Logfile of HijackThis v1.99.1
Scan saved at 20:21:31, on 25.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HIS iTurbo\iTurbo.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Vašek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Vašek\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\VAEK~1\LOCALS~1\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTurbo] "C:\Program Files\HIS iTurbo\iTurbo.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Služba Google Update (gupdate1c9f34b68d40c16) (gupdate1c9f34b68d40c16) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Prosím o kontrolu logu
Re: Prosím o kontrolu logu
Ahoj. HJT nestaci ani v terajsej verzii, nie este v tej starsej :)
Takze:
1) Stiahni OTM. Do laveho policka skopiruj:
Klik na "Move It". Nasledne sa ti objavi v okne "Result" pokec, ktory sem cely skopiruj.
P.S.: Keby program ziadal restart, potvr ho. Nasledujuci log najdes v "C:\_OTM\MovedFiles\".
2) Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".
Takze:
1) Stiahni OTM. Do laveho policka skopiruj:
Kód: Vybrat vše
:files
C:\Program Files\AskBarDis
C:\WINDOWS\system32\servises.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"servises"=-
:services
ASKService
JavaQuickStarterService
:commands
[emptytemp]
[purity]
[reboot]Klik na "Move It". Nasledne sa ti objavi v okne "Result" pokec, ktory sem cely skopiruj.
P.S.: Keby program ziadal restart, potvr ho. Nasledujuci log najdes v "C:\_OTM\MovedFiles\".
2) Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
All processes killed
========== FILES ==========
C:\Program Files\AskBarDis\bar\Settings moved successfully.
C:\Program Files\AskBarDis\bar\History moved successfully.
C:\Program Files\AskBarDis\bar\Cache moved successfully.
C:\Program Files\AskBarDis\bar\bin moved successfully.
C:\Program Files\AskBarDis\bar moved successfully.
C:\Program Files\AskBarDis moved successfully.
File/Folder C:\WINDOWS\system32\servises.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\servises not found.
========== SERVICES/DRIVERS ==========
Service\Driver ASKService deleted successfully.
Service\Driver JavaQuickStarterService deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Host
->Temp folder emptied: 4901802 bytes
->Temporary Internet Files folder emptied: 80936 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Michal
User: Naďa
File delete failed. C:\Documents and Settings\Naďa\Local Settings\Temp\hsperfdata_Naďa\3604 scheduled to be deleted on reboot.
->Temp folder emptied: 13566133 bytes
File delete failed. C:\Documents and Settings\Naďa\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1510729862 bytes
->Java cache emptied: 25493434 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Vašek
File delete failed. C:\Documents and Settings\Vašek\Local Settings\Temp\~DF33A5.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 3153066 bytes
->Temporary Internet Files folder emptied: 4425864 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 81197457 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03f47.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 132352 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1569,68 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10252009_220231
Files moved on Reboot...
File C:\Documents and Settings\Naďa\Local Settings\Temp\hsperfdata_Naďa\3604 not found!
C:\Documents and Settings\Vašek\Local Settings\Temp\~DF33A5.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat moved successfully.
File C:\WINDOWS\temp\ZLT03f47.TMP not found!
Registry entries deleted on Reboot...
========== FILES ==========
C:\Program Files\AskBarDis\bar\Settings moved successfully.
C:\Program Files\AskBarDis\bar\History moved successfully.
C:\Program Files\AskBarDis\bar\Cache moved successfully.
C:\Program Files\AskBarDis\bar\bin moved successfully.
C:\Program Files\AskBarDis\bar moved successfully.
C:\Program Files\AskBarDis moved successfully.
File/Folder C:\WINDOWS\system32\servises.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\servises not found.
========== SERVICES/DRIVERS ==========
Service\Driver ASKService deleted successfully.
Service\Driver JavaQuickStarterService deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Host
->Temp folder emptied: 4901802 bytes
->Temporary Internet Files folder emptied: 80936 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Michal
User: Naďa
File delete failed. C:\Documents and Settings\Naďa\Local Settings\Temp\hsperfdata_Naďa\3604 scheduled to be deleted on reboot.
