Kontrola logu Vyřešeno

[roman]

Dobrý den , pěkně prosím o kontrolu logu .Počítač je zpomalený při otevírání složek a programů a taky internetu i přes pročištění.A když otvírám nebo zavírám nějakou složku na ploše tak problikne celá obrazovka. Díky.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe

--
End of file - 9599 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O13 - Gopher Prefix:

Vypni rez.ochranu u AVG a štít u Windows Defender.
Pokud máš 32 bitovou verzi win, postupuj takto:
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[roman]

Toto tam nemám :O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07
\bin\jusched.exe"

[jaro3]

Vidím to v Tvém logu, uděláš ten Combofix?

[roman]

ComboFix 09-01-21.01 - Roman 2009-01-21 21:04:50.5 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1200 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-12-21 do 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-21 14:44 . 2009-01-21 14:44 2,997,872 --a------ c:\windows\System32\drivers\appdrv01.sys
2009-01-21 14:44 . 2009-01-21 14:44 316,816 --a------ c:\windows\System32\appdrvrem01.exe
2009-01-21 13:47 . 2009-01-21 15:31 204,344,926 --a------ c:\windows\MEMORY.DMP
2009-01-21 13:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-21 13:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-21 13:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-21 13:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-21 13:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-21 13:19 . 2009-01-01 14:06 8,192 --a------ c:\windows\System32\drivers\FStarForce.sys
2009-01-21 10:07 . 2000-02-25 12:43 302,592 --a------ c:\windows\mauninst.exe
2009-01-20 17:09 . 2009-01-20 17:09 <DIR> d-------- c:\program files\Crawler
2009-01-20 17:08 . 2009-01-21 20:47 <DIR> d-------- c:\users\Roman\AppData\Roaming\Spyware Terminator
2009-01-20 17:08 . 2009-01-21 20:47 <DIR> d-------- c:\programdata\Spyware Terminator
2009-01-20 17:08 . 2009-01-21 13:53 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-20 17:08 . 2009-01-20 17:08 141,312 --a------ c:\windows\System32\drivers\sp_rsdrv2.sys
2009-01-18 10:19 . 2009-01-18 10:19 <DIR> d-------- c:\program files\Google
2009-01-17 17:51 . 2009-01-17 17:51 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-17 17:51 . 2009-01-17 17:51 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-17 17:51 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-17 17:51 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-17 12:08 . 2009-01-17 12:08 <DIR> d-------- c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:13 . 2009-01-17 11:13 <DIR> d-------- c:\windows\Java
2009-01-17 11:13 . 2009-01-17 11:13 <DIR> d-------- c:\program files\PC Wizard 2008
2009-01-17 11:13 . 2007-09-15 16:11 27,136 --a------ c:\windows\System32\PCWizard.cpl
2009-01-14 18:41 . 2009-01-14 18:41 <DIR> d-------- c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 18:41 . 2009-01-18 11:07 <DIR> d-------- c:\program files\FlashGet
2009-01-14 03:14 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:25 <DIR> d-------- c:\program files\AxBx
2009-01-12 12:39 . 2009-01-12 12:39 <DIR> d-------- c:\program files\OEZ
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Common Files\BioWare
2009-01-08 06:34 . 2009-01-13 17:37 <DIR> d-------- c:\users\Roman\AppData\Roaming\FSW2
2009-01-07 15:32 . 2009-01-07 15:32 <DIR> d-------- c:\programdata\MumboJumbo
2009-01-07 15:28 . 2009-01-07 15:28 <DIR> d-------- c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 14:05 . 2009-01-07 14:05 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-01-07 14:04 . 2009-01-07 14:04 <DIR> d-------- c:\windows\My Tribe
2009-01-07 14:02 . 2009-01-07 14:02 <DIR> d-------- c:\windows\Mortimer Beckett and the Time Paradox
2009-01-07 14:01 . 2009-01-07 14:01 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\windows\Jungle Quest
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 13:48 . 2009-01-07 13:48 <DIR> d-------- c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 13:47 . 2009-01-07 13:47 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2009-01-07 13:21 . 2009-01-07 13:21 <DIR> d-------- c:\windows\Herods Lost Tomb
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\programdata\PlayFirst
2009-01-07 12:39 . 2009-01-07 12:39 <DIR> d-------- c:\windows\Fitness Dash
2009-01-07 12:24 . 2009-01-07 12:32 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 11:53 . 2009-01-07 11:53 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2009-01-07 11:41 . 2009-01-07 11:41 <DIR> d-------- c:\programdata\Playrix Entertainment
