Ahoj, chtel bych poprosit o kontrolu HL. System se mi dneska nejak nezda, vsechno si bere nejak moc pameti. Nevim cim to je. Ale Vista mi dneska proste stale podava hlasky ze mam malo pameti a at zavru nejaky vokna. Hlasi si to jak se ji zlibi : Winamp, IE, Photoshop, pruzkumnika...
Jak se zda tak slo ale o chvilkovy problem. ted uz mi to nedela
Dyztak mam i log z ComboFixu...
Logfile of HijackThis v1.99.1
Scan saved at 17:07:03, on 4.12.2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Users\Architegt\Downloads\hijackthis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [change!t] C:\Users\Architegt\Inst.Odpad\changeit\changeit.exe /startos
O4 - HKCU\..\Run: [Yodm3D] C:\Users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm012YYCZ
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Díky moc
Prosím o prev.kontrolu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o prev.kontrolu
Odinstaluj:
MyWebSearch Search
Pokud tam máš něco v přidat/odebrat programy , co se týká Symantec/Norton odinstaluj taky...
Zastav v procesech:
PIFSvc.exe
ccSvcHst.exe
to samé i ve službách.
Poté najdi a smaž celou složku:
C:\Program Files\Common Files\Symantec Shared
Pak fixni v HJT ( poznámka stáhni si novější verzi HJT ( v.2.0.2)
http://www.trendsecure.com/portal/en-US ... ckThis.exe
vyčisti systém CCleanerem
a RegCleanerem
Poté vlož sem nový log z HJT.
MyWebSearch Search
Pokud tam máš něco v přidat/odebrat programy , co se týká Symantec/Norton odinstaluj taky...
Zastav v procesech:
PIFSvc.exe
ccSvcHst.exe
to samé i ve službách.
Poté najdi a smaž celou složku:
C:\Program Files\Common Files\Symantec Shared
Pak fixni v HJT ( poznámka stáhni si novější verzi HJT ( v.2.0.2)
http://www.trendsecure.com/portal/en-US ... ckThis.exe
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm012YYCZ
O13 - Gopher Prefix:
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
vyčisti systém CCleanerem
a RegCleanerem
Poté vlož sem nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o prev.kontrolu
Abych rekl pravdu, pripadam si ted trosku hloupe.
1.MyWebSearch Search - To uz mi nasel i Eset, hodil do karanteny, v celym pocitaci jsem nenasel nic jineho co se tyce tohoto nazvu krome slozky C:\Qoobox\Quarantine\C\Program Files\MyWebSearch .Kterou tedy mohu normalne vymazat (ma neco okolo 3 MB). Mám ji teda smazat?
2. Symnatec/norton jsem nenasel nic (vse delam pres CCleaner).
3. V procecesech jsem zastavil pouze PIFSvc.exe
ccSvcHst jsem nikde nenasel (v procesech-ani CCleaner, msconfig, spravce uloh) leda kdyz jsem dal hledat v pc tak mi ho nasel v C:\SwSetup\NIS07\CS\Support\ccCommon\ccCommon . V sluzbach (ms config) jsem nasel pouze LiveUpdate Notice service - a to jsem vypnul, jinak nic jineho. (nehledal jsem v Microsoft sluzbach)
4: Tuto slozku jsem nasel, avsak kdyz ji chci smazat zepta se me na opravneni, a pak mi rekne ze ji neni mozne smazat z duvodu: K provedení této akce je nutné oprávnění. Přitom to hezky odkliknu jako administrator(mam jeden ucet).
5.Stahnul jsem si ho ale hazi mi chybu. Konkretne 4 chyby za sebou viz obrazek.
CCleaner jsem pouzil. Uz pred vyjetim Hjt Logu. Mam to udelat znova a jeste navic stimhle regcleanerem??
1.MyWebSearch Search - To uz mi nasel i Eset, hodil do karanteny, v celym pocitaci jsem nenasel nic jineho co se tyce tohoto nazvu krome slozky C:\Qoobox\Quarantine\C\Program Files\MyWebSearch .Kterou tedy mohu normalne vymazat (ma neco okolo 3 MB). Mám ji teda smazat?
2. Symnatec/norton jsem nenasel nic (vse delam pres CCleaner).
3. V procecesech jsem zastavil pouze PIFSvc.exe
ccSvcHst jsem nikde nenasel (v procesech-ani CCleaner, msconfig, spravce uloh) leda kdyz jsem dal hledat v pc tak mi ho nasel v C:\SwSetup\NIS07\CS\Support\ccCommon\ccCommon . V sluzbach (ms config) jsem nasel pouze LiveUpdate Notice service - a to jsem vypnul, jinak nic jineho. (nehledal jsem v Microsoft sluzbach)
4: Tuto slozku jsem nasel, avsak kdyz ji chci smazat zepta se me na opravneni, a pak mi rekne ze ji neni mozne smazat z duvodu: K provedení této akce je nutné oprávnění. Přitom to hezky odkliknu jako administrator(mam jeden ucet).
5.Stahnul jsem si ho ale hazi mi chybu. Konkretne 4 chyby za sebou viz obrazek.
CCleaner jsem pouzil. Uz pred vyjetim Hjt Logu. Mam to udelat znova a jeste navic stimhle regcleanerem??
- Přílohy
-
Naposledy upravil(a) Architegt dne 04 pro 2008 18:55, celkem upraveno 1 x.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o prev.kontrolu
Vlož sem nový log z Combofixu.
Přečti si , co mám v podpisu.