->Temp folder emptied: 13566133 bytes
File delete failed. C:\Documents and Settings\Naďa\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1510729862 bytes
->Java cache emptied: 25493434 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Vašek
File delete failed. C:\Documents and Settings\Vašek\Local Settings\Temp\~DF33A5.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 3153066 bytes
->Temporary Internet Files folder emptied: 4425864 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 81197457 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03f47.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 132352 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1569,68 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10252009_220231
Files moved on Reboot...
File C:\Documents and Settings\Naďa\Local Settings\Temp\hsperfdata_Naďa\3604 not found!
C:\Documents and Settings\Vašek\Local Settings\Temp\~DF33A5.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat moved successfully.
File C:\WINDOWS\temp\ZLT03f47.TMP not found!
Registry entries deleted on Reboot...
Re: Prosím o kontrolu logu
Logfile of random's system information tool 1.06 (written by random/random)
Run by Vašek at 2009-10-25 22:14:36
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 54 GB (70%) free of 78 GB
Total RAM: 2046 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:51, on 25.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HIS iTurbo\iTurbo.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Vašek\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Vašek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTurbo] "C:\Program Files\HIS iTurbo\iTurbo.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9f34b68d40c16) (gupdate1c9f34b68d40c16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5215 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-22 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-09 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-09 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"iTurbo"=C:\Program Files\HIS iTurbo\iTurbo.exe [2005-08-28 110592]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]
"DiagAP8169"=C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-09 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-22 39408]
"servises"=C:\WINDOWS\system32\servises.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"NoSecCPL"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFavoritesMenu"=0
"NoFind"=0
"NoRun"=0
"NoLogOff"=0
"NoClose"=0
"NoSetFolders"=0
"NoFolderOptions"=0
"NoSetActiveDesktop"=0
"NoWindowsUpdate"=1
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoPrinterTabs"=0
"NoActiveDesktop"=0
"NoDesktop"=0
"RestrictRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-10-25 22:14:36 ----D---- C:\rsit
2009-10-25 22:14:36 ----D---- C:\Program Files\trend micro
2009-10-25 22:02:31 ----D---- C:\_OTM
2009-10-25 21:33:40 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Malwarebytes
2009-10-25 21:33:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-25 21:33:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-10-25 18:10:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-25 14:15:39 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-10-25 14:15:39 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-10-25 14:15:38 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-10-25 14:15:38 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-10-25 14:15:37 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-10-25 14:15:37 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-10-25 14:15:36 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-10-25 14:15:35 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-10-25 14:15:35 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-10-25 14:15:35 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-10-25 14:15:34 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-25 14:15:34 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-25 14:15:34 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-25 14:15:33 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-25 14:15:33 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-10-25 14:15:32 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-10-25 14:15:32 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-10-25 14:15:30 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-10-25 14:15:30 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-10-25 14:15:30 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-10-25 14:15:29 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-10-25 14:15:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-10-25 14:15:29 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-10-25 14:15:28 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-10-25 14:15:28 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-10-25 14:15:28 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-10-25 14:15:27 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-10-25 14:15:27 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-25 14:15:26 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-25 14:15:26 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-25 14:15:25 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-10-25 14:15:25 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-10-25 14:15:24 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-10-25 14:15:23 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-10-25 14:15:23 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-10-25 14:15:23 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-10-25 14:15:22 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-10-25 14:15:22 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-10-25 14:15:22 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-10-25 14:15:21 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-10-25 14:15:21 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-10-25 14:15:20 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-10-25 14:15:20 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-10-25 14:15:19 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-10-25 14:15:19 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-10-25 14:15:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-10-25 