Prosím o kontrolu logu, nelze spustit program Vyřešeno

[Hurvajz.]

Ahoj, prosím o kontrolu logu. Řeším tu v jiné sekci jeden problém s programem, který se mi nechce stále spouštět (resp. spustí se, ale běží pouze někde na pozadí...), tak mi bylo doporučeno nechat si tu zkontrolovat PC. Díky*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:54, on 7.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Gene Codes\Sequencher 4.6\Sequencher.EXE
C:\Program Files\Gene Codes\Sequencher 4.6\Sequencher.EXE
C:\Program Files\Gene Codes\Sequencher 4.6\Sequencher.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\Instalace\Antiviry\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ursus.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\VKubecek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Rocky2Xerox_S2P] C:\Program Files\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\vkubecek\locals~1\temp\cdm\{d8265abe-b477-4e89-8261-4ea1363749a1}\STacSV.exe (file missing)

--
End of file - 7695 bytes

[Reklama]

[memphisto]

v logu fixni:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

---

Dej start - spustit - services.msc a najdi a zastav/zakaž tuto službu:
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\vkubecek\locals~1\temp\cdm\{d8265abe-b477-4e89-8261-4ea1363749a1}\STacSV.exe (file missing)

---

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

---

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

---

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Hurvajz.]

Log z Malwarebytu:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4773

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8.10.2010 10:55:30
mbam-log-2010-10-08 (10-55-30).txt

Typ skenu: Rychlý sken
Skenované objekty: 130406
Uplynulý čas: 6 minuta(y), 47 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Jak se chová PC? Podle mě to nebude nákazou ...

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Hurvajz.]

Počítač se chová normálně, je v pohodě. Ovšem Sequencher stále blbne...Běží prostě někde na pozadí, a už fakt nevím, co udělat, aby běžel jak má...

Tady je ten log:

