Dobrý den prosím o kontrolu logu, notebook se samovolně vypne, nepřehřívají se žádné komponenty
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:47, on 3.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programy\Avast\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Users\KARLKT~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Programy\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [BitComet] "C:\Programy\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winqwp32.rom,DeWRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05}: NameServer = 217.77.161.130 217.77.161.131
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11283 bytes
Prosím o kontrolu logu z HJT(notebook se vypíná)
Prosím o kontrolu logu z HJT(notebook se vypíná)
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Odinstaluj: ICQToolBar
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Zde házím konrolu logu z MBAMu, musím upozornit, že jsem notebook už dříve skenoval, nepamatuji si výsledky a log také nemám uložený.
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1814
Windows 6.0.6001 Service Pack 1
3.3.2009 17:18:23
mbam-log-2009-03-03 (17-18-23).txt
Typ skenu: Rychlý sken
Objektu skenováno: 62806
Uplynulý cas: 2 minute(s), 36 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1814
Windows 6.0.6001 Service Pack 1
3.3.2009 17:18:23
mbam-log-2009-03-03 (17-18-23).txt
Typ skenu: Rychlý sken
Objektu skenováno: 62806
Uplynulý cas: 2 minute(s), 36 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Je tam nákaza..
Pokud máš 32 bitovou verzi win, postupuj takto:
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
P.S. Kvůli restartům můžeš použít ComboFix raději v nouzovém režimu.
Pokud máš 32 bitovou verzi win, postupuj takto:
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
P.S. Kvůli restartům můžeš použít ComboFix raději v nouzovém režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
zde je log z Combofixu
ComboFix 09-03-02.03 - Karlík Tomáš 2009-03-03 18:31:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3066.2007 [GMT 1:00]
Spuštěný z: c:\users\Karlík Tomáš\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bitcometres.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 18:20 . 2009-03-03 18:20 268,106,731 --a------ c:\windows\MEMORY.DMP
2009-03-03 17:11 . 2009-03-03 17:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 17:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 17:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\users\All Users\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\programdata\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d--hs---- c:\windows\ftpcache
2009-02-24 16:27 . 2009-02-24 16:27 266 --a------ c:\windows\game.ini
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 22:36 . 2009-02-21 22:45 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-21 22:36 . 2003-04-01 07:36 94,208 --a------ c:\windows\System32\vbalIml6.ocx
2009-02-21 22:16 . 2004-08-17 15:49 561,179 --a-s---- c:\windows\System32\dao360.dll
2009-02-21 22:16 . 2000-05-22 00:00 203,976 --a-s---- c:\windows\System32\RICHTX32.OCX
2009-02-21 22:16 . 2004-03-09 00:00 132,880 --a-s---- c:\windows\System32\MSINET.OCX
2009-02-21 22:16 . 2000-07-15 00:00 101,888 --a-s---- c:\windows\System32\VB6STKIT.DLL
2009-02-21 22:16 . 1998-06-18 01:00 89,360 --a-s---- c:\windows\System32\VB5DB.DLL
2009-02-21 22:16 . 2003-01-26 12:41 40,960 --a-s---- c:\windows\System32\SSubTmr6.dll
2009-02-21 16:51 . 2009-02-21 22:38 <DIR> d-------- C:\USBStorage
2009-02-21 16:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-20 18:40 . 2009-02-20 18:40 45 --a------ c:\windows\System32\initdebug.nfo
2009-02-18 18:08 . 2009-02-18 18:08 <DIR> dr-h----- c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-17 17:39 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 17:39 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 17:39 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 17:39 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 17:39 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-11 22:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-02-28 09:35 --------- d-----w c:\program files\Launch Manager
2009-02-24 15:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:57 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-21 21:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-18 17:08 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 17:08 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 17:08 --------- d--h--r c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-13 13:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 02:01 --------- d-----w c:\program files\Windows Mail
2009-02-11 08:10 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-11 08:10 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 19:18 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 13:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Macrovision
2009-01-19 16:30 --------- d-----w c:\programdata\Macrovision
2009-01-19 16:30 --------- d-----w c:\program files\Vodafone
2009-01-10 12:59 --------- d-s---w c:\users\Karlík Tomáš\AppData\Roaming\Microsoft
2009-01-08 21:41 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Autodesk