2009-01-07 11:39 . 2009-01-07 11:39 <DIR> d-------- c:\windows\4 Elements
2009-01-07 09:27 . 2009-01-07 09:27 <DIR> d-------- c:\users\Roman\AppData\Roaming\XRay Engine
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\GHISLER
2008-12-28 16:20 . 2008-12-28 16:22 <DIR> d-------- C:\totalcmd
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\UC.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\RAR.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\LHA.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\ARJ.PIF
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\windows\vbSkinner
2008-12-27 19:46 . 2008-12-27 19:49 <DIR> d-------- c:\program files\PFConfig
2008-12-25 14:22 . 2009-01-03 09:50 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-24 16:09 . 2009-01-11 17:49 <DIR> d-------- c:\users\Roman\AppData\Roaming\Vso
2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\VSO
2008-12-24 15:18 . 2008-12-24 16:12 <DIR> d-------- c:\program files\KillProcess
2008-12-24 13:16 . 2009-01-19 20:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-24 09:24 . 2009-01-13 18:02 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-23 14:51 . 2008-12-23 14:51 <DIR> d-------- c:\users\Roman\AppData\Roaming\qUninst
2008-12-23 14:51 . 2008-12-24 15:13 <DIR> d-------- c:\program files\Quick Uninstaller
2008-12-23 14:51 . 2006-10-13 14:30 198,144 --a------ c:\windows\System32\quApplet.cpl
2008-12-22 15:06 . 2007-12-11 12:00 785,464 -ra------ c:\windows\System32\tmpD43F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 19:46 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 14:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-21 12:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 07:42 --------- d-----w c:\program files\Windows Mail
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-14 07:51 --------- d-----w c:\programdata\Ubisoft
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
2008-12-01 16:11 --------- d-----w c:\programdata\LangSoft
2008-12-01 15:49 --------- d-----w c:\program files\ABC Transdict
2008-12-01 12:59 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-30 09:32 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-30 09:32 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2008-11-30 09:32 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2008-11-30 09:32 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-30 07:30 --------- d-----w c:\users\Roman\AppData\Roaming\DAEMON Tools
2008-11-29 22:39 --------- d-----w c:\program files\ZipItFree
2008-11-29 19:26 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-29 19:25 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-29 09:28 15,261,184 ----a-w c:\users\Roman\jre-6u10-windows-x64.exe
2008-11-24 17:51 --------- d-----w c:\program files\Yahoo!
2008-11-24 17:51 --------- d-----w c:\program files\CCleaner
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 19:14 --------- d-----w c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 12:59 --------- d-----w c:\program files\Trend Micro
2008-11-23 07:17 --------- d-----w c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-21 17:11 --------- d-----w c:\program files\Microsoft Games
2008-11-18 06:02 901,120 ----a-w c:\windows\TMUninst.exe
2008-11-16 02:49 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-20 1817600]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2009-01-20 141312]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccf97bc6-be4d-11dd-96dc-001e8c8faa7a}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'

2009-01-21 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-01-21 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 21:07:08
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2108)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-21 21:08:21
ComboFix-quarantined-files.txt 2009-01-21 20:08:05

Před spuštěním: Volných bajtů: 183,805,841,408
Po spuštění: Volných bajtů: 183,800,483,840

321 --- E O F --- 2009-01-16 21:28:25

[roman]

Fakt sem tam ty 2 řádky neměl taky mě to připadá divný a hijack sem nevypínal

[jaro3]

To zatím nech. Psal jsem , abys před combofixem vypnul rez. ochranu u AVG....
Toto otestuj na Virustotal
c:\windows\System32\appdrvrem01.exe
c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} -pokud bude mít velkou kapacitu, podívej se co tam je.
c:\windows\System32\quApplet.cpl
c:\windows\System32\tmpD43F.tmp
Vlož sem potom odkazy výsledků.