ComboFix 10-10-07.01 - VKubecek 08.10.2010 11:39:17.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.501.343 [GMT 2:00]
Spuštěný z: c:\documents and settings\VKubecek\Plocha\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\VKubecek\LOCALS~1\Temp\56E8CA44-D13AF6B2-10E37D96-450249E0\ac54d3.exe
c:\docume~1\VKubecek\LOCALS~1\Temp\56E8CA44-D13AF6B2-10E37D96-450249E0\e18d6_xp.exe
c:\docume~1\VKubecek\LOCALS~1\Temp\56E8CA44-D13AF6B2-10E37D96-450249E0\setup.dll
c:\documents and settings\VKubecek\Local Settings\Temp\56E8CA44-D13AF6B2-10E37D96-450249E0\ac54d3.exe
c:\documents and settings\VKubecek\Local Settings\Temp\56E8CA44-D13AF6B2-10E37D96-450249E0\e18d6_xp.exe
c:\documents and settings\VKubecek\Local Settings\Temp\56E8CA44-D13AF6B2-10E37D96-450249E0\setup.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-08 do 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-15 14:25 . 2010-10-15 14:25 -------- d-----w- c:\program files\Common Files\Java
2010-10-15 14:24 . 2010-10-15 14:24 61440 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-164d2932-n\decora-sse.dll
2010-10-15 14:24 . 2010-10-15 14:24 503808 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ba44427-n\msvcp71.dll
2010-10-15 14:24 . 2010-10-15 14:24 12800 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-164d2932-n\decora-d3d.dll
2010-10-15 14:24 . 2010-10-15 14:24 499712 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ba44427-n\jmc.dll
2010-10-15 14:24 . 2010-10-15 14:24 348160 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ba44427-n\msvcr71.dll
2010-10-15 14:24 . 2010-10-15 14:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-15 14:23 . 2010-10-15 14:23 -------- d-----w- c:\program files\Java
2010-10-15 08:55 . 2010-10-15 08:55 -------- d-----w- c:\program files\Gene Codes
2010-10-15 06:59 . 2010-10-15 06:59 -------- d-----w- c:\program files\Macromedia
2010-10-15 06:58 . 2007-02-21 00:09 2781184 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-10-15 06:23 . 2010-10-15 06:23 -------- d-----w- c:\program files\MagicISO
2010-10-08 08:47 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 08:47 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-08 08:47 . 2010-10-08 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 07:34 . 2010-10-08 07:34 -------- d-----w- c:\documents and settings\VKubecek\DoctorWeb
2010-10-07 14:33 . 2010-10-07 14:33 4102496 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgui.exe
2010-10-05 11:43 . 2010-10-05 11:43 -------- d-----w- c:\program files\CCleaner
2010-10-05 11:20 . 2009-09-17 05:05 38376 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
2010-10-05 11:19 . 2010-10-05 11:19 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-10-04 14:59 . 2010-10-04 14:59 -------- d-----w- C:\$AVG
2010-10-04 13:01 . 2010-10-04 13:01 -------- d-----w- c:\program files\Bonjour
2010-10-01 11:06 . 2010-10-01 11:06 -------- d-----w- c:\documents and settings\VKubecek\WINDOWS
2010-09-30 07:42 . 2010-09-30 07:42 4394336 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgcorex.dll
2010-09-30 07:42 . 2010-09-30 07:42 2065760 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgtray.exe
2010-09-29 13:23 . 2010-09-29 13:23 516096 ----a-w- c:\windows\UN32.EXE
2010-09-29 13:16 . 2010-09-29 13:46 -------- d-----w- C:\TRANSLAT
2010-09-23 16:21 . 2010-09-23 16:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-23 16:21 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-09-23 16:21 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-09-23 16:15 . 2010-10-15 06:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-23 16:14 . 2009-07-14 15:14 150768 ----a-w- c:\documents and settings\VKubecek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-09-23 16:14 . 2010-09-23 16:14 -------- d-----w- c:\program files\QIP
2010-09-23 13:25 . 2010-09-23 13:25 -------- d-----w- C:\6120_v2_w2kXP03ps
2010-09-23 13:23 . 2004-07-05 06:01 61440 ------w- c:\windows\system32\ssdevm.dll
2010-09-23 13:22 . 2005-01-04 04:46 10077 ----a-w- c:\windows\system32\wcpe12lm.DLL
2010-09-23 13:13 . 2003-10-31 10:31 208896 ------w- c:\windows\system32\SSRemove.Exe
2010-09-23 13:13 . 2005-01-04 04:46 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2010-09-23 13:13 . 2004-07-05 07:16 10077 ----a-w- c:\windows\system32\XRXPSlmk.dll
2010-09-23 13:12 . 2010-09-23 13:44 -------- d-----w- c:\windows\XEROX
2010-09-23 13:12 . 2004-05-17 13:04 41984 ------w- c:\windows\system32\drivers\dgivecp.sys
2010-09-23 12:01 . 2010-09-23 12:01 -------- d-----w- c:\program files\IDT
2010-09-23 11:59 . 2008-04-10 18:08 212992 ----a-w- c:\windows\system32\stacsv.exe
2010-09-23 11:59 . 2007-05-06 15:10 405504 ----a-w- c:\windows\sttray.exe
2010-09-23 11:59 . 2008-04-10 18:06 2129920 ----a-w- c:\windows\system32\stlang.dll
2010-09-23 11:59 . 2008-04-10 18:07 164352 ----a-w- c:\windows\system32\staco.dll
2010-09-23 11:58 . 2008-04-10 18:10 1271032 ----a-w- c:\windows\system32\drivers\sthda.sys
2010-09-23 11:58 . 2008-04-10 18:08 372736 ----a-w- c:\windows\system32\stacapi.dll
2010-09-23 11:58 . 2007-03-16 12:59 54272 ----a-w- c:\windows\system32\drivers\sfng32.sys
2010-09-23 11:58 . 2010-09-23 11:58 -------- d-----w- c:\program files\SigmaTel
2010-09-22 15:11 . 2010-09-22 15:11 -------- d-----w- c:\windows\ServicePackFiles
2010-09-22 08:03 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-22 08:03 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-22 08:03 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-22 08:03 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-22 08:03 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-22 08:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-22 08:00 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-22 08:00 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-09-22 08:00 . 2009-11-27 17:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-09-22 06:40 . 2008-07-09 07:36 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-09-22 06:40 . 2010-09-23 08:42 -------- d--h--w- c:\windows\$hf_mig$
2010-09-22 06:07 . 2010-09-22 07:53 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-09-21 16:19 . 2008-09-24 08:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2010-09-21 16:19 . 2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