14:15:18 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-10-25 14:15:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-10-25 14:15:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-10-25 14:15:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-10-25 14:15:15 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-10-25 14:15:13 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-10-25 14:15:13 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-10-25 14:15:10 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-10-25 14:15:09 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-10-25 14:15:09 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-10-25 14:15:09 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-10-25 14:15:07 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-10-25 14:15:07 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-10-25 14:15:07 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-10-25 14:14:58 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-10-25 14:14:58 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-10-25 14:14:58 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-25 14:14:57 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-10-25 14:14:57 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-10-25 14:14:57 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-25 14:14:56 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-25 14:14:56 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-10-25 14:14:56 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-10-25 14:14:54 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-10-25 14:14:39 ----D---- C:\WINDOWS\Logs
2009-09-26 13:01:38 ----D---- C:\Documents and Settings\Vašek\Data aplikací\dvdcss
======List of files/folders modified in the last 1 months======
2009-10-25 22:14:36 ----RD---- C:\Program Files
2009-10-25 22:10:37 ----D---- C:\WINDOWS\Temp
2009-10-25 22:10:31 ----D---- C:\WINDOWS\Internet Logs
2009-10-25 22:09:28 ----D---- C:\WINDOWS
2009-10-25 22:08:53 ----SD---- C:\WINDOWS\Tasks
2009-10-25 22:07:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 22:07:22 ----D---- C:\WINDOWS\system32
2009-10-25 21:35:14 ----D---- C:\WINDOWS\Prefetch
2009-10-25 21:35:10 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 20:08:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 20:02:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 14:15:43 ----D---- C:\WINDOWS\system32\DirectX
2009-10-25 14:15:40 ----HD---- C:\WINDOWS\inf
2009-10-25 14:15:07 ----RSD---- C:\WINDOWS\assembly
2009-10-25 14:15:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-25 13:58:15 ----D---- C:\Program Files\Metin2_CZ
2009-10-25 13:49:09 ----D---- C:\Program Files\Google
2009-10-25 13:31:12 ----D---- C:\Documents and Settings\Vašek\Data aplikací\uTorrent
2009-10-25 13:26:58 ----D---- C:\Program Files\Graboid
2009-10-25 12:43:13 ----A---- C:\WINDOWS\wincmd.ini
2009-10-25 11:38:57 ----D---- C:\Program Files\3D Live Snooker
2009-10-19 07:50:48 ----SHD---- C:\RECYCLER
2009-10-15 20:42:26 ----D---- C:\Documents and Settings\Vašek\Data aplikací\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]
R3 RTCore32;RTCore32; \??\C:\Program Files\HIS iTurbo\RTCore32.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-04-07 105088]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S2 gupdate1c9f34b68d40c16;Služba Google Update (gupdate1c9f34b68d40c16); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Run by Vašek at 2009-10-25 22:14:36
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 54 GB (70%) free of 78 GB
Total RAM: 2046 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:51, on 25.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HIS iTurbo\iTurbo.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI\LAN Utility\DiagAP8169.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Vašek\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Vašek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [iTurbo] "C:\Program Files\HIS iTurbo\iTurbo.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DiagAP8169] C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9f34b68d40c16) (gupdate1c9f34b68d40c16) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5215 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-22 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-09 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-09 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"iTurbo"=C:\Program Files\HIS iTurbo\iTurbo.exe [2005-08-28 110592]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-06-29 32768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]
"DiagAP8169"=C:\Program Files\MSI\LAN Utility\DiagAP8169 /hw []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-09 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-22 39408]
"servises"=C:\WINDOWS\system32\servises.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"NoSecCPL"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFavoritesMenu"=0
"NoFind"=0
"NoRun"=0
"NoLogOff"=0
"NoClose"=0
"NoSetFolders"=0
"NoFolderOptions"=0
"NoSetActiveDesktop"=0
"NoWindowsUpdate"=1
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoPrinterTabs"=0
"NoActiveDesktop"=0
"NoDesktop"=0
"RestrictRun"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-10-25 22:14:36 ----D---- C:\rsit
2009-10-25 22:14:36 ----D---- C:\Program Files\trend micro
2009-10-25 22:02:31 ----D---- C:\_OTM
2009-10-25 21:33:40 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Malwarebytes
