-04-12 22:32 22,328 a------- c:\docume~1\milan\dataap~1\PnkBstrK.sys
2008-04-04 17:53 32 a------- c:\docume~1\alluse~1\dataap~1\ezsid.dat
2001-01-11 09:02 794,624 a------- c:\windows\inf\other\audio3d.dll
2008-07-22 21:14 14,912 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-07-05 09:46 428,959 a--sh--- c:\windows\system32\vCeOYcfe.ini2
2009-04-12 15:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041220090413\index.dat
============= FINISH: 18:57:29,10 ===============
Run by Milan at 18:56:20,18 on Łt 18.08.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2757 [GMT 2:00]
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\WTMKM.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Milan\Plocha\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://search.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\milan\data aplikací\microsoft\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\program files\icqtoolbar\toolbaru.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} - c:\windows\system32\efcDVllL.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - c:\documents and settings\milan\data aplikací\microsoft\internet explorer\qipsearchbar.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {c30cc15c-f138-45f4-9d8c-56b6f519d3c7} - c:\windows\system32\efcYOeCv.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ETS Findbar: {edb7fe49-617e-4a16-b585-1521c0ac9fcf} - c:\program files\ets\tbET1.dll
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [RGSC] f:\honza\gta\gta4\rockstar games social club\RGSCLauncher.exe /silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [FlashGet] "c:\program files\flashget network\flashget universal\FlashGet.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [MacrokeyManager] WTMKM.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\internet download manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\internet download manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\internet download manager\IEGetAll.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: csob.cz\ib24
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {3BA4271E-5C1E-48E2-B432-D8BF420DD31D} - hxxp://scanning-computer-online.com/dow ... nstall.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://ib24.csob.cz/comp/ICAHsmEngine.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://kamery.ovanet.cz/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: efcDVllL - efcDVllL.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} - c:\windows\system32\efcDVllL.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcYOeCv
LSA: Notification Packages = scecli scecli scecli
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\milan\dataap~1\mozilla\firefox\profiles\j664568f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\milan\data aplikací\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-25 12552]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2009-2-21 22272]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-25 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-25 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-25 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-15 138624]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-25 297752]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2008-4-4 61776]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-9-24 69120]
R3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [2008-4-4 195263]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S3 arusb(TP-LINK);TP-LINK TL-WN821N 11N Wireless Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [2009-3-16 418304]
=============== Created Last 30 ================
2009-08-18 16:37 <DIR> --d----- c:\program files\Trend Micro
2009-08-16 16:47 120,568 -------- c:\windows\system32\pxcpyi64.exe
2009-08-16 16:47 118,256 -------- c:\windows\system32\pxinsi64.exe
2009-08-03 10:37 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-03 10:37 1,409 a------- c:\windows\QTFont.for
2009-07-31 21:11 <DIR> --d----- c:\docume~1\milan\dataap~1\BITS
2009-07-31 21:09 <DIR> --d----- C:\profiles
2009-07-31 21:09 <DIR> --d----- c:\program files\FlashGet Network
2009-07-25 11:24 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-25 11:18 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-25 11:18 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-25 11:18 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-25 11:17 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-25 11:17 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-25 11:17 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\AVG Security Toolbar
2009-07-25 11:17 <DIR> --d----- c:\program files\AVG
2009-07-25 11:17 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\avg8
2009-07-24 21:31 2,194 a------- c:\windows\SmartMapsEvropa.INI
2009-07-24 21:25 <DIR> --d----- c:\program files\PLANstudio
2009-07-21 16:01 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\STORMWARE
2009-07-21 15:32 345,600 a------- c:\windows\system\qtim32.dll
2009-07-21 15:26 117 a------- c:\windows\StwPh.INI
2009-07-21 15:20 12 a------- c:\windows\system32\trip.phd
==================== Find3M ====================
2009-07-15 09:29 427,336 a------- c:\windows\system32\perfh005.dat
2009-07-15 09:29 77,706 a------- c:\windows\system32\perfc005.dat
2009-07-08 12:13 73,312 a------- c:\windows\system32\drivers\adfs.sys
2009-06-29 18:00 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 17:59 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 17:59 17,408 a------- c:\windows\system32\corpol.dll
2009-06-21 17:29 386,568 a------- c:\docume~1\milan\dataap~1\GDIPFONTCACHEV1.DAT
2009-06-16 16:40 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:40 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-04 13:21 189,472 a------- c:\windows\system32\PnkBstrB.exe
2009-06-04 09:40 129,520 -------- c:\windows\system32\pxafs.dll
2009-06-03 21:11 1,293,824 a------- c:\windows\system32\quartz.dll
2009-04-12 22:32 22,328 a------- c:\docume~1\milan\dataap~1\PnkBstrK.sys
2008-04-04 17:53 32 a------- c:\docume~1\alluse~1\dataap~1\ezsid.dat
2001-01-11 09:02 794,624 a------- c:\windows\inf\other\audio3d.dll
2008-07-22 21:14 14,912 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-07-05 09:46 428,959 a--sh--- c:\windows\system32\vCeOYcfe.ini2
2009-04-12 15:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041220090413\index.dat
============= FINISH: 18:57:29,10 ===============
Re: Prosím o kontrolu Logu
Stiahni ComboFix - NESPUSTAT.