2009-01-08 21:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-08 21:36 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-08 21:31 --------- d-----w c:\programdata\Autodesk
2008-11-20 17:35 22,328 ----a-w c:\users\Karlík Tomáš\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
ComboFix 09-03-02.03 - Karlík Tomáš 2009-03-03 18:31:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3066.2007 [GMT 1:00]
Spuštěný z: c:\users\Karlík Tomáš\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bitcometres.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 18:20 . 2009-03-03 18:20 268,106,731 --a------ c:\windows\MEMORY.DMP
2009-03-03 17:11 . 2009-03-03 17:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 17:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 17:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\users\All Users\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\programdata\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d--hs---- c:\windows\ftpcache
2009-02-24 16:27 . 2009-02-24 16:27 266 --a------ c:\windows\game.ini
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 22:36 . 2009-02-21 22:45 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-21 22:36 . 2003-04-01 07:36 94,208 --a------ c:\windows\System32\vbalIml6.ocx
2009-02-21 22:16 . 2004-08-17 15:49 561,179 --a-s---- c:\windows\System32\dao360.dll
2009-02-21 22:16 . 2000-05-22 00:00 203,976 --a-s---- c:\windows\System32\RICHTX32.OCX
2009-02-21 22:16 . 2004-03-09 00:00 132,880 --a-s---- c:\windows\System32\MSINET.OCX
2009-02-21 22:16 . 2000-07-15 00:00 101,888 --a-s---- c:\windows\System32\VB6STKIT.DLL
2009-02-21 22:16 . 1998-06-18 01:00 89,360 --a-s---- c:\windows\System32\VB5DB.DLL
2009-02-21 22:16 . 2003-01-26 12:41 40,960 --a-s---- c:\windows\System32\SSubTmr6.dll
2009-02-21 16:51 . 2009-02-21 22:38 <DIR> d-------- C:\USBStorage
2009-02-21 16:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-20 18:40 . 2009-02-20 18:40 45 --a------ c:\windows\System32\initdebug.nfo
2009-02-18 18:08 . 2009-02-18 18:08 <DIR> dr-h----- c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-17 17:39 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 17:39 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 17:39 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 17:39 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 17:39 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-11 22:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-02-28 09:35 --------- d-----w c:\program files\Launch Manager
2009-02-24 15:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:57 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-21 21:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-18 17:08 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 17:08 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 17:08 --------- d--h--r c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-13 13:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 02:01 --------- d-----w c:\program files\Windows Mail
2009-02-11 08:10 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-11 08:10 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 19:18 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 13:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Macrovision
2009-01-19 16:30 --------- d-----w c:\programdata\Macrovision
2009-01-19 16:30 --------- d-----w c:\program files\Vodafone
2009-01-10 12:59 --------- d-s---w c:\users\Karlík Tomáš\AppData\Roaming\Microsoft
2009-01-08 21:41 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Autodesk
2009-01-08 21:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-08 21:36 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-08 21:31 --------- d-----w c:\programdata\Autodesk
2008-11-20 17:35 22,328 ----a-w c:\users\Karlík Tomáš\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
omlouvám se za můj omyl .... zde je skutečně celý log
ComboFix 09-03-02.03 - Karlík Tomáš 2009-03-03 18:31:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3066.2007 [GMT 1:00]
Spuštěný z: c:\users\Karlík Tomáš\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bitcometres.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 18:20 . 2009-03-03 18:20 268,106,731 --a------ c:\windows\MEMORY.DMP
2009-03-03 17:11 . 2009-03-03 17:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 17:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 17:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\users\All Users\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\programdata\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d--hs---- c:\windows\ftpcache
2009-02-24 16:27 . 2009-02-24 16:27 266 --a------ c:\windows\game.ini
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 22:36 . 2009-02-21 22:45 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-21 22:36 . 2003-04-01 07:36 94,208 --a------ c:\windows\System32\vbalIml6.ocx
2009-02-21 22:16 . 2004-08-17 15:49 561,179 --a-s---- c:\windows\System32\dao360.dll
2009-02-21 22:16 . 2000-05-22 00:00 203,976 --a-s---- c:\windows\System32\RICHTX32.OCX
2009-02-21 22:16 . 2004-03-09 00:00 132,880 --a-s---- c:\windows\System32\MSINET.OCX
2009-02-21 22:16 . 2000-07-15 00:00 101,888 --a-s---- c:\windows\System32\VB6STKIT.DLL
2009-02-21 22:16 . 1998-06-18 01:00 89,360 --a-s---- c:\windows\System32\VB5DB.DLL