2009-10-25 21:33:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-25 21:33:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-10-25 18:10:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-25 14:15:39 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-10-25 14:15:39 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-10-25 14:15:38 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-10-25 14:15:38 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-10-25 14:15:37 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-10-25 14:15:37 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-10-25 14:15:36 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-10-25 14:15:35 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-10-25 14:15:35 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-10-25 14:15:35 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-10-25 14:15:34 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-25 14:15:34 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-25 14:15:34 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-25 14:15:33 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-25 14:15:33 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-10-25 14:15:32 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-10-25 14:15:32 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-10-25 14:15:31 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-10-25 14:15:30 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-10-25 14:15:30 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-10-25 14:15:30 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-10-25 14:15:29 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-10-25 14:15:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-10-25 14:15:29 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-10-25 14:15:28 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-10-25 14:15:28 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-10-25 14:15:28 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-10-25 14:15:27 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-10-25 14:15:27 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-25 14:15:26 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-25 14:15:26 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-25 14:15:25 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-10-25 14:15:25 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-10-25 14:15:24 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-10-25 14:15:23 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-10-25 14:15:23 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-10-25 14:15:23 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-10-25 14:15:22 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-10-25 14:15:22 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-10-25 14:15:22 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-10-25 14:15:21 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-10-25 14:15:21 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-10-25 14:15:20 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-10-25 14:15:20 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-10-25 14:15:19 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-10-25 14:15:19 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-10-25 14:15:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-10-25 14:15:18 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-10-25 14:15:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-10-25 14:15:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-10-25 14:15:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-10-25 14:15:15 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-10-25 14:15:13 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-10-25 14:15:13 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-10-25 14:15:10 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-10-25 14:15:09 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-10-25 14:15:09 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-10-25 14:15:09 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-10-25 14:15:08 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-10-25 14:15:07 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-10-25 14:15:07 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-10-25 14:15:07 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-10-25 14:14:58 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-10-25 14:14:58 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-10-25 14:14:58 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-25 14:14:57 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-10-25 14:14:57 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-10-25 14:14:57 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-25 14:14:56 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-25 14:14:56 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-10-25 14:14:56 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-10-25 14:14:54 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-10-25 14:14:39 ----D---- C:\WINDOWS\Logs
2009-09-26 13:01:38 ----D---- C:\Documents and Settings\Vašek\Data aplikací\dvdcss
======List of files/folders modified in the last 1 months======
2009-10-25 22:14:36 ----RD---- C:\Program Files
2009-10-25 22:10:37 ----D---- C:\WINDOWS\Temp
2009-10-25 22:10:31 ----D---- C:\WINDOWS\Internet Logs
2009-10-25 22:09:28 ----D---- C:\WINDOWS
2009-10-25 22:08:53 ----SD---- C:\WINDOWS\Tasks
2009-10-25 22:07:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 22:07:22 ----D---- C:\WINDOWS\system32
2009-10-25 21:35:14 ----D---- C:\WINDOWS\Prefetch
2009-10-25 21:35:10 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 20:08:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 20:02:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 14:15:43 ----D---- C:\WINDOWS\system32\DirectX
2009-10-25 14:15:40 ----HD---- C:\WINDOWS\inf
2009-10-25 14:15:07 ----RSD---- C:\WINDOWS\assembly
2009-10-25 14:15:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-25 13:58:15 ----D---- C:\Program Files\Metin2_CZ
2009-10-25 13:49:09 ----D---- C:\Program Files\Google
2009-10-25 13:31:12 ----D---- C:\Documents and Settings\Vašek\Data aplikací\uTorrent
2009-10-25 13:26:58 ----D---- C:\Program Files\Graboid
2009-10-25 12:43:13 ----A---- C:\WINDOWS\wincmd.ini
2009-10-25 11:38:57 ----D---- C:\Program Files\3D Live Snooker
2009-10-19 07:50:48 ----SHD---- C:\RECYCLER
2009-10-15 20:42:26 ----D---- C:\Documents and Settings\Vašek\Data aplikací\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-09-02 11266]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]
R3 RTCore32;RTCore32; \??\C:\Program Files\HIS iTurbo\RTCore32.sys []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-04-07 105088]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S2 gupdate1c9f34b68d40c16;Služba Google Update (gupdate1c9f34b68d40c16); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Re: Prosím o kontrolu logu
Je to v pořádku co jsem poslal? Dík.