Přečti si , co mám v podpisu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o prev.kontrolu
Sna jsem vse udelal spravne. Jedine co jsem neudelal bylo to, ze jsem nevypnul Antivirus (eset) - kdyby to byl problem udelam to znova bez nej
ComboFix 08-12-03.04 - Architegt 2008-12-04 19:05:38.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.1022 [GMT 1:00]
Spuštěný z: c:\users\Architegt\Downloads\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\Solt Lake Software
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081202080619999.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081202171148874.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081202214330798.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081203085951152.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
c:\windows\icon.ico
c:\windows\system32\x64
F:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-04 do 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 19:01 . 2008-12-04 19:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\users\All Users\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\programdata\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-04 17:40 . 2008-12-04 17:40 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-12-04 17:40 . 2008-12-04 17:40 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-12-04 17:40 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-12-04 17:40 . 2008-12-04 17:40 28 --a------ c:\windows\Lic.xxx
2008-12-04 09:30 . 2008-12-04 17:40 <DIR> dr------- c:\users\Architegt\Documenty
2008-12-04 08:54 . 2008-12-04 08:54 <DIR> d-------- c:\users\Architegt\AppData\Roaming\GHISLER
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-12-03 09:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 09:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 09:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 09:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 09:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 09:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 09:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 09:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 09:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-02 13:26 . 2008-12-04 09:27 <DIR> dr------- c:\users\Architegt\Inst.Odpad
2008-11-30 13:59 . 2008-12-01 17:08 <DIR> d-------- c:\users\Architegt\AppData\Roaming\LimeWire
2008-11-29 18:33 . 2008-11-29 18:33 <DIR> d-------- c:\program files\Network Stumbler
2008-11-29 18:26 . 2008-12-02 13:27 <DIR> d-------- c:\program files\WhatPulse
2008-11-26 17:00 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 17:00 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 17:00 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 17:00 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 17:00 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\users\All Users\Stardock
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\programdata\Stardock
2008-11-23 10:39 . 2008-11-23 10:39 3,932,214 --a------ c:\windows\Invader1280.bmp
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\users\All Users\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-11-23 10:38 <DIR> d-------- c:\program files\Stardock
2008-11-19 20:48 . 2008-11-23 11:36 <DIR> d-------- c:\users\Architegt\AppData\Roaming\MiniDm
2008-11-19 20:45 . 2008-11-19 20:46 <DIR> d-------- c:\program files\IEPro
2008-11-17 20:14 . 2008-11-17 20:15 <DIR> d-------- C:\My Web Sites
2008-11-14 12:48 . 2008-11-14 15:33 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-13 16:42 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 16:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 16:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-09 11:35 . 2008-11-09 11:35 <DIR> d-------- c:\program files\Western Digital Technologies
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\users\All Users\Nokia
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\programdata\Nokia
2008-11-07 19:39 . 2008-11-07 19:40 <DIR> d-------- C:\Mobil-Misa zaloha
2008-11-07 19:37 . 2008-11-07 19:38 <DIR> d-------- c:\users\Architegt\AppData\Roaming\PC Suite
2008-11-07 19:37 . 2008-12-03 13:31 <DIR> d-------- c:\users\Architegt\AppData\Roaming\Nokia
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\programdata\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-07 19:31 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-07 19:30 . 2008-11-07 19:30 <DIR> d-------- c:\program files\DIFX
2008-11-07 19:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-07 19:29 . 2008-11-07 19:30 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-07 19:29 . 2008-11-07 19:29 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\users\All Users\Installations
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\programdata\Installations
2008-11-07 19:27 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Nokia
2008-11-07 19:27 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 13:26 --------- d-----w c:\programdata\Roxio
2008-12-02 12:28 --------- d-----w c:\users\Architegt\AppData\Roaming\uTorrent
2008-12-02 12:22 --------- d-----w c:\program files\Ubisoft
2008-11-29 18:41 --------- d-----w c:\program files\World of Warcraft
2008-11-24 17:57 15,819,776 ----a-w c:\windows\System32\imageres.dll
2008-11-17 11:13 --------- d-----w c:\users\Architegt\AppData\Roaming\Winamp
2008-11-13 20:06 --------- d-----w c:\programdata\Microsoft Help
2008-11-09 13:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 08:06 --------- d-----w c:\program files\Common Files\Steam
2008-11-07 20:01 --------- d-----w c:\program files\Java
2008-11-07 18:24 --------- d-----w c:\program files\Winamp
2008-11-03 19:21 --------- d-----w c:\users\Architegt\AppData\Roaming\ICQ
2008-11-02 20:21 --------- d-----w c:\program files\ZyXEL
2008-10-31 09:23 --------- d-----w c:\program files\LittleFighter2
2008-10-29 23:41 --------- d-----w c:\program files\Windows Mail
2008-10-29 23:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-29 11:00 --------- d-----w c:\programdata\GrabJPG
2008-10-29 11:00 --------- d-----w c:\program files\GrabJPG
2008-10-29 08:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-29 08:19 --------- d-----w c:\programdata\ESET
2008-10-29 08:19 --------- d-----w c:\program files\ESET
2008-10-09 05:40 --------- d-----w c:\programdata\Symantec
2008-10-09 05:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-07 19:34 --------- d-----w c:\users\Architegt\AppData\Roaming\Hulubulu
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-18 13:16 720,896 ----a-w c:\windows\iun6002.exe
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-30 08:05 174 --sha-w c:\program files\desktop.ini
2008-04-23 13:57 316 ----a-w c:\users\Architegt\AppData\Roaming\lenovo_config.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 16:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-04 15:43 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-04_17.15.55,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-04 16:15:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-04 10:42:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-04 10:41:29 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-04 17:55:35 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-04 10:43:24 10,652 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
+ 2008-12-04 16:40:11 10,668 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
- 2008-12-04 10:43:24 101,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:11 101,682 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-04 06:17:19 51,180 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:08 51,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"change!t"="c:\users\Architegt\Inst.Odpad\changeit\changeit.exe" [2007-11-14 131072]
"Yodm3D"="c:\users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe" [2007-06-26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 09:04 49152 c:\windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Architegt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Architegt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