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Subory som zatial mazat nedal, uvidime, co nato povie samotny CF. Keby ich nemazal, posleme ich autorovi na analyzu, aby si s nimi v buducnosti poradil aj sam :)
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
DDS::
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} - c:\windows\system32\efcDVllL.dll
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\program files\icqtoolbar\toolbaru.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: {c30cc15c-f138-45f4-9d8c-56b6f519d3c7} - c:\windows\system32\efcYOeCv.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {3BA4271E-5C1E-48E2-B432-D8BF420DD31D} - hxxp://scanning-computer-online.com/dow ... nstall.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://ib24.csob.cz/comp/ICAHsmEngine.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://kamery.ovanet.cz/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Notify: efcDVllL - efcDVllL.dll
SEH: {2f8c6d1f-1995-40ef-9caa-3ecc40f19a87} - c:\windows\system32\efcDVllL.dllUloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Subory som zatial mazat nedal, uvidime, co nato povie samotny CF. Keby ich nemazal, posleme ich autorovi na analyzu, aby si s nimi v buducnosti poradil aj sam :)
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu Logu
Tak vyjelo mi potom tohle
ComboFix 09-08-10.06 - Milan 19.08.2009 0:44.5.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2775 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Milan\Plocha\Pophoda\Nová složka\AVG Internet Security AVG Antivirus 8.0 Guvenlik seti full 1428\Cal?san linkler\Desktop_.ini
c:\program files\daemon tools toolbar\DTToolbar.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-18 do 2009-08-18 )))))))))))))))))))))))))))))))
.
2009-08-18 14:37 . 2009-08-18 14:37 -------- d-----w- c:\program files\Trend Micro
2009-08-16 14:47 . 2009-06-04 07:40 120568 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-16 14:47 . 2009-06-04 07:40 118256 ------w- c:\windows\system32\pxinsi64.exe
2009-07-31 19:09 . 2009-07-31 19:09 -------- d-----w- C:\profiles
2009-07-25 09:24 . 2009-07-25 10:47 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-25 09:18 . 2009-07-31 15:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-25 09:18 . 2009-07-25 09:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-25 09:18 . 2009-07-25 09:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-25 09:17 . 2009-07-31 15:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-25 09:17 . 2009-07-31 15:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-25 09:17 . 2009-08-18 15:36 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-25 09:17 . 2009-07-25 09:17 -------- d-----w- c:\program files\AVG
2009-07-24 19:25 . 2009-07-24 19:25 -------- d-----w- c:\program files\PLANstudio
2009-07-21 13:32 . 1997-08-21 16:44 345600 ----a-w- c:\windows\system\qtim32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 23:11 . 2009-02-09 13:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-18 14:56 . 2008-04-04 15:52 -------- d-----w- c:\program files\Google
2009-08-18 14:55 . 2009-03-12 07:48 -------- d-----w- c:\program files\ETS Browser
2009-08-04 08:35 . 2009-05-23 14:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 08:02 . 2008-04-08 10:47 -------- d-----w- c:\program files\FlashGet
2009-07-22 16:25 . 2008-04-12 12:22 -------- d-----w- c:\program files\ZodiacEdit
2009-07-21 13:12 . 2008-04-04 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 06:48 . 2009-05-16 13:42 -------- d-----w- c:\program files\Topaz Labs
2009-07-15 07:29 . 2001-10-25 14:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2009-07-15 07:29 . 2001-10-25 14:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2009-07-09 12:40 . 2009-07-09 12:40 -------- d-----w- c:\program files\Altostorm
2009-07-08 15:04 . 2009-07-08 15:01 -------- d-----w- c:\program files\POI FINDER Basic
2009-07-08 10:13 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-07-08 09:37 . 2009-07-08 08:56 -------- d-----w- c:\program files\NOS
2009-07-07 19:34 . 2008-04-04 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-29 16:00 . 2002-09-20 18:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2008-04-04 14:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2001-10-25 14:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2001-10-25 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 14:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-04 11:21 . 2008-04-05 16:31 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-04 11:21 . 2008-04-05 16:31 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-04 07:40 . 2008-04-07 05:15 43872 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-06-04 07:40 . 2008-04-07 05:15 129520 ------w- c:\windows\system32\pxafs.dll
