Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:44, on 14.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ch_utility.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\KN_StrongDC\StrongDC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.13-delta.exe
e:\cff181c1a22cae7748df569c48751bc4\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr\Dokumenty\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: KN StrongDC.lnk = C:\Program Files\KN_StrongDC\StrongDC.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Chrontel TV.lnk = C:\WINDOWS\system32\ch_utility.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.idnes.cz/
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7989 bytes
Prosim o kontrolu logu
- kul1k
- Mírně pokročilý
-
- Registrován: 03. úno 2006
- Bydliště: Dolní Dobrouč, Purkyňovy koleje Brno
Prosim o kontrolu logu
NB:Acer Aspire V3 571G
- jan.svoboda
- Středně pokročilý
-
- Registrován: 25. pro 2009
- Bydliště: Chrudim
Re: Prosim o kontrolu logu
Ahoj, log se mi zdá v pořádku. Je s PC nějaký problém?
Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
- kul1k
- Mírně pokročilý
-
- Registrován: 03. úno 2006
- Bydliště: Dolní Dobrouč, Purkyňovy koleje Brno
Re: Prosim o kontrolu logu
uno zdalo se mi nejake zpomalene je to starsi kram, jen sem chtel vedet jestli tam neni nejakej balast 
takze timto dekuji
takze timto dekuji NB:Acer Aspire V3 571G
- jan.svoboda
- Středně pokročilý
-
- Registrován: 25. pro 2009
- Bydliště: Chrudim
Re: Prosim o kontrolu logu
Nemáš za co 
Můžeš zkusit Ccleaner (nebo ručně promazat temp apod.) - určitě ale nedoporučuji jiná systémová tunidla
Můžeš zkusit Ccleaner (nebo ručně promazat temp apod.) - určitě ale nedoporučuji jiná systémová tunidla Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
- davidek
- Začátečník
-
- Registrován: 18. bře 2005
- Bydliště: okolo hradce
Re: Prosim o kontrolu logu
že se ptám, je toto též v pořádku, nějak mě to hlava nebere 
ComboFix 10-12-23.05 - Regarden 24.12.2010 16:44:37.1.1 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.2046.1072 [GMT 1:00]
Spuštěný z: c:\users\Regarden\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-24 do 2010-12-24 )))))))))))))))))))))))))))))))
.
2010-12-24 15:52 . 2010-12-24 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 15:01 . 2010-12-24 15:01 -------- d-----w- c:\program files (x86)\Panda Security
2010-12-21 22:00 . 2010-12-21 22:00 -------- d-----w- c:\program files (x86)\UIC Phoenxsoftware
2010-12-15 08:36 . 2010-10-28 13:27 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 08:36 . 2010-10-28 15:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 08:36 . 2010-06-16 15:30 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-12-15 08:36 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"StartCCC"="c:\program files (x86)\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 126520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
S3 CX88VID;WinFast CX2388x AvStream Driver;c:\windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 20480]
S4 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - AvgLdx64
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
2010-01-20 c:\windows\Tasks\WebReg .job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {D7D12AF4-EA2A-4658-958B-C6341D47A812} = 192.168.1.1,82.150.180.253
FF - ProfilePath - c:\users\Regarden\AppData\Roaming\Mozilla\Firefox\Profiles\4ef455hi.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1585377951-206695507-3891071100-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,cf,ff,fa,47,aa,2e,d3,38,30,37,3b,c1,95,b4,a0,48,8a,b8,fe,54,
45,41,8f,e5,ad,73,a1,9d,cd,72,ba,3f,c5,20,99,f7,df,2d,44,93,1e,b4,23,03,45,\
"rkeysecu"=hex:36,75,49,c5,54,d4,3e,ed,09,6a,99,c7,fb,58,c3,a8
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-24 16:58:00
ComboFix-quarantined-files.txt 2010-12-24 15:58
Před spuštěním: 1 007 775 744
Po spuštění: 2 118 356 992
- - End Of File - - 699E6969857C24318FD79CB4361478A5
ComboFix 10-12-23.05 - Regarden 24.12.2010 16:44:37.1.1 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.420.1029.18.2046.1072 [GMT 1:00]
Spuštěný z: c:\users\Regarden\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-24 do 2010-12-24 )))))))))))))))))))))))))))))))
.