--a------ 2003-07-31 19:06 458752 c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\progra~1\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C2A3D6B-E4E2-47BF-903B-729F3943CF44}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEB1005-3AB3-454F-B258-19508EB0558E}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{DBCBCFCA-0896-4BDD-A47E-088A2B84E379}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{32394315-467C-4573-98F7-4B13BD151C0F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{EBAD30C8-BD82-443A-937E-3FD2E5B9CC8C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{04DB0871-4762-4D2A-85D6-D9E2166B0103}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{89879A03-F4EB-407E-97D0-DC16E62FC2F1}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{46AE93F1-3B53-4B2F-9553-9AF51ADAF97B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{4576315B-9D21-43F0-B6F4-FE2384E4FC9C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{60EC70D0-D0F2-4E52-8C19-79031E81F9E7}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{DA806E6B-A6A4-403D-A8B0-46EF2875A5F5}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{AADA60ED-DD72-4C64-AF15-62587BFE0D55}c:\\program files\\half-life 2\\hl2.exe"= UDP:c:\program files\half-life 2\hl2.exe:hl2
"UDP Query User{800B7ED1-874A-4505-9967-06EA46A36C28}c:\\program files\\half-life 2\\hl2.exe"= TCP:c:\program files\half-life 2\hl2.exe:hl2
"{8BB4648B-872D-41D5-8834-EB55E86EE006}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B65E6292-5DCF-41AA-8E41-A82017D948A4}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A48B92A-C0E1-492C-AA04-C9B3290255AB}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{154620DA-88CA-4599-8C72-3BB9EB6E1204}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{72257449-93E4-4D5E-8EC6-FFFEFD0DA3C1}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{667A2A1B-8063-4AFE-BBBE-003B0825C3EB}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{ABBD9863-5174-41D7-9F13-9E564023744F}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{C84C2480-7C47-498F-961D-E7DB7E1447A4}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{CECD053F-8507-492D-A518-DD90F325A14C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{043614DA-0F79-45D9-AD3D-6CCB10EE37A7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7733646D-E05C-41A7-BED4-37C6C58CEED9}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{DCEB1E83-D8BD-4DE3-9FC9-E00FBB0371F0}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0D733BBE-E030-43F4-8FE7-D718F0C4D501}c:\\program files\\counter strike 1.6 ns\\hl.exe"= UDP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"UDP Query User{8DFD4A25-268A-4810-9ADA-9A4D3077B9B9}c:\\program files\\counter strike 1.6 ns\\hl.exe"= TCP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"{6D89734F-3260-4269-BD48-E6198995D8A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5C576437-37FF-482A-BF84-9545346C6A8E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{2EAC3644-B2EF-4D4B-97EE-8F18A6B8ACF8}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{6AB04DED-0C3B-4843-89AE-3078B35B1ECE}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{82458A61-3172-4A4D-8F3A-3EC41C6CD157}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"UDP Query User{4175B85C-F445-41CE-B033-A2BA7E40FE5B}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"TCP Query User{D542B118-3A1A-4D05-A71F-1C977CA0638A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{35D33180-8721-4CA1-B0F4-C3374377B3F0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{CE83C7D6-7EFE-4BFA-BB4A-3346F2C7F5B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F838F75D-6F05-44FB-9CFB-225D30535370}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9E9CE595-FCDD-4817-8DF9-CE5A729366CE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{DAF26715-0D39-486D-AFA7-19854B1E8F05}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{02B1AB19-6610-4021-A768-C25091232714}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= UDP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{74BF750E-458E-4DC8-9CD8-86EF1DFDA79C}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= TCP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-24 72192]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-08-18 468224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-12-17 540448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-11-02 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-11-02 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-11-02 108675]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-12-17 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - k:\setup\rsrc\autorun.exe
\shell\dinstall\command - k:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec089f-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - I:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec08a1-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - J:\suppress_explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfe46d04-2b35-11dd-98ec-001a73ee2479}]
\shell\AutoRun\command - L:\suppress_explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2008-12-04 c:\windows\Tasks\User_Feed_Synchronization-{A6471A22-9E7A-482A-B0E1-E463600FAF0A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 19:10:23
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(1504)
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2008-12-04 19:12:00
ComboFix-quarantined-files.txt 2008-12-04 18:11:56
Před spuštěním: Volných bajtů: 39,962,308,608
Po spuštění: Volných bajtů: 39,888,867,328
364 --- E O F --- 2008-12-01 19:38:54
ComboFix 08-12-03.04 - Architegt 2008-12-04 19:05:38.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.1022 [GMT 1:00]
Spuštěný z: c:\users\Architegt\Downloads\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\Solt Lake Software
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081202080619999.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081202171148874.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081202214330798.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\LOG\20081203085951152.log
c:\programdata\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
c:\windows\icon.ico
c:\windows\system32\x64
F:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-04 do 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 19:01 . 2008-12-04 19:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\users\All Users\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\programdata\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-04 17:40 . 2008-12-04 17:40 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-12-04 17:40 . 2008-12-04 17:40 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-12-04 17:40 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-12-04 17:40 . 2008-12-04 17:40 28 --a------ c:\windows\Lic.xxx
2008-12-04 09:30 . 2008-12-04 17:40 <DIR> dr------- c:\users\Architegt\Documenty
2008-12-04 08:54 . 2008-12-04 08:54 <DIR> d-------- c:\users\Architegt\AppData\Roaming\GHISLER
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-12-03 09:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 09:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 09:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 09:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 09:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 09:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 09:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 09:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 09:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-02 13:26 . 2008-12-04 09:27 <DIR> dr------- c:\users\Architegt\Inst.Odpad
2008-11-30 13:59 . 2008-12-01 17:08 <DIR> d-------- c:\users\Architegt\AppData\Roaming\LimeWire
2008-11-29 18:33 . 2008-11-29 18:33 <DIR> d-------- c:\program files\Network Stumbler
2008-11-29 18:26 . 2008-12-02 13:27 <DIR> d-------- c:\program files\WhatPulse
2008-11-26 17:00 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 17:00 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 17:00 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 17:00 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 17:00 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\users\All Users\Stardock
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\programdata\Stardock
2008-11-23 10:39 . 2008-11-23 10:39 3,932,214 --a------ c:\windows\Invader1280.bmp
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\users\All Users\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-11-23 10:38 <DIR> d-------- c:\program files\Stardock
2008-11-19 20:48 . 2008-11-23 11:36 <DIR> d-------- c:\users\Architegt\AppData\Roaming\MiniDm
2008-11-19 20:45 . 2008-11-19 20:46 <DIR> d-------- c:\program files\IEPro