2009-06-03 19:11 . 2002-09-20 18:04 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-07-22 19:14 . 2008-07-22 19:14 14912 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"MacrokeyManager"="WTMKM.exe" - c:\windows\system32\WTMKM.exe [2008-07-30 1969824]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2001-10-22 1216512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 15:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [25.7.2009 11:18 12552]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [21.2.2009 12:32 22272]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25.7.2009 11:17 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25.7.2009 11:18 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.11.2008 10:48 138624]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.7.2009 11:17 297752]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [4.4.2008 18:47 61776]
R3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [4.4.2008 17:21 195263]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2009 16:31 133104]
S3 arusb(TP-LINK);TP-LINK TL-WN821N 11N Wireless Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [16.3.2009 20:15 418304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-09 14:31]
2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-09 14:31]
2009-08-18 c:\windows\Tasks\User_Feed_Synchronization-{10E7F040-FD9A-4B7E-9788-9AF01E7445CD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: csob.cz\ib24
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\j664568f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Milan\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 01:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1123561945-1644491937-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,65,b0,da,21,17,67,45,da,af,5a,b2,81,8b,2c,ac,de,f3,dd,70,e5,
d3,83,02,bf,7b,02,44,b2,e4,96,90,b7,ae,98,fd,bb,0c,09,d0,7b,95,d7,23,72,e3,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{30434f8d-a53c-42d8-8df5-bd7ef00eef16}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007a
"Therad"=dword:00000019
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,36,7c,66,cb,53,f2,0f,21,c5,23,23,e2,f0,e7,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,04,6b,32,33,71,
e0,73,94,2e,e8,e1,00,eb,16,2b,de,b4,5c,e3,05,f3,5c,14,ec,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,42,da,7b,c7,d2,
28,1b,31,46,47,15,b0,92,4b,c7,ef,fc,9e,df,72,48,33,f8,f6,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f8,f9,9f,b7,69,
d5,88,22,7a,45,05,fd,91,e8,6f,31,0f,94,eb,08,41,46,16,c5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,71,63,bc,d4,22,
2b,89,83,6b,65,49,6a,7e,99,74,f7,11,2e,0f,23,60,85,76,0f,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ae,a6,84,7c,6e,2c,9e,fa,96,42,d4,01,c8,76,1d,37,51,0a,ff,30,d9,
06,aa,18,8b,70,ff,cb,48,da,9e,74,5e,a0,d2,14,5e,c0,4f,64,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,98,7d,e3,e3,f7,
37,2f,1c,e9,02,6c,fa,fb,1d,47,57,46,44,d1,57,82,6c,a3,35,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,d9,23,6a,e2,62,
50,0d,fb,50,93,e5,ab,ec,6a,4e,ab,7d,a2,de,f4,c8,68,de,b3,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,06,98,1f,fa,ca,
a8,aa,dd,97,20,4e,9a,c7,f1,35,ee,76,8c,0e,fd,0e,58,ad,17,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e0,68,67,ee,ab,
b6,45,67,aa,52,c6,00,84,3c,26,64,b6,25,27,e1,f0,ea,74,a6,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,20,60,e5,bb,12,
db,7f,ea,b2,46,9a,e2,1b,fe,1b,94,72,2c,1e,48,eb,db,b9,e8,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,e1,fc,c0,77,e3,
df,4a,01,37,a4,aa,c3,a6,15,56,0a,28,88,b6,22,b9,b5,a0,43,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,12,8b,4a,27,b6,
c8,cc,9e,f8,31,0f,a9,5f,a0,ec,fb,73,0e,15,9a,fb,32,5b,11,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a1,b5,fb,e4,4a,
b0,75,ad,05,73,21,dd,54,d8,4a,c5,1d,8f,60,00,7d,bf,ce,32,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\SecureStoreCSP.dll
c:\windows\system32\SecureStorePKCS11.dll
c:\windows\system32\lowlevel.dll
c:\windows\system32\CommonUtils.dll
c:\windows\system32\LIBEAY32_098.dll
c:\windows\system32\STM4XW32.dll
c:\windows\system32\scardspen.dll
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\msi.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\atwtusb.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Celkový čas: 2009-08-18 1:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-18 23:22
ComboFix2.txt 2009-08-18 18:49
Před spuštěním: Volných bajtů: 18 161 467 392
Po spuštění: Volných bajtů: 18 103 238 656
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
301 --- E O F --- 2009-08-03 23:17
[*]
ComboFix 09-08-10.06 - Milan 19.08.2009 0:44.5.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2775 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Milan\Plocha\Pophoda\Nová složka\AVG Internet Security AVG Antivirus 8.0 Guvenlik seti full 1428\Cal?san linkler\Desktop_.ini
c:\program files\daemon tools toolbar\DTToolbar.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-18 do 2009-08-18 )))))))))))))))))))))))))))))))
.