2010-09-21 16:19 . 2006-10-18 00:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-09-21 16:19 . 2006-08-01 13:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-09-21 16:19 . 2006-12-08 13:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-09-21 16:18 . 2010-09-21 16:18 -------- d-----w- c:\program files\Realtek AC97
2010-09-21 16:17 . 2006-07-31 09:27 217088 ----a-w- c:\windows\alcrmv.exe
2010-09-21 16:17 . 2006-07-31 09:19 315392 ----a-w- c:\windows\alcupd.exe
2010-09-21 16:17 . 2010-10-04 11:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-21 16:08 . 2010-10-08 07:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-21 15:19 . 2010-09-21 15:19 356616 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgtdix.sys
2010-09-21 15:19 . 2010-09-21 15:19 333192 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgldx86.sys
2010-09-21 15:19 . 2010-09-21 15:19 28424 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgmfx86.sys
2010-09-21 15:19 . 2010-09-21 15:19 161672 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgrkx86.sys
2010-09-21 15:18 . 2010-09-21 15:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-21 15:15 . 2010-09-20 12:08 875288 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgupd.exe
2010-09-21 15:15 . 2010-09-20 12:08 798488 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avginet.dll
2010-09-21 15:15 . 2010-09-20 12:08 610072 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgiproxy.exe
2010-09-21 15:15 . 2010-09-20 12:08 1656088 ----a-w- c:\documents and settings\All Users\Data aplikací\avg9\update\backup\avgupd.dll
2010-09-21 15:09 . 2010-01-27 11:52 256712 ----a-w- c:\windows\system32\PROUnstl.exe
2010-09-21 15:06 . 2010-10-05 11:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-21 15:06 . 2010-09-21 15:10 -------- d-----w- c:\program files\Intel
2010-09-21 15:06 . 2010-03-02 14:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-21 15:06 . 2010-09-21 15:06 -------- d-----w- C:\Intel
2010-09-21 08:08 . 2010-07-06 09:13 280344 ----a-w- c:\windows\Rtenic64.sys
2010-09-21 08:08 . 2010-07-06 09:13 234392 ----a-w- c:\windows\Rtenicxp.sys
2010-09-21 08:08 . 2010-07-06 09:13 230040 ----a-w- c:\windows\Rtenic.sys
2010-09-21 08:08 . 2010-01-12 11:35 107552 ----a-w- c:\windows\RTNUninst64.dll
2010-09-21 08:08 . 2010-01-12 11:35 100896 ----a-w- c:\windows\RTNUninst32.dll
2010-09-21 08:08 . 2010-01-12 11:35 80416 ----a-w- c:\windows\RtNicprop32.DLL
2010-09-21 08:08 . 2010-01-12 11:35 74272 ----a-w- c:\windows\RtNicprop64.DLL
2010-09-21 06:48 . 2004-08-18 12:00 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2010-09-21 06:47 . 2004-08-18 12:00 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe
2010-09-21 06:46 . 2004-08-18 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-09-21 06:37 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-21 06:37 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-21 06:37 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-21 06:37 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-20 15:44 . 2010-09-23 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 15:44 . 2010-09-21 08:09 -------- d-----w- c:\program files\Realtek
2010-09-20 14:02 . 2010-09-20 14:02 0 ----a-w- c:\windows\nsreg.dat
2010-09-20 12:08 . 2010-09-21 15:18 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-20 12:08 . 2010-09-21 15:18 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 12:08 . 2010-09-21 15:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 12:08 . 2010-09-21 15:18 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-20 12:08 . 2010-10-08 07:15 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-20 12:08 . 2010-09-20 12:08 -------- d-----w- c:\program files\AVG
2010-09-20 11:35 . 2010-09-20 11:35 -------- d-----w- c:\program files\Zoner
2010-09-20 11:34 . 2010-09-20 11:34 -------- d-----w- c:\program files\Google
2010-09-20 11:30 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-20 11:30 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-20 11:29 . 2010-09-20 11:29 -------- d-----w- c:\program files\Microsoft Works
2010-09-20 11:29 . 2010-09-20 11:29 -------- d-----w- c:\program files\MSBuild
2010-09-20 11:26 . 2010-09-20 11:33 -------- d--h--w- c:\windows\ShellNew
2010-09-20 11:25 . 2010-09-20 11:25 -------- d-----r- C:\MSOCache
2010-09-20 11:20 . 2010-09-20 11:20 -------- d-----w- c:\program files\GRETECH
2010-09-20 11:19 . 2010-10-04 05:42 -------- d-----w- c:\program files\Opera
2010-09-20 11:05 . 2008-04-22 05:03 545 ----a-w- c:\windows\UC.PIF
2010-09-20 11:05 . 2008-04-22 05:03 545 ----a-w- c:\windows\RAR.PIF
2010-09-20 11:05 . 2008-04-22 05:03 545 ----a-w- c:\windows\PKZIP.PIF
2010-09-20 11:05 . 2008-04-22 05:03 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-09-20 11:05 . 2008-04-22 05:03 545 ----a-w- c:\windows\NOCLOSE.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 01:18 . 2004-08-18 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-09-24 01:18 . 2004-08-18 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-09-21 06:44 . 2010-09-20 09:45 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-20 11:07 . 2010-09-20 11:06 -------- d-----w- c:\program files\Winamp
2010-09-20 11:06 . 2010-09-20 11:06 -------- d-----w- c:\program files\Winamp Detect
2010-09-20 10:11 . 2010-09-20 12:41 184200 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1029.dat
2010-09-20 10:10 . 2010-09-20 09:48 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-20 10:10 . 2010-09-20 09:48 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-09-20 10:10 . 2010-09-20 09:48 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-09-20 09:49 . 2010-09-20 09:49 -------- d-----w- c:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-30 2067808]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"Rocky2Xerox_S2P"="c:\program files\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe" [2005-03-24 65536]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-21 15:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20.9.2010 14:08 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.9.2010 14:08 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.9.2010 14:08 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21.9.2010 17:18 308136]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ursus.cz/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\VKubecek\Data aplikací\Mozilla\Firefox\Profiles\e5o0ay41.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)