2008-11-17 20:14 . 2008-11-17 20:15 <DIR> d-------- C:\My Web Sites
2008-11-14 12:48 . 2008-11-14 15:33 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-13 16:42 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 16:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 16:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-09 11:35 . 2008-11-09 11:35 <DIR> d-------- c:\program files\Western Digital Technologies
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\users\All Users\Nokia
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\programdata\Nokia
2008-11-07 19:39 . 2008-11-07 19:40 <DIR> d-------- C:\Mobil-Misa zaloha
2008-11-07 19:37 . 2008-11-07 19:38 <DIR> d-------- c:\users\Architegt\AppData\Roaming\PC Suite
2008-11-07 19:37 . 2008-12-03 13:31 <DIR> d-------- c:\users\Architegt\AppData\Roaming\Nokia
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\programdata\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-07 19:31 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-07 19:30 . 2008-11-07 19:30 <DIR> d-------- c:\program files\DIFX
2008-11-07 19:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-07 19:29 . 2008-11-07 19:30 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-07 19:29 . 2008-11-07 19:29 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\users\All Users\Installations
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\programdata\Installations
2008-11-07 19:27 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Nokia
2008-11-07 19:27 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 13:26 --------- d-----w c:\programdata\Roxio
2008-12-02 12:28 --------- d-----w c:\users\Architegt\AppData\Roaming\uTorrent
2008-12-02 12:22 --------- d-----w c:\program files\Ubisoft
2008-11-29 18:41 --------- d-----w c:\program files\World of Warcraft
2008-11-24 17:57 15,819,776 ----a-w c:\windows\System32\imageres.dll
2008-11-17 11:13 --------- d-----w c:\users\Architegt\AppData\Roaming\Winamp
2008-11-13 20:06 --------- d-----w c:\programdata\Microsoft Help
2008-11-09 13:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 08:06 --------- d-----w c:\program files\Common Files\Steam
2008-11-07 20:01 --------- d-----w c:\program files\Java
2008-11-07 18:24 --------- d-----w c:\program files\Winamp
2008-11-03 19:21 --------- d-----w c:\users\Architegt\AppData\Roaming\ICQ
2008-11-02 20:21 --------- d-----w c:\program files\ZyXEL
2008-10-31 09:23 --------- d-----w c:\program files\LittleFighter2
2008-10-29 23:41 --------- d-----w c:\program files\Windows Mail
2008-10-29 23:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-29 11:00 --------- d-----w c:\programdata\GrabJPG
2008-10-29 11:00 --------- d-----w c:\program files\GrabJPG
2008-10-29 08:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-29 08:19 --------- d-----w c:\programdata\ESET
2008-10-29 08:19 --------- d-----w c:\program files\ESET
2008-10-09 05:40 --------- d-----w c:\programdata\Symantec
2008-10-09 05:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-07 19:34 --------- d-----w c:\users\Architegt\AppData\Roaming\Hulubulu
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-18 13:16 720,896 ----a-w c:\windows\iun6002.exe
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-30 08:05 174 --sha-w c:\program files\desktop.ini
2008-04-23 13:57 316 ----a-w c:\users\Architegt\AppData\Roaming\lenovo_config.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 16:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-04 15:43 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-04_17.15.55,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-04 16:15:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-04 10:42:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-04 10:41:29 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-04 17:55:35 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-04 10:43:24 10,652 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
+ 2008-12-04 16:40:11 10,668 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
- 2008-12-04 10:43:24 101,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:11 101,682 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-04 06:17:19 51,180 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:08 51,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"change!t"="c:\users\Architegt\Inst.Odpad\changeit\changeit.exe" [2007-11-14 131072]
"Yodm3D"="c:\users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe" [2007-06-26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 09:04 49152 c:\windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Architegt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Architegt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
--a------ 2003-07-31 19:06 458752 c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\progra~1\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C2A3D6B-E4E2-47BF-903B-729F3943CF44}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEB1005-3AB3-454F-B258-19508EB0558E}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{DBCBCFCA-0896-4BDD-A47E-088A2B84E379}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{32394315-467C-4573-98F7-4B13BD151C0F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{EBAD30C8-BD82-443A-937E-3FD2E5B9CC8C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{04DB0871-4762-4D2A-85D6-D9E2166B0103}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{89879A03-F4EB-407E-97D0-DC16E62FC2F1}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{46AE93F1-3B53-4B2F-9553-9AF51ADAF97B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{4576315B-9D21-43F0-B6F4-FE2384E4FC9C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{60EC70D0-D0F2-4E52-8C19-79031E81F9E7}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{DA806E6B-A6A4-403D-A8B0-46EF2875A5F5}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{AADA60ED-DD72-4C64-AF15-62587BFE0D55}c:\\program files\\half-life 2\\hl2.exe"= UDP:c:\program files\half-life 2\hl2.exe:hl2
"UDP Query User{800B7ED1-874A-4505-9967-06EA46A36C28}c:\\program files\\half-life 2\\hl2.exe"= TCP:c:\program files\half-life 2\hl2.exe:hl2
"{8BB4648B-872D-41D5-8834-EB55E86EE006}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B65E6292-5DCF-41AA-8E41-A82017D948A4}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A48B92A-C0E1-492C-AA04-C9B3290255AB}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{154620DA-88CA-4599-8C72-3BB9EB6E1204}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{72257449-93E4-4D5E-8EC6-FFFEFD0DA3C1}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{667A2A1B-8063-4AFE-BBBE-003B0825C3EB}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{ABBD9863-5174-41D7-9F13-9E564023744F}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{C84C2480-7C47-498F-961D-E7DB7E1447A4}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{CECD053F-8507-492D-A518-DD90F325A14C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{043614DA-0F79-45D9-AD3D-6CCB10EE37A7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7733646D-E05C-41A7-BED4-37C6C58CEED9}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{DCEB1E83-D8BD-4DE3-9FC9-E00FBB0371F0}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0D733BBE-E030-43F4-8FE7-D718F0C4D501}c:\\program files\\counter strike 1.6 ns\\hl.exe"= UDP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"UDP Query User{8DFD4A25-268A-4810-9ADA-9A4D3077B9B9}c:\\program files\\counter strike 1.6 ns\\hl.exe"= TCP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"{6D89734F-3260-4269-BD48-E6198995D8A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5C576437-37FF-482A-BF84-9545346C6A8E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{2EAC3644-B2EF-4D4B-97EE-8F18A6B8ACF8}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{6AB04DED-0C3B-4843-89AE-3078B35B1ECE}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{82458A61-3172-4A4D-8F3A-3EC41C6CD157}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"UDP Query User{4175B85C-F445-41CE-B033-A2BA7E40FE5B}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"TCP Query User{D542B118-3A1A-4D05-A71F-1C977CA0638A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{35D33180-8721-4CA1-B0F4-C3374377B3F0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{CE83C7D6-7EFE-4BFA-BB4A-3346F2C7F5B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F838F75D-6F05-44FB-9CFB-225D30535370}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9E9CE595-FCDD-4817-8DF9-CE5A729366CE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{DAF26715-0D39-486D-AFA7-19854B1E8F05}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{02B1AB19-6610-4021-A768-C25091232714}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= UDP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{74BF750E-458E-4DC8-9CD8-86EF1DFDA79C}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= TCP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-24 72192]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-08-18 468224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-12-17 540448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-11-02 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-11-02 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-11-02 108675]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-12-17 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - k:\setup\rsrc\autorun.exe