2009-08-18 14:37 . 2009-08-18 14:37 -------- d-----w- c:\program files\Trend Micro
2009-08-16 14:47 . 2009-06-04 07:40 120568 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-16 14:47 . 2009-06-04 07:40 118256 ------w- c:\windows\system32\pxinsi64.exe
2009-07-31 19:09 . 2009-07-31 19:09 -------- d-----w- C:\profiles
2009-07-25 09:24 . 2009-07-25 10:47 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-25 09:18 . 2009-07-31 15:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-25 09:18 . 2009-07-25 09:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-25 09:18 . 2009-07-25 09:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-25 09:17 . 2009-07-31 15:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-25 09:17 . 2009-07-31 15:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-25 09:17 . 2009-08-18 15:36 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-25 09:17 . 2009-07-25 09:17 -------- d-----w- c:\program files\AVG
2009-07-24 19:25 . 2009-07-24 19:25 -------- d-----w- c:\program files\PLANstudio
2009-07-21 13:32 . 1997-08-21 16:44 345600 ----a-w- c:\windows\system\qtim32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 23:11 . 2009-02-09 13:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-18 14:56 . 2008-04-04 15:52 -------- d-----w- c:\program files\Google
2009-08-18 14:55 . 2009-03-12 07:48 -------- d-----w- c:\program files\ETS Browser
2009-08-04 08:35 . 2009-05-23 14:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 08:02 . 2008-04-08 10:47 -------- d-----w- c:\program files\FlashGet
2009-07-22 16:25 . 2008-04-12 12:22 -------- d-----w- c:\program files\ZodiacEdit
2009-07-21 13:12 . 2008-04-04 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 06:48 . 2009-05-16 13:42 -------- d-----w- c:\program files\Topaz Labs
2009-07-15 07:29 . 2001-10-25 14:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2009-07-15 07:29 . 2001-10-25 14:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2009-07-09 12:40 . 2009-07-09 12:40 -------- d-----w- c:\program files\Altostorm
2009-07-08 15:04 . 2009-07-08 15:01 -------- d-----w- c:\program files\POI FINDER Basic
2009-07-08 10:13 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-07-08 09:37 . 2009-07-08 08:56 -------- d-----w- c:\program files\NOS
2009-07-07 19:34 . 2008-04-04 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-29 16:00 . 2002-09-20 18:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2008-04-04 14:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2001-10-25 14:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2001-10-25 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2001-10-25 14:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-04 11:21 . 2008-04-05 16:31 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-04 11:21 . 2008-04-05 16:31 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-04 07:40 . 2008-04-07 05:15 43872 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-06-04 07:40 . 2008-04-07 05:15 129520 ------w- c:\windows\system32\pxafs.dll
2009-06-03 19:11 . 2002-09-20 18:04 1293824 ----a-w- c:\windows\system32\quartz.dll
2008-07-22 19:14 . 2008-07-22 19:14 14912 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"MacrokeyManager"="WTMKM.exe" - c:\windows\system32\WTMKM.exe [2008-07-30 1969824]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2001-10-22 1216512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 15:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [25.7.2009 11:18 12552]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [21.2.2009 12:32 22272]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25.7.2009 11:17 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25.7.2009 11:18 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [15.11.2008 10:48 138624]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.7.2009 11:17 297752]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [4.4.2008 18:47 61776]
R3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [4.4.2008 17:21 195263]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2009 16:31 133104]
S3 arusb(TP-LINK);TP-LINK TL-WN821N 11N Wireless Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [16.3.2009 20:15 418304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-09 14:31]
2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-09 14:31]