.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2010-10-08 11:49:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-08 09:49

Před spuštěním: Volných bajtů: 49 022 607 360
Po spuštění: Volných bajtů: 48 978 833 408

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8C49AB3790445D8F8484F6BFDD19CDD1

[memphisto]

Najdi a smaž:
c:\windows\UN32.EXE

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\d3d9caps.dat

DirLook::
C:\6120_v2_w2kXP03ps

Firefox::
FF - ProfilePath - c:\documents and settings\VKubecek\Data aplikací\Mozilla\Firefox\Profiles\e5o0ay41.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\ssdevm.dll
c:\windows\system32\SSRemove.Exe
c:\windows\system32\ChCfg.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Hurvajz.]

Ahoj, ty tři testované soubory byly v pohodě.

Logy:

ComboFix 10-10-10.02 - VKubecek 11.10.2010 7:08.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.501.302 [GMT 2:00]
Spuštěný z: c:\documents and settings\VKubecek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\VKubecek\Plocha\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3d9caps.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-04 14:59 . 2010-10-04 14:59 -------- d-----w- C:\$AVG
2010-09-29 13:16 . 2010-09-29 13:46 -------- d-----w- C:\TRANSLAT
2010-09-23 13:25 . 2010-09-23 13:25 -------- d-----w- C:\6120_v2_w2kXP03ps
2010-09-21 15:06 . 2010-09-21 15:06 -------- d-----w- C:\Intel
2010-09-20 11:25 . 2010-09-20 11:25 -------- d-----r- C:\MSOCache
2010-09-20 11:05 . 2010-09-20 11:08 -------- d-----w- C:\totalcmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\6120_v2_w2kXP03ps ----