\shell\dinstall\command - k:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec089f-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - I:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec08a1-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - J:\suppress_explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfe46d04-2b35-11dd-98ec-001a73ee2479}]
\shell\AutoRun\command - L:\suppress_explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2008-12-04 c:\windows\Tasks\User_Feed_Synchronization-{A6471A22-9E7A-482A-B0E1-E463600FAF0A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 19:10:23
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(1504)
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2008-12-04 19:12:00
ComboFix-quarantined-files.txt 2008-12-04 18:11:56
Před spuštěním: Volných bajtů: 39,962,308,608
Po spuštění: Volných bajtů: 39,888,867,328
364 --- E O F --- 2008-12-01 19:38:54
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o prev.kontrolu
Tak vypni antivirus.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\Lic.xxx
c:\windows\iun6002.exe
Folder::
c:\program files\Common Files\Symantec Shared
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o prev.kontrolu
oprava hodnoty klíče výše...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o prev.kontrolu
ComboFix 08-12-03.04 - Architegt 2008-12-04 20:44:18.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.929 [GMT 1:00]
Spuštěný z: c:\users\Architegt\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Architegt\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\iun6002.exe
c:\windows\Lic.xxx
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Firewall\AppendRules.xml
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\05\01\AlertEng.loc
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.spm
c:\windows\iun6002.exe
c:\windows\Lic.xxx
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-04 do 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 19:27 . 2008-12-04 19:27 <DIR> d-------- c:\program files\RegCleaner
2008-12-04 19:01 . 2008-12-04 19:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\users\All Users\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\programdata\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-04 17:40 . 2008-12-04 17:40 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-12-04 17:40 . 2008-12-04 17:40 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-12-04 17:40 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-12-04 09:30 . 2008-12-04 17:40 <DIR> dr------- c:\users\Architegt\Documenty
2008-12-04 08:54 . 2008-12-04 08:54 <DIR> d-------- c:\users\Architegt\AppData\Roaming\GHISLER
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-12-03 09:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 09:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 09:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 09:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 09:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 09:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 09:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 09:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 09:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-02 13:26 . 2008-12-04 09:27 <DIR> dr------- c:\users\Architegt\Inst.Odpad
2008-11-30 13:59 . 2008-12-01 17:08 <DIR> d-------- c:\users\Architegt\AppData\Roaming\LimeWire
2008-11-29 18:33 . 2008-11-29 18:33 <DIR> d-------- c:\program files\Network Stumbler
2008-11-29 18:26 . 2008-12-02 13:27 <DIR> d-------- c:\program files\WhatPulse
2008-11-26 17:00 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 17:00 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 17:00 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 17:00 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 17:00 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\users\All Users\Stardock
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\programdata\Stardock
2008-11-23 10:39 . 2008-11-23 10:39 3,932,214 --a------ c:\windows\Invader1280.bmp
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\users\All Users\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-11-23 10:38 <DIR> d-------- c:\program files\Stardock
2008-11-19 20:48 . 2008-11-23 11:36 <DIR> d-------- c:\users\Architegt\AppData\Roaming\MiniDm
2008-11-19 20:45 . 2008-11-19 20:46 <DIR> d-------- c:\program files\IEPro
2008-11-17 20:14 . 2008-11-17 20:15 <DIR> d-------- C:\My Web Sites
2008-11-14 12:48 . 2008-11-14 15:33 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-13 16:42 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 16:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 16:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-09 11:35 . 2008-11-09 11:35 <DIR> d-------- c:\program files\Western Digital Technologies
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\users\All Users\Nokia
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\programdata\Nokia
2008-11-07 19:39 . 2008-11-07 19:40 <DIR> d-------- C:\Mobil-Misa zaloha
2008-11-07 19:37 . 2008-11-07 19:38 <DIR> d-------- c:\users\Architegt\AppData\Roaming\PC Suite
2008-11-07 19:37 . 2008-12-03 13:31 <DIR> d-------- c:\users\Architegt\AppData\Roaming\Nokia
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\programdata\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-07 19:31 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-07 19:30 . 2008-11-07 19:30 <DIR> d-------- c:\program files\DIFX
2008-11-07 19:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-07 19:29 . 2008-11-07 19:30 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-07 19:29 . 2008-11-07 19:29 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\users\All Users\Installations
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\programdata\Installations
2008-11-07 19:27 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Nokia
2008-11-07 19:27 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 13:26 --------- d-----w c:\programdata\Roxio
2008-12-02 12:28 --------- d-----w c:\users\Architegt\AppData\Roaming\uTorrent
2008-12-02 12:22 --------- d-----w c:\program files\Ubisoft
2008-11-29 18:41 --------- d-----w c:\program files\World of Warcraft
2008-11-24 17:57 15,819,776 ----a-w c:\windows\System32\imageres.dll
2008-11-17 11:13 --------- d-----w c:\users\Architegt\AppData\Roaming\Winamp
2008-11-13 20:06 --------- d-----w c:\programdata\Microsoft Help
2008-11-09 13:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 08:06 --------- d-----w c:\program files\Common Files\Steam
2008-11-07 20:01 --------- d-----w c:\program files\Java
2008-11-07 18:24 --------- d-----w c:\program files\Winamp
2008-11-03 19:21 --------- d-----w c:\users\Architegt\AppData\Roaming\ICQ
2008-11-02 20:21 --------- d-----w c:\program files\ZyXEL
2008-10-31 09:23 --------- d-----w c:\program files\LittleFighter2
2008-10-29 23:41 --------- d-----w c:\program files\Windows Mail
2008-10-29 23:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-29 11:00 --------- d-----w c:\programdata\GrabJPG
2008-10-29 11:00 --------- d-----w c:\program files\GrabJPG
2008-10-29 08:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-29 08:19 --------- d-----w c:\programdata\ESET
2008-10-29 08:19 --------- d-----w c:\program files\ESET
2008-10-09 05:40 --------- d-----w c:\programdata\Symantec
2008-10-07 19:34 --------- d-----w c:\users\Architegt\AppData\Roaming\Hulubulu