2009-02-21 22:16 . 2003-01-26 12:41 40,960 --a-s---- c:\windows\System32\SSubTmr6.dll
2009-02-21 16:51 . 2009-02-21 22:38 <DIR> d-------- C:\USBStorage
2009-02-21 16:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-20 18:40 . 2009-02-20 18:40 45 --a------ c:\windows\System32\initdebug.nfo
2009-02-18 18:08 . 2009-02-18 18:08 <DIR> dr-h----- c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-17 17:39 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 17:39 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 17:39 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 17:39 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 17:39 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-11 22:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-02-28 09:35 --------- d-----w c:\program files\Launch Manager
2009-02-24 15:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:57 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-21 21:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-18 17:08 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 17:08 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 17:08 --------- d--h--r c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-13 13:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 02:01 --------- d-----w c:\program files\Windows Mail
2009-02-11 08:10 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-11 08:10 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 19:18 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 13:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Macrovision
2009-01-19 16:30 --------- d-----w c:\programdata\Macrovision
2009-01-19 16:30 --------- d-----w c:\program files\Vodafone
2009-01-10 12:59 --------- d-s---w c:\users\Karlík Tomáš\AppData\Roaming\Microsoft
2009-01-08 21:41 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Autodesk
2009-01-08 21:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-08 21:36 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-08 21:31 --------- d-----w c:\programdata\Autodesk
2008-11-20 17:35 22,328 ----a-w c:\users\Karlík Tomáš\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-03-03_17.59.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-03 16:57:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-03 16:57:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-03 15:42:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-03 17:22:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-03 15:42:40 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 17:22:06 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-03 15:42:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-03 17:22:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-03 15:47:58 143,250 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-03 17:27:02 143,250 ----a-w c:\windows\System32\perfc005.dat
- 2009-03-03 15:47:58 128,144 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-03 17:27:02 128,144 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-03 15:47:58 670,666 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-03 17:27:02 670,666 ----a-w c:\windows\System32\perfh005.dat
- 2009-03-03 15:47:58 650,252 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-03 17:27:02 650,252 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-03 15:44:33 10,758 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
+ 2009-03-03 17:22:24 11,128 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
- 2009-03-03 15:44:33 100,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 17:22:24 101,336 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 68856]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-31 3687936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-10 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-31 24064]
"avast!"="c:\programy\Avast\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-31 14:10 3085824 c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 15:24 567560 c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2027541190-559730384-1912191512-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D84111C-57B7-4992-BC68-C666979917BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6884FF46-F981-4823-A7C4-D8CF794323D3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9DCB7025-EB4F-448F-BADB-EBBEDDAB0788}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{DF5A2A51-AD76-4E6D-B5B0-59CCB177AA5D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FFB997BD-3E9A-47F5-9D11-F5B4071EF6F7}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7DAE3262-5554-44BC-8305-EF735781FDE3}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AE3E9577-FDF2-492E-8D8F-BD62125AFB8D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{873337CF-EAB9-44D5-8833-F015AC632C9B}"= UDP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"{AE31E5DB-EDD1-4B37-A59B-385FA551C901}"= TCP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"TCP Query User{F2DE7194-C8E9-414B-95FD-D6FC01A09608}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{B3147176-0CF5-488E-A203-5EEECBCBF650}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{455BC8E5-6AF1-4AC4-8C7D-FC09D72CA5B9}d:\\hry\\warcraft iii\\war3.exe"= UDP:d:\hry\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8BF46AF5-4B1A-4161-A5CF-5B85190A8877}d:\\hry\\warcraft iii\\war3.exe"= TCP:d:\hry\warcraft iii\war3.exe:Warcraft III