2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\spanish\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\swedish\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\german\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\italian\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\russian\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\dutch\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\english\x6120pw.cat
2006-02-19 15:44 . 2006-02-19 15:44 14278 ----a-w- c:\6120_v2_w2kxp03ps\french\x6120pw.cat
2006-01-16 19:17 . 2006-01-16 19:17 29143 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUC.dll
2006-01-16 19:17 . 2006-01-16 19:17 873195 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUL.dll
2006-01-16 19:17 . 2006-01-16 19:17 963720 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PWR.dll
2006-01-16 19:17 . 2006-01-16 19:17 518956 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUV.dll
2006-01-16 19:17 . 2006-01-16 19:17 2093405 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUI.dll
2006-01-16 19:17 . 2006-01-16 19:17 15198 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUD.dll
2006-01-16 19:17 . 2006-01-16 19:17 1163519 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUP.dll
2006-01-16 19:16 . 2006-01-16 19:16 29143 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUC.dll
2006-01-16 19:16 . 2006-01-16 19:16 873195 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUL.dll
2006-01-16 19:16 . 2006-01-16 19:16 963720 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PWR.dll
2006-01-16 19:16 . 2006-01-16 19:16 518956 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUV.dll
2006-01-16 19:16 . 2006-01-16 19:16 2093405 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUI.dll
2006-01-16 19:16 . 2006-01-16 19:16 15198 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUD.dll
2006-01-16 19:16 . 2006-01-16 19:16 1163519 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUP.dll
2006-01-16 19:16 . 2006-01-16 19:16 29143 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUC.dll
2006-01-16 19:16 . 2006-01-16 19:16 873195 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUL.dll
2006-01-16 19:16 . 2006-01-16 19:16 963720 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PWR.dll
2006-01-16 19:16 . 2006-01-16 19:16 518956 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUV.dll
2006-01-16 19:16 . 2006-01-16 19:16 2093405 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUI.dll
2006-01-16 19:16 . 2006-01-16 19:16 15198 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUD.dll
2006-01-16 19:16 . 2006-01-16 19:16 1163519 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUP.dll
2006-01-16 19:16 . 2006-01-16 19:16 29143 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUC.dll
2006-01-16 19:15 . 2006-01-16 19:15 873195 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUL.dll
2006-01-16 19:15 . 2006-01-16 19:15 963720 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PWR.dll
2006-01-16 19:15 . 2006-01-16 19:15 518956 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUV.dll
2006-01-16 19:15 . 2006-01-16 19:15 2093405 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUI.dll
2006-01-16 19:15 . 2006-01-16 19:15 15198 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUD.dll
2006-01-16 19:15 . 2006-01-16 19:15 1163519 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUP.dll
2006-01-16 19:15 . 2006-01-16 19:15 29143 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUC.dll
2006-01-16 19:15 . 2006-01-16 19:15 873195 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUL.dll
2006-01-16 19:15 . 2006-01-16 19:15 963720 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PWR.dll
2006-01-16 19:15 . 2006-01-16 19:15 518956 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUV.dll
2006-01-16 19:15 . 2006-01-16 19:15 2093405 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUI.dll
2006-01-16 19:15 . 2006-01-16 19:15 15198 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUD.dll
2006-01-16 19:15 . 2006-01-16 19:15 1163519 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUP.dll
2006-01-16 19:15 . 2006-01-16 19:15 29143 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUC.dll
2006-01-16 19:14 . 2006-01-16 19:14 873195 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUL.dll
2006-01-16 19:14 . 2006-01-16 19:14 963720 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PWR.dll
2006-01-16 19:14 . 2006-01-16 19:14 518956 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUV.dll
2006-01-16 19:14 . 2006-01-16 19:14 2093405 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUI.dll
2006-01-16 19:14 . 2006-01-16 19:14 15198 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUD.dll
2006-01-16 19:14 . 2006-01-16 19:14 1163519 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUP.dll
2006-01-16 19:14 . 2006-01-16 19:14 29143 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUC.dll
2006-01-16 19:14 . 2006-01-16 19:14 873195 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUL.dll
2006-01-16 19:14 . 2006-01-16 19:14 963720 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PWR.dll
2006-01-16 19:14 . 2006-01-16 19:14 518956 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUV.dll
2006-01-16 19:14 . 2006-01-16 19:14 2093405 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUI.dll
2006-01-16 19:14 . 2006-01-16 19:14 15198 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUD.dll
2006-01-16 19:14 . 2006-01-16 19:14 1163519 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUP.dll
2006-01-16 19:14 . 2006-01-16 19:14 29143 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUC.dll
2006-01-16 19:13 . 2006-01-16 19:13 873195 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUL.dll
2006-01-16 19:13 . 2006-01-16 19:13 963720 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PWR.dll
2006-01-16 19:13 . 2006-01-16 19:13 518956 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUV.dll