2009-08-18 c:\windows\Tasks\User_Feed_Synchronization-{10E7F040-FD9A-4B7E-9788-9AF01E7445CD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: csob.cz\ib24
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\j664568f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Milan\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 01:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1123561945-1644491937-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,65,b0,da,21,17,67,45,da,af,5a,b2,81,8b,2c,ac,de,f3,dd,70,e5,
d3,83,02,bf,7b,02,44,b2,e4,96,90,b7,ae,98,fd,bb,0c,09,d0,7b,95,d7,23,72,e3,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{30434f8d-a53c-42d8-8df5-bd7ef00eef16}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007a
"Therad"=dword:00000019
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,36,7c,66,cb,53,f2,0f,21,c5,23,23,e2,f0,e7,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,04,6b,32,33,71,
e0,73,94,2e,e8,e1,00,eb,16,2b,de,b4,5c,e3,05,f3,5c,14,ec,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,42,da,7b,c7,d2,
28,1b,31,46,47,15,b0,92,4b,c7,ef,fc,9e,df,72,48,33,f8,f6,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f8,f9,9f,b7,69,
d5,88,22,7a,45,05,fd,91,e8,6f,31,0f,94,eb,08,41,46,16,c5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,71,63,bc,d4,22,
2b,89,83,6b,65,49,6a,7e,99,74,f7,11,2e,0f,23,60,85,76,0f,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ae,a6,84,7c,6e,2c,9e,fa,96,42,d4,01,c8,76,1d,37,51,0a,ff,30,d9,
06,aa,18,8b,70,ff,cb,48,da,9e,74,5e,a0,d2,14,5e,c0,4f,64,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,98,7d,e3,e3,f7,
37,2f,1c,e9,02,6c,fa,fb,1d,47,57,46,44,d1,57,82,6c,a3,35,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,d9,23,6a,e2,62,
50,0d,fb,50,93,e5,ab,ec,6a,4e,ab,7d,a2,de,f4,c8,68,de,b3,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,06,98,1f,fa,ca,
a8,aa,dd,97,20,4e,9a,c7,f1,35,ee,76,8c,0e,fd,0e,58,ad,17,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,e0,68,67,ee,ab,
b6,45,67,aa,52,c6,00,84,3c,26,64,b6,25,27,e1,f0,ea,74,a6,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,20,60,e5,bb,12,
db,7f,ea,b2,46,9a,e2,1b,fe,1b,94,72,2c,1e,48,eb,db,b9,e8,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,e1,fc,c0,77,e3,
df,4a,01,37,a4,aa,c3,a6,15,56,0a,28,88,b6,22,b9,b5,a0,43,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,12,8b,4a,27,b6,
c8,cc,9e,f8,31,0f,a9,5f,a0,ec,fb,73,0e,15,9a,fb,32,5b,11,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a1,b5,fb,e4,4a,
b0,75,ad,05,73,21,dd,54,d8,4a,c5,1d,8f,60,00,7d,bf,ce,32,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(972)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\SecureStoreCSP.dll
c:\windows\system32\SecureStorePKCS11.dll
c:\windows\system32\lowlevel.dll
c:\windows\system32\CommonUtils.dll
c:\windows\system32\LIBEAY32_098.dll
c:\windows\system32\STM4XW32.dll
c:\windows\system32\scardspen.dll
- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\msi.dll
c:\windows\system32\nvappfilter.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\atwtusb.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Celkový čas: 2009-08-18 1:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-18 23:22
ComboFix2.txt 2009-08-18 18:49
Před spuštěním: Volných bajtů: 18 161 467 392
Po spuštění: Volných bajtů: 18 103 238 656
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
301 --- E O F --- 2009-08-03 23:17
[*]
Re: Prosím o kontrolu Logu
Tak jsem hodil restart ale furt to nabíhá stejně,, cca 2Minuty jsem stopoval, a vypadá to že najíždí ty dvě sítovky co tu mám na MB.. je to normální nebo tam je někde nějaká chyba ?
Re: Prosím o kontrolu Logu
Nic nebezpecneho tam nevidim...skusime test na rootkity, ale najprv toto:
1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
2) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:
Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.
1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
Folder::
c:\program files\DAEMON Tools Toolbar
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{30434f8d-a53c-42d8-8df5-bd7ef00eef16}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
FixCSet::Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
2) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:
- Sections
- IAT/EAT
- Registry
- nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
- Show All
Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 89 hostů