"TCP Query User{0E3AE1A5-11F9-487C-8F86-4F7FB8F6C753}d:\\hry\\company of heroes\\reliccoh.exe"= UDP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{B379B00F-97CF-4E37-9C51-EFCAE7D29913}d:\\hry\\company of heroes\\reliccoh.exe"= TCP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{DEFC86E3-6A11-4752-B732-968F314009B4}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{50E0E661-CF28-4F5B-8DFC-E78B6490BF52}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"{BC941C44-A95C-450C-83D8-2C0784F0F4CD}"= UDP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{F5E40CB5-E5B6-47AD-9172-F5B81215A667}"= TCP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{EAC08768-6CFD-42AB-9A55-CDD423ECBD86}"= UDP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0147F871-8C0C-4BA5-A92F-E7B0CA655DDF}"= TCP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9D2AA8BF-D5CF-4680-B495-7085D44BDACA}"= UDP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{510E3393-052C-4AC3-BD46-CECB3467E7C5}"= TCP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{79BE2B29-2192-4C94-97A6-671DC4046170}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{644AD020-7C4B-45D7-A51B-51AF06804868}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3049F07E-E3E7-4A9F-B2D6-BAF922A9176C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1EC6F689-4E85-4A82-BBB8-6D81EB2774E2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D44B72E7-0925-4F2C-AA40-F8FC05EC47FE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{76DD2F4C-0D2B-4B87-88B8-59532DBB4E72}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6D1F515E-40D2-43FF-9A31-396933932366}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{E8C2A3A6-C579-44DA-9450-96913410DCD8}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{3D4B8794-9B4C-4217-A72E-882991B1A44A}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D870A7C0-A55E-4F9E-87D7-E9A49CAF8357}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{A4369710-2195-4536-BD20-3AC243B9CDC1}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{36BC02FA-A077-4863-89F6-7528CB4B2179}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"TCP Query User{66EE6C58-A706-476D-B918-67C7AD93B969}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7E61EE8D-ECB6-4F70-956F-A992A1F0B861}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{66C3F9A2-11CA-4237-BBAB-27289601BE7D}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{893DC732-8F47-46CE-BC02-40C357125C74}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{08467ABE-9A1D-4CC1-91EA-E001077630B7}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{17D94F7A-35FE-49F9-BF25-0DE22C1E31AC}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"TCP Query User{934C4113-6113-4A52-8823-D0DEB46E5173}c:\\programy\\mozilla firefox\\firefox.exe"= UDP:c:\programy\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B678B048-A437-4092-8C11-CEC5D7A94D70}c:\\programy\\mozilla firefox\\firefox.exe"= TCP:c:\programy\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1A332554-5130-4449-873D-87EEC14FC0DE}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{8627EBB4-F920-499F-8303-4700A06EE13B}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"{D68C7F63-871D-4E4A-B467-6E19BAC3FE42}"= UDP:8228:BitComet 8228 TCP
"{3E73ED71-5947-4345-8F40-D6A07E0D4C10}"= TCP:8228:BitComet 8228 UDP
"TCP Query User{9192FB3F-F399-4D87-9D01-CB8E93AB0B5A}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{92E4387C-1688-4C4D-BA2E-9BABF7FAA941}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{CEDADBBD-D15A-43B0-95E9-A65935534D6C}d:\\hry\\left 4 dead\\left4dead.exe"= UDP:d:\hry\left 4 dead\left4dead.exe:left4dead
"UDP Query User{63A456C7-F770-4451-8CC9-F4156A5BAE86}d:\\hry\\left 4 dead\\left4dead.exe"= TCP:d:\hry\left 4 dead\left4dead.exe:left4dead
"TCP Query User{EECF4B75-E0B7-4607-B298-4DEA460AD4A7}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D86C42AF-3DA4-4914-B62E-13808C0FBAF5}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{46AFB0FB-9438-4D78-A195-89014D14739F}d:\\hry\\left4dead\\left4dead.exe"= UDP:d:\hry\left4dead\left4dead.exe:left4dead
"UDP Query User{F6AA41B3-6B0D-4C9E-AE51-C394284B4EB3}d:\\hry\\left4dead\\left4dead.exe"= TCP:d:\hry\left4dead\left4dead.exe:left4dead
"TCP Query User{A5D2EA1D-1CE9-47CF-9B4C-CBA24771BB61}d:\\hry\\hd2\\hd2.exe"= UDP:d:\hry\hd2\hd2.exe:hd2
"UDP Query User{F79D1F63-9FD5-42A9-9E2C-94C20FBE1C6A}d:\\hry\\hd2\\hd2.exe"= TCP:d:\hry\hd2\hd2.exe:hd2
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-10-31 43184]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-08 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-11-01 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-08 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-08 51792]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-19 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-31 3484672]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-01 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2008-04-08 43736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-31 24064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [2008-05-07 17968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a9754c-d74a-11dd-8fbc-00215d44f08c}]