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-30 08:05 174 --sha-w c:\program files\desktop.ini
2008-04-23 13:57 316 ----a-w c:\users\Architegt\AppData\Roaming\lenovo_config.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 16:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-04 15:43 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-04_17.15.55,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-04 16:15:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-04 10:42:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-04 10:41:29 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-04 17:55:35 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-04 10:43:24 10,652 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
+ 2008-12-04 16:40:11 10,668 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
- 2008-12-04 10:43:24 101,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:11 101,682 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-04 06:17:19 51,180 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:08 51,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"change!t"="c:\users\Architegt\Inst.Odpad\changeit\changeit.exe" [2007-11-14 131072]
"Yodm3D"="c:\users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe" [2007-06-26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 09:04 49152 c:\windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Architegt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Architegt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
--a------ 2003-07-31 19:06 458752 c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\progra~1\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C2A3D6B-E4E2-47BF-903B-729F3943CF44}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEB1005-3AB3-454F-B258-19508EB0558E}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{DBCBCFCA-0896-4BDD-A47E-088A2B84E379}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{32394315-467C-4573-98F7-4B13BD151C0F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{EBAD30C8-BD82-443A-937E-3FD2E5B9CC8C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{04DB0871-4762-4D2A-85D6-D9E2166B0103}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{89879A03-F4EB-407E-97D0-DC16E62FC2F1}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{46AE93F1-3B53-4B2F-9553-9AF51ADAF97B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{4576315B-9D21-43F0-B6F4-FE2384E4FC9C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{60EC70D0-D0F2-4E52-8C19-79031E81F9E7}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{DA806E6B-A6A4-403D-A8B0-46EF2875A5F5}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{AADA60ED-DD72-4C64-AF15-62587BFE0D55}c:\\program files\\half-life 2\\hl2.exe"= UDP:c:\program files\half-life 2\hl2.exe:hl2
"UDP Query User{800B7ED1-874A-4505-9967-06EA46A36C28}c:\\program files\\half-life 2\\hl2.exe"= TCP:c:\program files\half-life 2\hl2.exe:hl2
"{8BB4648B-872D-41D5-8834-EB55E86EE006}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B65E6292-5DCF-41AA-8E41-A82017D948A4}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A48B92A-C0E1-492C-AA04-C9B3290255AB}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{154620DA-88CA-4599-8C72-3BB9EB6E1204}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{72257449-93E4-4D5E-8EC6-FFFEFD0DA3C1}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{667A2A1B-8063-4AFE-BBBE-003B0825C3EB}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{ABBD9863-5174-41D7-9F13-9E564023744F}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{C84C2480-7C47-498F-961D-E7DB7E1447A4}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{CECD053F-8507-492D-A518-DD90F325A14C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{043614DA-0F79-45D9-AD3D-6CCB10EE37A7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7733646D-E05C-41A7-BED4-37C6C58CEED9}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{DCEB1E83-D8BD-4DE3-9FC9-E00FBB0371F0}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0D733BBE-E030-43F4-8FE7-D718F0C4D501}c:\\program files\\counter strike 1.6 ns\\hl.exe"= UDP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"UDP Query User{8DFD4A25-268A-4810-9ADA-9A4D3077B9B9}c:\\program files\\counter strike 1.6 ns\\hl.exe"= TCP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"{6D89734F-3260-4269-BD48-E6198995D8A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5C576437-37FF-482A-BF84-9545346C6A8E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{2EAC3644-B2EF-4D4B-97EE-8F18A6B8ACF8}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{6AB04DED-0C3B-4843-89AE-3078B35B1ECE}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{82458A61-3172-4A4D-8F3A-3EC41C6CD157}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"UDP Query User{4175B85C-F445-41CE-B033-A2BA7E40FE5B}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"TCP Query User{D542B118-3A1A-4D05-A71F-1C977CA0638A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{35D33180-8721-4CA1-B0F4-C3374377B3F0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{CE83C7D6-7EFE-4BFA-BB4A-3346F2C7F5B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F838F75D-6F05-44FB-9CFB-225D30535370}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9E9CE595-FCDD-4817-8DF9-CE5A729366CE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{DAF26715-0D39-486D-AFA7-19854B1E8F05}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{02B1AB19-6610-4021-A768-C25091232714}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= UDP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{74BF750E-458E-4DC8-9CD8-86EF1DFDA79C}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= TCP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-24 72192]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-08-18 468224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-12-17 540448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-11-02 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-11-02 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-11-02 108675]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-12-17 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - k:\setup\rsrc\autorun.exe
\shell\dinstall\command - k:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec089f-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - I:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec08a1-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - J:\suppress_explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfe46d04-2b35-11dd-98ec-001a73ee2479}]
\shell\AutoRun\command - L:\suppress_explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2008-12-04 c:\windows\Tasks\User_Feed_Synchronization-{A6471A22-9E7A-482A-B0E1-E463600FAF0A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 20:47:59
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP0000008A0D80A1CD1A48D908 524288 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
Celkový čas: 2008-12-04 20:49:12
ComboFix-quarantined-files.txt 2008-12-04 19:49:08
ComboFix2.txt 2008-12-04 18:12:01
Před spuštěním: Volných bajtů: 39 909 761 024
Po spuštění: Volných bajtů: 39,873,572,864
322 --- E O F --- 2008-12-01 19:38:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-12-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [change!t] C:\Users\Architegt\Inst.Odpad\changeit\changeit.exe /startos
O4 - HKCU\..\Run: [Yodm3D] C:\Users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm012YYCZ
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9318 bytes
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.929 [GMT 1:00]
Spuštěný z: c:\users\Architegt\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Architegt\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\iun6002.exe
c:\windows\Lic.xxx
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Firewall\AppendRules.xml
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\05\01\AlertEng.loc
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.spm
c:\windows\iun6002.exe
c:\windows\Lic.xxx
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-04 do 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 19:27 . 2008-12-04 19:27 <DIR> d-------- c:\program files\RegCleaner
2008-12-04 19:01 . 2008-12-04 19:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\users\All Users\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 <DIR> d-------- c:\programdata\MicroWorld