Pro kontrolu:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Zítra se podívám.

[roman]

Ty ochrany sem povypínal ale ten ComboFix furt hlásil že je to zaplý tak sem to projel.


Soubor appdrvrem01.exe přijatý 2009.01.21 22:35:10 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/39 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 49 a 70 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.21 -
AhnLab-V3 5.0.0.2 2009.01.21 -
AntiVir 7.9.0.57 2009.01.21 -
Authentium 5.1.0.4 2009.01.21 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.21 -
BitDefender 7.2 2009.01.21 -
CAT-QuickHeal 10.00 2009.01.21 -
ClamAV 0.94.1 2009.01.21 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.21 -
eSafe 7.0.17.0 2009.01.20 -
eTrust-Vet 31.6.6319 2009.01.21 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.21 -
Fortinet 3.117.0.0 2009.01.21 -
GData 19 2009.01.21 -
Ikarus T3.1.1.45.0 2009.01.21 -
K7AntiVirus 7.10.598 2009.01.21 -
Kaspersky 7.0.0.125 2009.01.21 -
McAfee 5502 2009.01.21 -
McAfee+Artemis 5502 2009.01.21 -
Microsoft 1.4205 2009.01.21 -
NOD32 3786 2009.01.21 -
Norman 5.93.01 2009.01.21 -
nProtect 2009.1.8.0 2009.01.21 -
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.21 -
Rising 21.13.22.00 2009.01.21 -
SecureWeb-Gateway 6.7.6 2009.01.21 -
Sophos 4.37.0 2009.01.21 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.21 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.21 -
VBA32 3.12.8.10 2009.01.21 -
ViRobot 2009.1.21.1572 2009.01.21 -
VirusBuster 4.5.11.0 2009.01.21 -



soubor: c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
píše : 0 bytes size received / Se ha recibido un archivo vacio
a nemůžu ho najít abych to smázl


Soubor quApplet.cpl přijatý 2009.01.21 22:45:46 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 1/39 (2.57%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.21 -
AhnLab-V3 5.0.0.2 2009.01.21 -
AntiVir 7.9.0.57 2009.01.21 -
Authentium 5.1.0.4 2009.01.21 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.21 -
BitDefender 7.2 2009.01.21 -
CAT-QuickHeal 10.00 2009.01.21 -
ClamAV 0.94.1 2009.01.21 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.21 -
eSafe 7.0.17.0 2009.01.20 Suspicious File
eTrust-Vet 31.6.6319 2009.01.21 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.21 -
Fortinet 3.117.0.0 2009.01.21 -
GData 19 2009.01.21 -
Ikarus T3.1.1.45.0 2009.01.21 -
K7AntiVirus 7.10.598 2009.01.21 -
Kaspersky 7.0.0.125 2009.01.21 -
McAfee 5502 2009.01.21 -
McAfee+Artemis 5502 2009.01.21 -
Microsoft 1.4205 2009.01.21 -
NOD32 3786 2009.01.21 -
Norman 5.93.01 2009.01.21 -
nProtect 2009.1.8.0 2009.01.21 -
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.21 -
Rising 21.13.22.00 2009.01.21 -
SecureWeb-Gateway 6.7.6 2009.01.21 -
Sophos 4.37.0 2009.01.21 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.21 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.21 -
VBA32 3.12.8.10 2009.01.21 -
ViRobot 2009.1.21.1572 2009.01.21 -
VirusBuster 4.5.11.0 2009.01.21 -