\shell\AutoRun\command - F:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387584d1-e645-11dd-b3d0-001d72d2425b}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a6-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a8-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a29-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - G:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a2b-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - I:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b229a0f-cc09-11dd-ae0d-001d72d2425b}]
\shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c65cc0-cab0-11dd-848a-001d72d2425b}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12754-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12755-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f875-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f876-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb9e764-049c-11de-bd43-00215d44f08c}]
\sheLL\auTopLay\CoMManD - G:\ocqxol.cmd
\sheLL\AutoRun\command - G:\ocqxol.cmd
\sheLL\eXpLoRe\ComMand - G:\ocqxol.cmd
\sheLL\open\CoMmand - G:\ocqxol.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd483df-a853-11dd-9052-001d72d2425b}]
\shell\AutoRun\command - F:\Autorun.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.travian.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddAllLink.htm
TCP: {9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05} = 217.77.161.130 217.77.161.131
FF - ProfilePath - c:\users\Karlík Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\d1mllin8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.lide.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programy\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 18:34:29
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-03-03 18:38:42
ComboFix-quarantined-files.txt 2009-03-03 17:38:39
ComboFix2.txt 2009-03-03 17:01:17
Před spuštěním: Volných bajtů: 107 047 014 400
Po spuštění: Volných bajtů: 107,008,024,576
300 --- E O F --- 2009-03-02 19:53:36
ComboFix 09-03-02.03 - Karlík Tomáš 2009-03-03 18:31:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3066.2007 [GMT 1:00]
Spuštěný z: c:\users\Karlík Tomáš\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bitcometres.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 18:20 . 2009-03-03 18:20 268,106,731 --a------ c:\windows\MEMORY.DMP
2009-03-03 17:11 . 2009-03-03 17:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 17:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 17:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\users\All Users\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\programdata\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d--hs---- c:\windows\ftpcache
2009-02-24 16:27 . 2009-02-24 16:27 266 --a------ c:\windows\game.ini
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 22:36 . 2009-02-21 22:45 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-21 22:36 . 2003-04-01 07:36 94,208 --a------ c:\windows\System32\vbalIml6.ocx
2009-02-21 22:16 . 2004-08-17 15:49 561,179 --a-s---- c:\windows\System32\dao360.dll
2009-02-21 22:16 . 2000-05-22 00:00 203,976 --a-s---- c:\windows\System32\RICHTX32.OCX
2009-02-21 22:16 . 2004-03-09 00:00 132,880 --a-s---- c:\windows\System32\MSINET.OCX
2009-02-21 22:16 . 2000-07-15 00:00 101,888 --a-s---- c:\windows\System32\VB6STKIT.DLL
2009-02-21 22:16 . 1998-06-18 01:00 89,360 --a-s---- c:\windows\System32\VB5DB.DLL
2009-02-21 22:16 . 2003-01-26 12:41 40,960 --a-s---- c:\windows\System32\SSubTmr6.dll
2009-02-21 16:51 . 2009-02-21 22:38 <DIR> d-------- C:\USBStorage
2009-02-21 16:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-20 18:40 . 2009-02-20 18:40 45 --a------ c:\windows\System32\initdebug.nfo
2009-02-18 18:08 . 2009-02-18 18:08 <DIR> dr-h----- c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-17 17:39 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 17:39 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 17:39 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 17:39 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 17:39 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-11 22:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-03-03 17:32 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-02-28 09:35 --------- d-----w c:\program files\Launch Manager
2009-02-24 15:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:57 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-21 21:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-18 17:08 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 17:08 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 17:08 --------- d--h--r c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-13 13:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 02:01 --------- d-----w c:\program files\Windows Mail
2009-02-11 08:10 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-11 08:10 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 19:18 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 13:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Macrovision
2009-01-19 16:30 --------- d-----w c:\programdata\Macrovision
2009-01-19 16:30 --------- d-----w c:\program files\Vodafone
2009-01-10 12:59 --------- d-s---w c:\users\Karlík Tomáš\AppData\Roaming\Microsoft