2010-12-24 15:52 . 2010-12-24 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 15:01 . 2010-12-24 15:01 -------- d-----w- c:\program files (x86)\Panda Security
2010-12-21 22:00 . 2010-12-21 22:00 -------- d-----w- c:\program files (x86)\UIC Phoenxsoftware
2010-12-15 08:36 . 2010-10-28 13:27 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 08:36 . 2010-10-28 15:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 08:36 . 2010-06-16 15:30 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-12-15 08:36 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"StartCCC"="c:\program files (x86)\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 126520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
S3 CX88VID;WinFast CX2388x AvStream Driver;c:\windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 20480]
S4 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - AvgLdx64
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
2010-01-20 c:\windows\Tasks\WebReg .job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 19:42]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {D7D12AF4-EA2A-4658-958B-C6341D47A812} = 192.168.1.1,82.150.180.253
FF - ProfilePath - c:\users\Regarden\AppData\Roaming\Mozilla\Firefox\Profiles\4ef455hi.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1585377951-206695507-3891071100-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,cf,ff,fa,47,aa,2e,d3,38,30,37,3b,c1,95,b4,a0,48,8a,b8,fe,54,
45,41,8f,e5,ad,73,a1,9d,cd,72,ba,3f,c5,20,99,f7,df,2d,44,93,1e,b4,23,03,45,\
"rkeysecu"=hex:36,75,49,c5,54,d4,3e,ed,09,6a,99,c7,fb,58,c3,a8
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-24 16:58:00
ComboFix-quarantined-files.txt 2010-12-24 15:58
Před spuštěním: 1 007 775 744
Po spuštění: 2 118 356 992
- - End Of File - - 699E6969857C24318FD79CB4361478A5
Pentium 4400 - B150M-D3V - 1x8gb kingston - SSD 850 240gb - SS 400ET-F3
celeron 420 1,6-2,6ghz, gigabyte p31-ds3l, 2x1gb kingston 800mhz- nebyla to štastná volba,
samsung 321kj 320gb, ati hd 2600xt 256mb, SS 400ET - F3, tv, karta, wifi, 1xdvd,1cd mechanika
celeron 420 1,6-2,6ghz, gigabyte p31-ds3l, 2x1gb kingston 800mhz- nebyla to štastná volba,
samsung 321kj 320gb, ati hd 2600xt 256mb, SS 400ET - F3, tv, karta, wifi, 1xdvd,1cd mechanika
- jan.svoboda
- Středně pokročilý
-
- Registrován: 25. pro 2009
- Bydliště: Chrudim
Re: Prosim o kontrolu logu
Ahoj, log též vypadá v pořádku Btw. Pro kontrolní skeny doporučuji RSIT, návod viz. můj podpis - ComboFix je pro preventivky poměrně velkej kalibr
Btw. Pro kontrolní skeny doporučuji RSIT, návod viz. můj podpis - ComboFix je pro preventivky poměrně velkej kalibr Zde na foru již nejsem aktivní, vyskytuji se na Google+ (http://gplus.to/JanSvoboda), kde aktivně píšu nejen o IT.