2008-12-04 17:40 . 2008-12-04 17:40 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-04 17:40 . 2008-12-04 17:40 548,864 --a------ c:\windows\System32\msvcp80.dll
2008-12-04 17:40 . 2008-12-04 17:40 28,672 --a------ c:\windows\System32\eEmpty.exe
2008-12-04 17:40 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2008-12-04 09:30 . 2008-12-04 17:40 <DIR> dr------- c:\users\Architegt\Documenty
2008-12-04 08:54 . 2008-12-04 08:54 <DIR> d-------- c:\users\Architegt\AppData\Roaming\GHISLER
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-12-04 08:54 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2008-12-03 09:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 09:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 09:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 09:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 09:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 09:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 09:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 09:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 09:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-02 13:26 . 2008-12-04 09:27 <DIR> dr------- c:\users\Architegt\Inst.Odpad
2008-11-30 13:59 . 2008-12-01 17:08 <DIR> d-------- c:\users\Architegt\AppData\Roaming\LimeWire
2008-11-29 18:33 . 2008-11-29 18:33 <DIR> d-------- c:\program files\Network Stumbler
2008-11-29 18:26 . 2008-12-02 13:27 <DIR> d-------- c:\program files\WhatPulse
2008-11-26 17:00 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 17:00 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 17:00 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 17:00 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 17:00 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\users\All Users\Stardock
2008-11-23 10:46 . 2008-11-23 10:46 <DIR> d-------- c:\programdata\Stardock
2008-11-23 10:39 . 2008-11-23 10:39 3,932,214 --a------ c:\windows\Invader1280.bmp
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\users\All Users\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-12-02 13:19 <DIR> d--h----- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2008-11-23 10:38 . 2008-11-23 10:38 <DIR> d-------- c:\program files\Stardock
2008-11-19 20:48 . 2008-11-23 11:36 <DIR> d-------- c:\users\Architegt\AppData\Roaming\MiniDm
2008-11-19 20:45 . 2008-11-19 20:46 <DIR> d-------- c:\program files\IEPro
2008-11-17 20:14 . 2008-11-17 20:15 <DIR> d-------- C:\My Web Sites
2008-11-14 12:48 . 2008-11-14 15:33 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-13 16:42 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 16:41 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 16:40 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-09 11:35 . 2008-11-09 11:35 <DIR> d-------- c:\program files\Western Digital Technologies
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\users\All Users\Nokia
2008-11-07 19:44 . 2008-11-07 19:44 <DIR> d-------- c:\programdata\Nokia
2008-11-07 19:39 . 2008-11-07 19:40 <DIR> d-------- C:\Mobil-Misa zaloha
2008-11-07 19:37 . 2008-11-07 19:38 <DIR> d-------- c:\users\Architegt\AppData\Roaming\PC Suite
2008-11-07 19:37 . 2008-12-03 13:31 <DIR> d-------- c:\users\Architegt\AppData\Roaming\Nokia
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 <DIR> d-------- c:\programdata\PC Suite
2008-11-07 19:37 . 2008-11-07 19:37 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-07 19:31 . 2008-11-07 19:31 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-07 19:31 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-07 19:30 . 2008-11-07 19:30 <DIR> d-------- c:\program files\DIFX
2008-11-07 19:30 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-07 19:29 . 2008-11-07 19:30 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-07 19:29 . 2008-11-07 19:29 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\users\All Users\Installations
2008-11-07 19:27 . 2008-11-07 19:43 <DIR> d-------- c:\programdata\Installations
2008-11-07 19:27 . 2008-11-07 19:44 <DIR> d-------- c:\program files\Nokia
2008-11-07 19:27 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 13:26 --------- d-----w c:\programdata\Roxio
2008-12-02 12:28 --------- d-----w c:\users\Architegt\AppData\Roaming\uTorrent
2008-12-02 12:22 --------- d-----w c:\program files\Ubisoft
2008-11-29 18:41 --------- d-----w c:\program files\World of Warcraft
2008-11-24 17:57 15,819,776 ----a-w c:\windows\System32\imageres.dll
2008-11-17 11:13 --------- d-----w c:\users\Architegt\AppData\Roaming\Winamp
2008-11-13 20:06 --------- d-----w c:\programdata\Microsoft Help
2008-11-09 13:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 08:06 --------- d-----w c:\program files\Common Files\Steam
2008-11-07 20:01 --------- d-----w c:\program files\Java
2008-11-07 18:24 --------- d-----w c:\program files\Winamp
2008-11-03 19:21 --------- d-----w c:\users\Architegt\AppData\Roaming\ICQ
2008-11-02 20:21 --------- d-----w c:\program files\ZyXEL
2008-10-31 09:23 --------- d-----w c:\program files\LittleFighter2
2008-10-29 23:41 --------- d-----w c:\program files\Windows Mail
2008-10-29 23:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-29 11:00 --------- d-----w c:\programdata\GrabJPG
2008-10-29 11:00 --------- d-----w c:\program files\GrabJPG
2008-10-29 08:25 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-29 08:19 --------- d-----w c:\programdata\ESET
2008-10-29 08:19 --------- d-----w c:\program files\ESET
2008-10-09 05:40 --------- d-----w c:\programdata\Symantec
2008-10-07 19:34 --------- d-----w c:\users\Architegt\AppData\Roaming\Hulubulu
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-30 08:05 174 --sha-w c:\program files\desktop.ini
2008-04-23 13:57 316 ----a-w c:\users\Architegt\AppData\Roaming\lenovo_config.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-06 16:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-06 16:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-04 15:43 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-04_17.15.55,75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-04 10:41:28 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-04 16:38:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-04 16:15:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-04 16:39:33 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-04 10:42:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-04 16:39:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-04 10:41:29 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-04 17:55:35 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-04 10:41:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-04 17:55:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-04 10:43:24 10,652 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
+ 2008-12-04 16:40:11 10,668 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1625110621-214614848-3424324733-1006_UserData.bin
- 2008-12-04 10:43:24 101,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:11 101,682 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-04 06:17:19 51,180 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-04 16:40:08 51,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"change!t"="c:\users\Architegt\Inst.Odpad\changeit\changeit.exe" [2007-11-14 131072]
"Yodm3D"="c:\users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe" [2007-06-26 2058752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 09:04 49152 c:\windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Architegt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Architegt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
--a------ 2003-07-31 19:06 458752 c:\program files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 c:\progra~1\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8C2A3D6B-E4E2-47BF-903B-729F3943CF44}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEB1005-3AB3-454F-B258-19508EB0558E}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{DBCBCFCA-0896-4BDD-A47E-088A2B84E379}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{32394315-467C-4573-98F7-4B13BD151C0F}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{EBAD30C8-BD82-443A-937E-3FD2E5B9CC8C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{04DB0871-4762-4D2A-85D6-D9E2166B0103}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{89879A03-F4EB-407E-97D0-DC16E62FC2F1}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{46AE93F1-3B53-4B2F-9553-9AF51ADAF97B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{4576315B-9D21-43F0-B6F4-FE2384E4FC9C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{60EC70D0-D0F2-4E52-8C19-79031E81F9E7}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{DA806E6B-A6A4-403D-A8B0-46EF2875A5F5}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{AADA60ED-DD72-4C64-AF15-62587BFE0D55}c:\\program files\\half-life 2\\hl2.exe"= UDP:c:\program files\half-life 2\hl2.exe:hl2