2006-01-16 19:13 . 2006-01-16 19:13 2093405 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUI.dll
2006-01-16 19:13 . 2006-01-16 19:13 15198 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUD.dll
2006-01-16 19:13 . 2006-01-16 19:13 1163519 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUP.dll
2006-01-16 19:09 . 2006-01-16 19:09 29143 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUC.dll
2006-01-16 19:09 . 2006-01-16 19:09 873195 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUL.dll
2006-01-16 19:09 . 2006-01-16 19:09 963720 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PWR.dll
2006-01-16 19:08 . 2006-01-16 19:08 518956 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUV.dll
2006-01-16 19:08 . 2006-01-16 19:08 2093405 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUI.dll
2006-01-16 19:08 . 2006-01-16 19:08 15710 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUD.dll
2006-01-16 19:08 . 2006-01-16 19:08 1163519 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUP.dll
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 112042 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 106180 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 111536 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 114362 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 115724 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 113900 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 115577 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 114404 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PUM.KPD
2006-01-16 18:45 . 2006-01-16 18:45 237540 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUC.KPD
2006-01-16 18:45 . 2006-01-16 18:45 103678 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUD.KPD
2006-01-16 18:45 . 2006-01-16 18:45 8067 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PUM.KPD
2005-12-28 23:36 . 2005-12-28 23:36 101173 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PU.HLP
2005-12-28 23:31 . 2005-12-28 23:31 104881 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PU.HLP
2005-12-28 23:26 . 2005-12-28 23:26 107131 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PU.HLP
2005-12-28 23:22 . 2005-12-28 23:22 105513 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PU.HLP
2005-12-28 23:14 . 2005-12-28 23:14 105349 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PU.HLP
2005-12-28 23:08 . 2005-12-28 23:08 102491 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PU.HLP
2005-12-28 23:03 . 2005-12-28 23:03 106421 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PU.HLP
2005-12-28 22:57 . 2005-12-28 22:57 108537 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PU.HLP
2005-12-28 22:49 . 2005-12-28 22:49 109119 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PU.HLP
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PW.INF
2005-11-13 22:41 . 2005-11-13 22:41 2739 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PW.INF
2005-08-30 18:30 . 2005-08-30 18:30 3667 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PU.CNT
2005-08-29 21:26 . 2005-08-29 21:26 3122 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PU.CNT
2005-08-22 21:27 . 2005-08-22 21:27 3360 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PU.CNT
2005-08-22 21:11 . 2005-08-22 21:11 3100 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PU.CNT
2005-08-22 20:53 . 2005-08-22 20:53 3282 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PU.CNT
2005-08-22 20:42 . 2005-08-22 20:42 3129 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PU.CNT
2005-08-22 20:20 . 2005-08-22 20:20 2882 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PU.CNT
2005-08-21 21:28 . 2005-08-21 21:28 3412 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PU.CNT
2005-08-19 04:02 . 2005-08-19 04:02 3369 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PU.CNT
2005-08-10 21:12 . 2005-08-10 21:12 2710 ----a-w- c:\6120_v2_w2kxp03ps\english.txt
2005-08-10 20:24 . 2005-08-10 20:24 2995 ----a-w- c:\6120_v2_w2kxp03ps\russian.txt
2005-08-10 20:14 . 2005-08-10 20:14 2802 ----a-w- c:\6120_v2_w2kxp03ps\swedish.txt
2005-08-10 20:14 . 2005-08-10 20:14 3037 ----a-w- c:\6120_v2_w2kxp03ps\portuguese.txt
2005-08-10 20:14 . 2005-08-10 20:14 3235 ----a-w- c:\6120_v2_w2kxp03ps\dutch.txt
2005-08-10 20:13 . 2005-08-10 20:13 3163 ----a-w- c:\6120_v2_w2kxp03ps\italian.txt
2005-08-10 20:11 . 2005-08-10 20:11 3114 ----a-w- c:\6120_v2_w2kxp03ps\french.txt
2005-08-10 20:11 . 2005-08-10 20:11 2996 ----a-w- c:\6120_v2_w2kxp03ps\spanish.txt
2005-08-10 20:10 . 2005-08-10 20:10 2871 ----a-w- c:\6120_v2_w2kxp03ps\german.txt
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PU.PPD
2005-07-21 22:02 . 2005-07-21 22:02 21928 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PU.PPD
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\dutch\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\english\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\french\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\german\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\italian\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\russian\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\spanish\M2450.ICM
2005-05-18 02:54 . 2005-05-18 02:54 538772 ----a-w- c:\6120_v2_w2kxp03ps\swedish\M2450.ICM
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\dutch\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\english\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\french\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\german\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\italian\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\portuguese\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\russian\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\spanish\X6120PW.INI
2005-05-18 01:34 . 2005-05-18 01:34 70 ----a-w- c:\6120_v2_w2kxp03ps\swedish\X6120PW.INI