- davidek
- Začátečník
-
- Registrován: 18. bře 2005
- Bydliště: okolo hradce
Re: Prosim o kontrolu logu
njn, na začátku stálo: velmi silný s automatickým smazáním - tomu se nedalo odolat
tak pro mě bude nejspíš vše kalibr
je to tak správně rsit:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Regarden at 2010-12-27 22:15:59
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 305 MB (1%) free of 40 GB
Total RAM: 2046 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:45, on 27.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Regarden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D12AF4-EA2A-4658-958B-C6341D47A812}: NameServer = 192.168.1.1,82.150.180.253
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7086 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {E5CCC61C-1D41-4E14-B5E5-0A1FF914B594}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {B7C7A711-F157-415A-9AEC-E8C58BE4F443}
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c839a489-c9a0-4d33-89ec-156159a3f4ae -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7749862d-0bb1-4381-b06f-7c9be8bc501e -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-af3b1a97-0af6-434f-a2d1-52e2bfaba750 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:35e3eae4-7a9e-4921-bb4f-d7a8126a9e10
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\ehome\ehsched.exe
"C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe"
C:\Windows\ehome\ehRecvr.exe
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{B57B808D-78FC-43B1-92FE-458FD32414A7}
{DD96A49B-D4A1-4D7D-99FA-020653F565C6}
{F7161CEF-B71D-4BC3-A1E8-EF71438F2B20}
splwow64
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"Taskmgr.exe"
"C:\Users\Regarden\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\WebReg .job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"NokiaOviSuite2"=C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
"ICQ"=C:\Program Files (x86)\ICQ7.2\ICQ.exe [2010-10-27 133432]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"StartCCC"=C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-12-27 22:16:00 ----D---- C:\Program Files\trend micro
2010-12-27 22:15:59 ----D---- C:\rsit
2010-12-27 14:31:49 ----D---- C:\Program Files (x86)\Adobe
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-12-25 13:48:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-12-25 13:48:26 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-12-25 13:48:23 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-12-25 13:48:22 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2010-12-25 13:48:22 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-12-25 13:48:20 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-12-25 13:48:18 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2010-12-25 13:48:18 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-12-24 21:34:40 ----D---- C:\Program Files\CCleaner
2010-12-24 21:34:04 ----SHD---- C:\$RECYCLE.BIN
2010-12-24 16:58:02 ----D---- C:\Windows\temp
2010-12-24 16:58:01 ----A---- C:\ComboFix.txt
2010-12-24 16:43:05 ----A---- C:\Windows\zip.exe
2010-12-24 16:43:05 ----A---- C:\Windows\SWSC.exe
2010-12-24 16:43:05 ----A---- C:\Windows\SWREG.exe
2010-12-24 16:43:05 ----A---- C:\Windows\sed.exe
2010-12-24 16:43:05 ----A---- C:\Windows\PEV.exe
2010-12-24 16:43:05 ----A---- C:\Windows\NIRCMD.exe
2010-12-24 16:43:05 ----A---- C:\Windows\MBR.exe
2010-12-24 16:43:05 ----A---- C:\Windows\grep.exe
2010-12-24 16:42:57 ----D---- C:\Windows\ERDNT
2010-12-24 16:42:55 ----D---- C:\ComboFix
2010-12-24 16:42:28 ----A---- C:\Windows\SWXCACLS.exe
2010-12-24 16:38:17 ----D---- C:\Qoobox
2010-12-24 16:06:43 ----A---- C:\Windows\system32\drivers\pavboot64.sys
2010-12-24 16:01:52 ----D---- C:\Program Files (x86)\Panda Security
2010-12-21 23:00:08 ----D---- C:\Program Files (x86)\UIC Phoenxsoftware
2010-12-15 09:36:24 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 09:36:22 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-15 09:36:22 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 09:36:21 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2010-12-15 09:36:21 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-15 09:36:21 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 09:36:21 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 09:36:10 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-15 09:36:10 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 09:35:48 ----A---- C:\Windows\system32\consent.exe