Soubor tmpD43F.tmp přijatý 2009.01.21 22:49:10 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 1/39 (2.57%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 42 a 60 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.21 -
AhnLab-V3 5.0.0.2 2009.01.21 -
AntiVir 7.9.0.57 2009.01.21 -
Authentium 5.1.0.4 2009.01.21 -
Avast 4.8.1281.0 2009.01.21 -
AVG 8.0.0.229 2009.01.21 -
BitDefender 7.2 2009.01.21 -
CAT-QuickHeal 10.00 2009.01.21 -
ClamAV 0.94.1 2009.01.21 -
Comodo 940 2009.01.21 -
DrWeb 4.44.0.09170 2009.01.21 -
eSafe 7.0.17.0 2009.01.20 -
eTrust-Vet 31.6.6319 2009.01.21 -
F-Prot 4.4.4.56 2009.01.21 -
F-Secure 8.0.14470.0 2009.01.21 -
Fortinet 3.117.0.0 2009.01.21 -
GData 19 2009.01.21 -
Ikarus T3.1.1.45.0 2009.01.21 -
K7AntiVirus 7.10.598 2009.01.21 -
Kaspersky 7.0.0.125 2009.01.21 -
McAfee 5502 2009.01.21 -
McAfee+Artemis 5502 2009.01.21 -
Microsoft 1.4205 2009.01.21 -
NOD32 3786 2009.01.21 -
Norman 5.93.01 2009.01.21 -
nProtect 2009.1.8.0 2009.01.21 -
Panda 9.5.1.2 2009.01.21 -
PCTools 4.4.2.0 2009.01.21 -
Prevx1 V2 2009.01.21 -
Rising 21.13.22.00 2009.01.21 -
SecureWeb-Gateway 6.7.6 2009.01.21 -
Sophos 4.37.0 2009.01.21 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.21 -
TheHacker 6.3.1.5.225 2009.01.21 -
TrendMicro 8.700.0.1004 2009.01.21 -
VBA32 3.12.8.10 2009.01.21 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot 2009.1.21.1572 2009.01.21 -
VirusBuster 4.5.11.0 2009.01.21 -

[roman]

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1675
Windows 6.0.6001 Service Pack 1

21.1.2009 23:23:23
mbam-log-2009-01-21 (23-23-23).txt

Typ skenu: Rychlý sken
Objektu skenováno: 45939
Uplynulý cas: 2 minute(s), 52 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\System32\tmpD43F.tmp

Folder::
c:\windows\System32\tmpD43F.tmp

DirLook::
c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[roman]

Už nevím jak víc to AVG vypnout furt to hlásí a přitom mám vše vyplý.