"UDP Query User{800B7ED1-874A-4505-9967-06EA46A36C28}c:\\program files\\half-life 2\\hl2.exe"= TCP:c:\program files\half-life 2\hl2.exe:hl2
"{8BB4648B-872D-41D5-8834-EB55E86EE006}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B65E6292-5DCF-41AA-8E41-A82017D948A4}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{8A48B92A-C0E1-492C-AA04-C9B3290255AB}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{154620DA-88CA-4599-8C72-3BB9EB6E1204}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{72257449-93E4-4D5E-8EC6-FFFEFD0DA3C1}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{667A2A1B-8063-4AFE-BBBE-003B0825C3EB}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{ABBD9863-5174-41D7-9F13-9E564023744F}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{C84C2480-7C47-498F-961D-E7DB7E1447A4}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{CECD053F-8507-492D-A518-DD90F325A14C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{043614DA-0F79-45D9-AD3D-6CCB10EE37A7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7733646D-E05C-41A7-BED4-37C6C58CEED9}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{DCEB1E83-D8BD-4DE3-9FC9-E00FBB0371F0}c:\\program files\\valve\\steam\\steamapps\\danhus\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0D733BBE-E030-43F4-8FE7-D718F0C4D501}c:\\program files\\counter strike 1.6 ns\\hl.exe"= UDP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"UDP Query User{8DFD4A25-268A-4810-9ADA-9A4D3077B9B9}c:\\program files\\counter strike 1.6 ns\\hl.exe"= TCP:c:\program files\counter strike 1.6 ns\hl.exe:Half-Life Launcher
"{6D89734F-3260-4269-BD48-E6198995D8A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5C576437-37FF-482A-BF84-9545346C6A8E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{2EAC3644-B2EF-4D4B-97EE-8F18A6B8ACF8}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{6AB04DED-0C3B-4843-89AE-3078B35B1ECE}c:\\program files\\valve\\steam\\steamapps\\danhus\\deathmatch classic\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{82458A61-3172-4A4D-8F3A-3EC41C6CD157}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"UDP Query User{4175B85C-F445-41CE-B033-A2BA7E40FE5B}c:\\program files\\valve\\steam\\steamapps\\danhus\\day of defeat source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\danhus\day of defeat source\hl2.exe:hl2
"TCP Query User{D542B118-3A1A-4D05-A71F-1C977CA0638A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{35D33180-8721-4CA1-B0F4-C3374377B3F0}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{CE83C7D6-7EFE-4BFA-BB4A-3346F2C7F5B6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F838F75D-6F05-44FB-9CFB-225D30535370}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9E9CE595-FCDD-4817-8DF9-CE5A729366CE}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{DAF26715-0D39-486D-AFA7-19854B1E8F05}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{02B1AB19-6610-4021-A768-C25091232714}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= UDP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{74BF750E-458E-4DC8-9CD8-86EF1DFDA79C}c:\\users\\architegt\\desktop\\strong dc++\\strongdc.exe"= TCP:c:\users\architegt\desktop\strong dc++\strongdc.exe:strongdc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-07-24 72192]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-08-18 468224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-12-17 540448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2008-11-02 60288]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2008-11-02 642944]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2008-11-02 108675]
S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-12-17 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - k:\setup\rsrc\autorun.exe
\shell\dinstall\command - k:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec089f-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - I:\autoplay.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caec08a1-26a4-11dd-8314-001e37799928}]
\shell\AutoRun\command - J:\suppress_explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfe46d04-2b35-11dd-98ec-001a73ee2479}]
\shell\AutoRun\command - L:\suppress_explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2008-12-04 c:\windows\Tasks\User_Feed_Synchronization-{A6471A22-9E7A-482A-B0E1-E463600FAF0A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 20:47:59
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP0000008A0D80A1CD1A48D908 524288 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
Celkový čas: 2008-12-04 20:49:12
ComboFix-quarantined-files.txt 2008-12-04 19:49:08
ComboFix2.txt 2008-12-04 18:12:01
Před spuštěním: Volných bajtů: 39 909 761 024
Po spuštění: Volných bajtů: 39,873,572,864
322 --- E O F --- 2008-12-01 19:38:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-12-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [change!t] C:\Users\Architegt\Inst.Odpad\changeit\changeit.exe /startos
O4 - HKCU\..\Run: [Yodm3D] C:\Users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm012YYCZ
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9318 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o prev.kontrolu
Ten log z HJT jsi dělal až po aplikaci scriptu v Combofixu?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o prev.kontrolu
Ano
P.S omlouvam se kdybych tu uz nebyl...
P.S omlouvam se kdybych tu uz nebyl...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o prev.kontrolu
Stahni jsi Avanger
do nej podle navodu:
zadej prikaz z kodu:
Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis
Zítra se podívám..
do nej podle navodu:
zadej prikaz z kodu:
Kód: Vybrat vše
Files to delete:
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
Folders to delete:
c:\programdata\Symantec
C:\Program Files\Common Files\Symantec SharedPo restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis
Zítra se podívám..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o prev.kontrolu
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe"
Deletion of file "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
Deletion of file "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Folder "c:\programdata\Symantec" deleted successfully.
Error: folder "C:\Program Files\Common Files\Symantec Shared" not found!
Deletion of folder "C:\Program Files\Common Files\Symantec Shared" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
_____________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-12-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [change!t] C:\Users\Architegt\Inst.Odpad\changeit\changeit.exe /startos
O4 - HKCU\..\Run: [Yodm3D] C:\Users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm012YYCZ
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9318 bytes
ZAtim dekuju, nashle
Predpokladam ze ty errory nevesti nic dobreho....
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe"
Deletion of file "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: could not open file "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"
Deletion of file "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Folder "c:\programdata\Symantec" deleted successfully.
Error: folder "C:\Program Files\Common Files\Symantec Shared" not found!
Deletion of folder "C:\Program Files\Common Files\Symantec Shared" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
_____________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01, on 2008-12-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [change!t] C:\Users\Architegt\Inst.Odpad\changeit\changeit.exe /startos
O4 - HKCU\..\Run: [Yodm3D] C:\Users\Architegt\Inst.Odpad\yodm3D\Yodm3D.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm012YYCZ
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9318 bytes
ZAtim dekuju, nashle
Predpokladam ze ty errory nevesti nic dobreho....
Kdo je online
Uživatelé prohlížející si toto fórum: Google Adsense [Bot] a 125 hostů