2010-12-15 09:35:45 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 09:35:44 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 09:35:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-15 09:35:43 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 09:35:43 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 09:35:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2010-12-15 09:35:41 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 09:35:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-15 09:35:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\occache.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 09:35:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 09:35:38 ----A---- C:\Windows\system32\iesetup.dll
2010-12-15 09:35:38 ----A---- C:\Windows\system32\iernonce.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\occache.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-15 09:35:37 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-15 09:35:37 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2010-12-15 09:35:36 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-15 09:35:29 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 09:35:29 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 09:35:29 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 09:35:28 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-15 09:35:28 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-15 09:35:28 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 09:35:28 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 09:35:27 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
======List of files/folders modified in the last 1 months======
2010-12-27 22:16:28 ----D---- C:\Windows\Prefetch
2010-12-27 22:16:00 ----RD---- C:\Program Files
2010-12-27 14:34:07 ----SD---- C:\Users\Regarden\AppData\Roaming\Microsoft
2010-12-27 14:34:07 ----D---- C:\Users\Regarden\AppData\Roaming\Adobe
2010-12-27 14:32:18 ----SHD---- C:\Windows\Installer
2010-12-27 14:32:09 ----D---- C:\Config.Msi
2010-12-27 14:31:50 ----D---- C:\ProgramData\Adobe
2010-12-27 14:31:49 ----RD---- C:\Program Files (x86)
2010-12-27 14:31:20 ----D---- C:\Windows\SysWOW64
2010-12-27 14:31:10 ----SHD---- C:\System Volume Information
2010-12-27 10:02:03 ----D---- C:\Windows\System32
2010-12-27 10:02:03 ----D---- C:\Windows\inf
2010-12-27 10:02:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-27 08:49:26 ----D---- C:\Users\Regarden\AppData\Roaming\ICQ
2010-12-26 12:41:45 ----D---- C:\Users\Regarden\AppData\Roaming\Cestak
2010-12-25 21:27:07 ----D---- C:\Windows
2010-12-25 13:47:55 ----RSD---- C:\Windows\assembly
2010-12-25 08:58:41 ----D---- C:\Windows\rescache
2010-12-24 21:44:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-24 21:43:34 ----D---- C:\Windows\Debug
2010-12-24 21:34:11 ----D---- C:\download
2010-12-24 21:24:46 ----D---- C:\Windows\winsxs
2010-12-24 21:22:35 ----D---- C:\Windows\system32\drivers
2010-12-24 21:22:32 ----D---- C:\Windows\system32\catroot
2010-12-24 21:16:48 ----D---- C:\Windows\system32\catroot2
2010-12-24 16:53:29 ----A---- C:\Windows\system.ini
2010-12-24 16:49:25 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-24 16:49:25 ----D---- C:\Windows\AppPatch
2010-12-24 16:49:21 ----D---- C:\Program Files\Common Files
2010-12-24 16:49:21 ----D---- C:\Program Files (x86)\Common Files
2010-12-24 16:42:08 ----D---- C:\ProgramData
2010-12-24 09:50:04 ----D---- C:\Program Files (x86)\Steam
2010-12-16 00:10:54 ----D---- C:\Program Files\Windows Mail
2010-12-16 00:10:54 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-16 00:10:53 ----D---- C:\Windows\SYSWOW64\migration
2010-12-16 00:10:53 ----D---- C:\Program Files\Internet Explorer
2010-12-16 00:10:53 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-16 00:10:52 ----D---- C:\Windows\system32\migration
2010-12-16 00:10:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-16 00:10:50 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 09:39:31 ----A---- C:\Windows\system32\mrt.exe
2010-12-10 22:34:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 160744]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 122384]
R3 CX88VID;WinFast CX2388x AvStream Driver; C:\Windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
R3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2009-10-26 20480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2010-06-23 318568]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 108544]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 694272]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 34816]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 7936]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 203264]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2009-11-09 126520]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-18 403240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
-----------------EOF-----------------
//jan.svoboda - Díky za připomínku k mému návodu, doplním info ke ComboFixu Na log ještě mrknu.