Re: Prosím o kontrolu logu
Praveze nie...no nic, CF by si s tym mal poradit:
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
ComboFix 09-10-25.02 - Vašek 26.10.2009 20:55.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1580 [GMT 1:00]
Spuštěný z: c:\documents and settings\Vašek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091025-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\_id.dat
c:\windows\system32\ieuinit.inf
c:\windows\system32\taskmgr.com
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-26 do 2009-10-26 )))))))))))))))))))))))))))))))
.
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\VDLL.DLL
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\system32\runouce.exe
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\rundll16.exe
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\logo1_.exe
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\logo_1.exe
2009-10-26 17:07 . 2009-10-26 17:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-26 17:07 . 2009-10-26 17:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-26 17:07 . 2009-10-26 17:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-26 17:07 . 2004-08-17 13:49 147968 ----a-w- c:\windows\R.COM
2009-10-26 17:07 . 2004-08-17 13:49 137216 ----a-w- c:\windows\system32\T.COM
2009-10-26 17:07 . 2009-10-26 17:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-25 21:14 . 2009-10-25 21:14 -------- d-----w- C:\rsit
2009-10-25 21:14 . 2009-10-25 21:14 -------- d-----w- c:\program files\trend micro
2009-10-25 21:02 . 2009-10-25 21:02 -------- d-----w- C:\_OTM
2009-10-25 20:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 20:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 20:33 . 2009-10-25 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 13:14 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 13:14 . 2009-10-25 13:14 -------- d-----w- c:\windows\Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 19:08 . 2001-10-25 14:00 73416 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 19:08 . 2001-10-25 14:00 398746 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 12:58 . 2009-06-09 17:18 -------- d-----w- c:\program files\Metin2_CZ
2009-10-25 12:49 . 2009-06-18 18:27 -------- d-----w- c:\program files\Google
2009-10-25 12:26 . 2009-09-15 19:26 -------- d-----w- c:\program files\Graboid
2009-10-25 10:38 . 2009-07-18 16:29 -------- d-----w- c:\program files\3D Live Snooker
2009-09-15 19:46 . 2009-09-15 19:46 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-15 19:40 . 2009-09-15 19:40 -------- d-----w- c:\program files\VideoLAN
2009-09-14 16:31 . 2009-09-14 16:01 -------- d-----w- c:\program files\Zoner
2009-09-13 17:57 . 2009-09-13 17:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- C:\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- C:\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- C:\dsetup32.dll
2009-09-04 16:44 . 2009-10-25 13:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-10-25 13:15 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-10-25 13:15 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-10-25 13:15 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-22 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"="c:\program files\MSI\LAN Utility\DiagAP8169" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"iTurbo"="c:\program files\HIS iTurbo\iTurbo.exe" [2005-08-28 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 06:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.5.2009 20:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.5.2009 20:44 20560]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [22.5.2009 21:06 8440]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [22.5.2009 21:06 11266]
R3 RTCore32;RTCore32;c:\program files\HIS iTurbo\RTCore32.sys [25.5.2005 3:39 4608]
S2 gupdate1c9f34b68d40c16;Služba Google Update (gupdate1c9f34b68d40c16);c:\program files\Google\Update\GoogleUpdate.exe [22.6.2009 16:09 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.5.2009 21:01 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [25.10.2009 21:33 38224]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'
2009-10-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 15:08]
2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 15:09]
2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 15:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 21:03
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\combofix\CF1872.exe
c:\program files\MSI\LAN Utility\DiagAP8169.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-26 21:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-26 20:06
Před spuštěním: Volných bajtů: 59 303 342 080
Po spuštění: Volných bajtů: 59 452 637 184
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4517F64BC1FEC8C68A691883AF007F74
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1580 [GMT 1:00]
Spuštěný z: c:\documents and settings\Vašek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091025-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\_id.dat
c:\windows\system32\ieuinit.inf
c:\windows\system32\taskmgr.com
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-26 do 2009-10-26 )))))))))))))))))))))))))))))))
.