ComboFix 09-01-21.01 - Roman 2009-01-22 9:02:19.6 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1127 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\System32\tmpD43F.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\tmpD43F.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-22 do 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-21 23:16 . 2009-01-21 23:16 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-21 23:16 . 2009-01-21 23:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 23:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-21 23:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-21 21:19 . 2009-01-21 21:21 <DIR> d-------- c:\program files\WinClamAVShield
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-21 14:44 . 2009-01-21 14:44 2,997,872 --a------ c:\windows\System32\drivers\appdrv01.sys
2009-01-21 14:44 . 2009-01-21 14:44 316,816 --a------ c:\windows\System32\appdrvrem01.exe
2009-01-21 13:47 . 2009-01-21 15:31 204,344,926 --a------ c:\windows\MEMORY.DMP
2009-01-21 13:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-21 13:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-21 13:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-21 13:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-21 13:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-21 13:19 . 2009-01-01 14:06 8,192 --a------ c:\windows\System32\drivers\FStarForce.sys
2009-01-21 10:07 . 2000-02-25 12:43 302,592 --a------ c:\windows\mauninst.exe
2009-01-20 17:09 . 2009-01-20 17:09 <DIR> d-------- c:\program files\Crawler
2009-01-20 17:08 . 2009-01-22 08:51 <DIR> d-------- c:\users\Roman\AppData\Roaming\Spyware Terminator
2009-01-20 17:08 . 2009-01-21 20:47 <DIR> d-------- c:\programdata\Spyware Terminator
2009-01-20 17:08 . 2009-01-21 13:53 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-20 17:08 . 2009-01-20 17:08 141,312 --a------ c:\windows\System32\drivers\sp_rsdrv2.sys
2009-01-18 10:19 . 2009-01-18 10:19 <DIR> d-------- c:\program files\Google
2009-01-17 17:51 . 2009-01-17 17:51 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-17 17:51 . 2009-01-17 17:51 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-17 17:51 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-17 17:51 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-17 12:08 . 2009-01-17 12:08 <DIR> d-------- c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:13 . 2009-01-17 11:13 <DIR> d-------- c:\windows\Java
2009-01-17 11:13 . 2009-01-17 11:13 <DIR> d-------- c:\program files\PC Wizard 2008
2009-01-17 11:13 . 2007-09-15 16:11 27,136 --a------ c:\windows\System32\PCWizard.cpl
2009-01-14 18:41 . 2009-01-14 18:41 <DIR> d-------- c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 18:41 . 2009-01-18 11:07 <DIR> d-------- c:\program files\FlashGet
2009-01-14 03:14 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:25 <DIR> d-------- c:\program files\AxBx
2009-01-12 12:39 . 2009-01-12 12:39 <DIR> d-------- c:\program files\OEZ
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Common Files\BioWare
2009-01-08 06:34 . 2009-01-13 17:37 <DIR> d-------- c:\users\Roman\AppData\Roaming\FSW2
2009-01-07 15:32 . 2009-01-07 15:32 <DIR> d-------- c:\programdata\MumboJumbo
2009-01-07 15:28 . 2009-01-07 15:28 <DIR> d-------- c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 14:05 . 2009-01-07 14:05 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-01-07 14:04 . 2009-01-07 14:04 <DIR> d-------- c:\windows\My Tribe
2009-01-07 14:02 . 2009-01-07 14:02 <DIR> d-------- c:\windows\Mortimer Beckett and the Time Paradox
2009-01-07 14:01 . 2009-01-07 14:01 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\windows\Jungle Quest
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 13:48 . 2009-01-07 13:48 <DIR> d-------- c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 13:47 . 2009-01-07 13:47 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2009-01-07 13:21 . 2009-01-07 13:21 <DIR> d-------- c:\windows\Herods Lost Tomb
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\programdata\PlayFirst
2009-01-07 12:39 . 2009-01-07 12:39 <DIR> d-------- c:\windows\Fitness Dash
2009-01-07 12:24 . 2009-01-07 12:32 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 11:53 . 2009-01-07 11:53 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2009-01-07 11:41 . 2009-01-07 11:41 <DIR> d-------- c:\programdata\Playrix Entertainment
2009-01-07 11:39 . 2009-01-07 11:39 <DIR> d-------- c:\windows\4 Elements
2009-01-07 09:27 . 2009-01-07 09:27 <DIR> d-------- c:\users\Roman\AppData\Roaming\XRay Engine
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\GHISLER
2008-12-28 16:20 . 2008-12-28 16:22 <DIR> d-------- C:\totalcmd
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\UC.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\RAR.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\LHA.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\ARJ.PIF
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\windows\vbSkinner
2008-12-27 19:46 . 2008-12-27 19:49 <DIR> d-------- c:\program files\PFConfig
2008-12-25 14:22 . 2009-01-03 09:50 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-24 16:09 . 2009-01-11 17:49 <DIR> d-------- c:\users\Roman\AppData\Roaming\Vso
2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\VSO
2008-12-24 15:18 . 2008-12-24 16:12 <DIR> d-------- c:\program files\KillProcess
2008-12-24 13:16 . 2009-01-19 20:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-24 09:24 . 2009-01-13 18:02 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-23 14:51 . 2008-12-23 14:51 <DIR> d-------- c:\users\Roman\AppData\Roaming\qUninst
2008-12-23 14:51 . 2008-12-24 15:13 <DIR> d-------- c:\program files\Quick Uninstaller
2008-12-23 14:51 . 2006-10-13 14:30 198,144 --a------ c:\windows\System32\quApplet.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 07:50 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 14:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-21 12:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 07:42 --------- d-----w c:\program files\Windows Mail
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-14 07:51 --------- d-----w c:\programdata\Ubisoft
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
2008-12-01 16:11 --------- d-----w c:\programdata\LangSoft
2008-12-01 15:49 --------- d-----w c:\program files\ABC Transdict
2008-12-01 12:59 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-30 09:32 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-30 09:32 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2008-11-30 09:32 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2008-11-30 09:32 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-30 07:30 --------- d-----w c:\users\Roman\AppData\Roaming\DAEMON Tools
2008-11-29 22:39 --------- d-----w c:\program files\ZipItFree
2008-11-29 19:26 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-29 19:25 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-11-29 09:28 15,261,184 ----a-w c:\users\Roman\jre-6u10-windows-x64.exe
2008-11-24 17:51 --------- d-----w c:\program files\Yahoo!
2008-11-24 17:51 --------- d-----w c:\program files\CCleaner
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 19:14 --------- d-----w c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 12:59 --------- d-----w c:\program files\Trend Micro
2008-11-23 07:17 --------- d-----w c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-18 06:02 901,120 ----a-w c:\windows\TMUninst.exe
2008-11-16 02:49 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} ----