tak pro mě bude nejspíš vše kalibr
je to tak správně rsit:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Regarden at 2010-12-27 22:15:59
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 305 MB (1%) free of 40 GB
Total RAM: 2046 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:45, on 27.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Regarden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7D12AF4-EA2A-4658-958B-C6341D47A812}: NameServer = 192.168.1.1,82.150.180.253
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7086 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {E5CCC61C-1D41-4E14-B5E5-0A1FF914B594}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {B7C7A711-F157-415A-9AEC-E8C58BE4F443}
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c839a489-c9a0-4d33-89ec-156159a3f4ae -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7749862d-0bb1-4381-b06f-7c9be8bc501e -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-af3b1a97-0af6-434f-a2d1-52e2bfaba750 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:35e3eae4-7a9e-4921-bb4f-d7a8126a9e10
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\ehome\ehsched.exe
"C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe"
C:\Windows\ehome\ehRecvr.exe
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{B57B808D-78FC-43B1-92FE-458FD32414A7}
{DD96A49B-D4A1-4D7D-99FA-020653F565C6}
{F7161CEF-B71D-4BC3-A1E8-EF71438F2B20}
splwow64
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"Taskmgr.exe"
"C:\Users\Regarden\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\WebReg .job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"NokiaOviSuite2"=C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
"ICQ"=C:\Program Files (x86)\ICQ7.2\ICQ.exe [2010-10-27 133432]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"StartCCC"=C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-12-27 22:16:00 ----D---- C:\Program Files\trend micro
2010-12-27 22:15:59 ----D---- C:\rsit
2010-12-27 14:31:49 ----D---- C:\Program Files (x86)\Adobe
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2010-12-25 13:48:28 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-12-25 13:48:28 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-12-25 13:48:27 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-12-25 13:48:26 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-12-25 13:48:26 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-12-25 13:48:25 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-12-25 13:48:24 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-12-25 13:48:23 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-12-25 13:48:23 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-12-25 13:48:22 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2010-12-25 13:48:22 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-12-25 13:48:21 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-12-25 13:48:20 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-12-25 13:48:20 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-12-25 13:48:19 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-12-25 13:48:18 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2010-12-25 13:48:18 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-12-24 21:34:40 ----D---- C:\Program Files\CCleaner
2010-12-24 21:34:04 ----SHD---- C:\$RECYCLE.BIN
2010-12-24 16:58:02 ----D---- C:\Windows\temp
2010-12-24 16:58:01 ----A---- C:\ComboFix.txt
2010-12-24 16:43:05 ----A---- C:\Windows\zip.exe
2010-12-24 16:43:05 ----A---- C:\Windows\SWSC.exe
2010-12-24 16:43:05 ----A---- C:\Windows\SWREG.exe
2010-12-24 16:43:05 ----A---- C:\Windows\sed.exe
2010-12-24 16:43:05 ----A---- C:\Windows\PEV.exe
2010-12-24 16:43:05 ----A---- C:\Windows\NIRCMD.exe
2010-12-24 16:43:05 ----A---- C:\Windows\MBR.exe
2010-12-24 16:43:05 ----A---- C:\Windows\grep.exe
2010-12-24 16:42:57 ----D---- C:\Windows\ERDNT
2010-12-24 16:42:55 ----D---- C:\ComboFix
2010-12-24 16:42:28 ----A---- C:\Windows\SWXCACLS.exe
2010-12-24 16:38:17 ----D---- C:\Qoobox
2010-12-24 16:06:43 ----A---- C:\Windows\system32\drivers\pavboot64.sys
2010-12-24 16:01:52 ----D---- C:\Program Files (x86)\Panda Security
2010-12-21 23:00:08 ----D---- C:\Program Files (x86)\UIC Phoenxsoftware
2010-12-15 09:36:24 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 09:36:22 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-15 09:36:22 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 09:36:21 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2010-12-15 09:36:21 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-15 09:36:21 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 09:36:21 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 09:36:10 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-15 09:36:10 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 09:35:48 ----A---- C:\Windows\system32\consent.exe
2010-12-15 09:35:45 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 09:35:44 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 09:35:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-15 09:35:43 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 09:35:43 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 09:35:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-15 09:35:41 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2010-12-15 09:35:41 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 09:35:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-15 09:35:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 09:35:40 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-15 09:35:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\occache.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 09:35:39 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 09:35:39 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 09:35:38 ----A---- C:\Windows\system32\iesetup.dll