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\VDLL.DLL
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\system32\runouce.exe
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\rundll16.exe
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\logo1_.exe
2009-10-26 17:10 . 2009-10-26 17:10 -------- d---a-w- c:\windows\logo_1.exe
2009-10-26 17:07 . 2009-10-26 17:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-26 17:07 . 2009-10-26 17:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-26 17:07 . 2009-10-26 17:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-10-26 17:07 . 2004-08-17 13:49 147968 ----a-w- c:\windows\R.COM
2009-10-26 17:07 . 2004-08-17 13:49 137216 ----a-w- c:\windows\system32\T.COM
2009-10-26 17:07 . 2009-10-26 17:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-25 21:14 . 2009-10-25 21:14 -------- d-----w- C:\rsit
2009-10-25 21:14 . 2009-10-25 21:14 -------- d-----w- c:\program files\trend micro
2009-10-25 21:02 . 2009-10-25 21:02 -------- d-----w- C:\_OTM
2009-10-25 20:33 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 20:33 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 20:33 . 2009-10-25 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 13:14 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 13:14 . 2009-10-25 13:14 -------- d-----w- c:\windows\Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 19:08 . 2001-10-25 14:00 73416 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 19:08 . 2001-10-25 14:00 398746 ----a-w- c:\windows\system32\perfh005.dat
2009-10-25 12:58 . 2009-06-09 17:18 -------- d-----w- c:\program files\Metin2_CZ
2009-10-25 12:49 . 2009-06-18 18:27 -------- d-----w- c:\program files\Google
2009-10-25 12:26 . 2009-09-15 19:26 -------- d-----w- c:\program files\Graboid
2009-10-25 10:38 . 2009-07-18 16:29 -------- d-----w- c:\program files\3D Live Snooker
2009-09-15 19:46 . 2009-09-15 19:46 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-09-15 19:40 . 2009-09-15 19:40 -------- d-----w- c:\program files\VideoLAN
2009-09-14 16:31 . 2009-09-14 16:01 -------- d-----w- c:\program files\Zoner
2009-09-13 17:57 . 2009-09-13 17:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- C:\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- C:\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- C:\dsetup32.dll
2009-09-04 16:44 . 2009-10-25 13:15 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-10-25 13:15 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-10-25 13:15 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-10-25 13:15 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-10-25 13:15 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-22 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"="c:\program files\MSI\LAN Utility\DiagAP8169" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"iTurbo"="c:\program files\HIS iTurbo\iTurbo.exe" [2005-08-28 110592]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-17 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 06:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.5.2009 20:44 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.5.2009 20:44 20560]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [22.5.2009 21:06 8440]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [22.5.2009 21:06 11266]
R3 RTCore32;RTCore32;c:\program files\HIS iTurbo\RTCore32.sys [25.5.2005 3:39 4608]
S2 gupdate1c9f34b68d40c16;Služba Google Update (gupdate1c9f34b68d40c16);c:\program files\Google\Update\GoogleUpdate.exe [22.6.2009 16:09 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.5.2009 21:01 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [25.10.2009 21:33 38224]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'
2009-10-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 15:08]
2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 15:09]
2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 15:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 21:03
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\combofix\CF1872.exe
c:\program files\MSI\LAN Utility\DiagAP8169.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-26 21:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-26 20:06
Před spuštěním: Volných bajtů: 59 303 342 080
Po spuštění: Volných bajtů: 59 452 637 184
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4517F64BC1FEC8C68A691883AF007F74
Re: Prosím o kontrolu logu
Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:
Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.
Kód: Vybrat vše
:filefind
servises.exeKlikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 07:21 on 27/10/2009 by Vašek (Administrator - Elevation successful)
========== filefind ==========
Searching for "servises.exe"
No files found.
-=End Of File=-
Log created at 07:21 on 27/10/2009 by Vašek (Administrator - Elevation successful)
========== filefind ==========
Searching for "servises.exe"
No files found.
-=End Of File=-
Re: Prosím o kontrolu logu
Ako to vyzera s PC, funguje vsetko tak, ako by malo?
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosím o kontrolu logu
Ano, je to v pořádku. Dík.
Re: Prosím o kontrolu logu
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /uninstall
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 96 hostů