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-30 2067808]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"Rocky2Xerox_S2P"="c:\program files\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe" [2005-03-24 65536]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-21 15:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20.9.2010 14:08 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20.9.2010 14:08 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20.9.2010 14:08 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21.9.2010 17:18 308136]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ursus.cz/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\VKubecek\Data aplikací\Mozilla\Firefox\Profiles\e5o0ay41.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-PC Translator - c:\windows\UN32.EXE


.
Celkový čas: 2010-10-11 07:16:32
ComboFix-quarantined-files.txt 2010-10-11 05:16
ComboFix2.txt 2010-10-08 09:49

Před spuštěním: Volných bajtů: 48 940 208 128
Po spuštění: Volných bajtů: 48 933 830 656

- - End Of File - - 9C4AB65530EE28477FE93C0A48E32A2E

[Hurvajz.]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:55, on 11.10.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
E:\Instalace\Antiviry\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ursus.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\VKubecek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\VKubecek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Rocky2Xerox_S2P] C:\Program Files\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\vkubecek\locals~1\temp\cdm\{d8265abe-b477-4e89-8261-4ea1363749a1}\STacSV.exe (file missing)

--
End of file - 6879 bytes

[memphisto]

v logu fixni:
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\VKubecek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\VKubecek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

---

dej start - spustit - services.msc - najdi a ukonči/zakaž tuto službu:
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\vkubecek\locals~1\temp\cdm\{d8265abe-b477-4e89-8261-4ea1363749a1}\STacSV.exe (file missing)

---

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

---

Jak se chová PC?

[Hurvajz.]

Sequencher běží stále někde na pozadí...

[memphisto]

Tak tohle viry nebude K čemu je ten program dobrý?

[Hurvajz.]

Je to program na editování DNA. Potřebuju to do práce...