2010-12-15 09:35:38 ----A---- C:\Windows\system32\iernonce.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\occache.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-15 09:35:37 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-15 09:35:37 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-15 09:35:37 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2010-12-15 09:35:36 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2010-12-15 09:35:36 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-15 09:35:29 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 09:35:29 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 09:35:29 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 09:35:28 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-15 09:35:28 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-15 09:35:28 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 09:35:28 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 09:35:27 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
======List of files/folders modified in the last 1 months======
2010-12-27 22:16:28 ----D---- C:\Windows\Prefetch
2010-12-27 22:16:00 ----RD---- C:\Program Files
2010-12-27 14:34:07 ----SD---- C:\Users\Regarden\AppData\Roaming\Microsoft
2010-12-27 14:34:07 ----D---- C:\Users\Regarden\AppData\Roaming\Adobe
2010-12-27 14:32:18 ----SHD---- C:\Windows\Installer
2010-12-27 14:32:09 ----D---- C:\Config.Msi
2010-12-27 14:31:50 ----D---- C:\ProgramData\Adobe
2010-12-27 14:31:49 ----RD---- C:\Program Files (x86)
2010-12-27 14:31:20 ----D---- C:\Windows\SysWOW64
2010-12-27 14:31:10 ----SHD---- C:\System Volume Information
2010-12-27 10:02:03 ----D---- C:\Windows\System32
2010-12-27 10:02:03 ----D---- C:\Windows\inf
2010-12-27 10:02:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-27 08:49:26 ----D---- C:\Users\Regarden\AppData\Roaming\ICQ
2010-12-26 12:41:45 ----D---- C:\Users\Regarden\AppData\Roaming\Cestak
2010-12-25 21:27:07 ----D---- C:\Windows
2010-12-25 13:47:55 ----RSD---- C:\Windows\assembly
2010-12-25 08:58:41 ----D---- C:\Windows\rescache
2010-12-24 21:44:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-24 21:43:34 ----D---- C:\Windows\Debug
2010-12-24 21:34:11 ----D---- C:\download
2010-12-24 21:24:46 ----D---- C:\Windows\winsxs
2010-12-24 21:22:35 ----D---- C:\Windows\system32\drivers
2010-12-24 21:22:32 ----D---- C:\Windows\system32\catroot
2010-12-24 21:16:48 ----D---- C:\Windows\system32\catroot2
2010-12-24 16:53:29 ----A---- C:\Windows\system.ini
2010-12-24 16:49:25 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-24 16:49:25 ----D---- C:\Windows\AppPatch
2010-12-24 16:49:21 ----D---- C:\Program Files\Common Files
2010-12-24 16:49:21 ----D---- C:\Program Files (x86)\Common Files
2010-12-24 16:42:08 ----D---- C:\ProgramData
2010-12-24 09:50:04 ----D---- C:\Program Files (x86)\Steam
2010-12-16 00:10:54 ----D---- C:\Program Files\Windows Mail
2010-12-16 00:10:54 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-16 00:10:53 ----D---- C:\Windows\SYSWOW64\migration
2010-12-16 00:10:53 ----D---- C:\Program Files\Internet Explorer
2010-12-16 00:10:53 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-16 00:10:52 ----D---- C:\Windows\system32\migration
2010-12-16 00:10:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-16 00:10:50 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 09:39:31 ----A---- C:\Windows\system32\mrt.exe
2010-12-10 22:34:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 160744]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 122384]
R3 CX88VID;WinFast CX2388x AvStream Driver; C:\Windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
R3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2009-10-26 20480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2010-06-23 318568]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 108544]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 694272]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 34816]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 7936]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 203264]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2009-11-09 126520]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 27648]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-18 403240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
-----------------EOF-----------------
//jan.svoboda - Díky za připomínku k mému návodu, doplním info ke ComboFixu
Na log ještě mrknu.Pentium 4400 - B150M-D3V - 1x8gb kingston - SSD 850 240gb - SS 400ET-F3
celeron 420 1,6-2,6ghz, gigabyte p31-ds3l, 2x1gb kingston 800mhz- nebyla to štastná volba,
samsung 321kj 320gb, ati hd 2600xt 256mb, SS 400ET - F3, tv, karta, wifi, 1xdvd,1cd mechanika
celeron 420 1,6-2,6ghz, gigabyte p31-ds3l, 2x1gb kingston 800mhz- nebyla to štastná volba,
samsung 321kj 320gb, ati hd 2600xt 256mb, SS 400ET - F3, tv, karta, wifi, 1xdvd,1cd mechanika