2009-01-17 17:50 17097728 --a------ c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}\{29547529-F4C7-4B61-AC98-3E15F8B99F96}.msi


((((((((((((((((((((((((((((( snapshot@2009-01-21_21.07.32.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-21 14:31:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-21 22:34:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-21 14:31:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-21 22:34:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-21 14:32:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-21 22:36:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-01-21 14:33:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-21 22:36:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-21 22:36:23 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-21 19:47:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-22 07:51:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-21 20:18:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012120090122\index.dat
- 2009-01-21 19:47:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-22 07:51:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-21 19:47:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-22 07:51:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-21 14:33:56 8,970 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1194267248-1010412562-4272569831-1000_UserData.bin
+ 2009-01-21 22:36:43 8,970 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1194267248-1010412562-4272569831-1000_UserData.bin
- 2009-01-21 14:33:55 72,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-21 22:36:43 72,122 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-20 13:02:55 49,150 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-21 22:36:42 49,846 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-20 1817600]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2009-01-20 141312]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccf97bc6-be4d-11dd-96dc-001e8c8faa7a}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'

2009-01-22 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-01-22 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 09:04:19
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-01-22 9:05:19
ComboFix-quarantined-files.txt 2009-01-22 08:05:08
ComboFix2.txt 2009-01-21 20:08:22

Před spuštěním: Volných bajtů: 172 915 965 952
Po spuštění: Volných bajtů: 172,884,471,808

352 --- E O F --- 2009-01-16 21:28:25




--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe

--
End of file - 9599 bytes

[jaro3]

To je divné...PC vypadá čisté, ale bohužel jsou tam pozůstaky po SpywareTerminátoru ( špatně odinstalován).
V logu HJT není tak jsem z toho vycházel. Odinstalovat asi nepůjde , ale můžeš zkusit.
Odinstaluj též toto:
ICQToolBar
DAEMON Tools Toolbar

Když nepůjde odinstalovat ST:
Tedy ještě script v CF:

Kód: Vybrat vše

Folder::
c:\program files\WinClamAVShield
c:\users\Roman\AppData\Roaming\Spyware Terminator
c:\programdata\Spyware Terminator
c:\program files\Spyware Terminátor

File::
c:\windows\System32\drivers\sp_rsdrv2.sys

Driver::
sp_rsdrv2

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"=-


Potom zase nový log z CF a HJT.