2009-01-08 21:41 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Autodesk
2009-01-08 21:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-08 21:36 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-08 21:31 --------- d-----w c:\programdata\Autodesk
2008-11-20 17:35 22,328 ----a-w c:\users\Karlík Tomáš\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-03-03_17.59.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-03 16:57:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-03 16:57:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-03 15:42:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-03 17:22:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-03 15:42:40 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 17:22:06 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-03 15:42:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-03 17:22:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-03 15:47:58 143,250 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-03 17:27:02 143,250 ----a-w c:\windows\System32\perfc005.dat
- 2009-03-03 15:47:58 128,144 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-03 17:27:02 128,144 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-03 15:47:58 670,666 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-03 17:27:02 670,666 ----a-w c:\windows\System32\perfh005.dat
- 2009-03-03 15:47:58 650,252 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-03 17:27:02 650,252 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-03 15:44:33 10,758 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
+ 2009-03-03 17:22:24 11,128 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
- 2009-03-03 15:44:33 100,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 17:22:24 101,336 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 68856]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-31 3687936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-10 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-31 24064]
"avast!"="c:\programy\Avast\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-31 14:10 3085824 c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 15:24 567560 c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2027541190-559730384-1912191512-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D84111C-57B7-4992-BC68-C666979917BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6884FF46-F981-4823-A7C4-D8CF794323D3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9DCB7025-EB4F-448F-BADB-EBBEDDAB0788}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{DF5A2A51-AD76-4E6D-B5B0-59CCB177AA5D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FFB997BD-3E9A-47F5-9D11-F5B4071EF6F7}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7DAE3262-5554-44BC-8305-EF735781FDE3}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AE3E9577-FDF2-492E-8D8F-BD62125AFB8D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{873337CF-EAB9-44D5-8833-F015AC632C9B}"= UDP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"{AE31E5DB-EDD1-4B37-A59B-385FA551C901}"= TCP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"TCP Query User{F2DE7194-C8E9-414B-95FD-D6FC01A09608}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{B3147176-0CF5-488E-A203-5EEECBCBF650}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{455BC8E5-6AF1-4AC4-8C7D-FC09D72CA5B9}d:\\hry\\warcraft iii\\war3.exe"= UDP:d:\hry\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8BF46AF5-4B1A-4161-A5CF-5B85190A8877}d:\\hry\\warcraft iii\\war3.exe"= TCP:d:\hry\warcraft iii\war3.exe:Warcraft III
"TCP Query User{0E3AE1A5-11F9-487C-8F86-4F7FB8F6C753}d:\\hry\\company of heroes\\reliccoh.exe"= UDP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{B379B00F-97CF-4E37-9C51-EFCAE7D29913}d:\\hry\\company of heroes\\reliccoh.exe"= TCP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{DEFC86E3-6A11-4752-B732-968F314009B4}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{50E0E661-CF28-4F5B-8DFC-E78B6490BF52}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"{BC941C44-A95C-450C-83D8-2C0784F0F4CD}"= UDP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{F5E40CB5-E5B6-47AD-9172-F5B81215A667}"= TCP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{EAC08768-6CFD-42AB-9A55-CDD423ECBD86}"= UDP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0147F871-8C0C-4BA5-A92F-E7B0CA655DDF}"= TCP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9D2AA8BF-D5CF-4680-B495-7085D44BDACA}"= UDP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{510E3393-052C-4AC3-BD46-CECB3467E7C5}"= TCP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{79BE2B29-2192-4C94-97A6-671DC4046170}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{644AD020-7C4B-45D7-A51B-51AF06804868}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3049F07E-E3E7-4A9F-B2D6-BAF922A9176C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1EC6F689-4E85-4A82-BBB8-6D81EB2774E2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D44B72E7-0925-4F2C-AA40-F8FC05EC47FE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{76DD2F4C-0D2B-4B87-88B8-59532DBB4E72}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6D1F515E-40D2-43FF-9A31-396933932366}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{E8C2A3A6-C579-44DA-9450-96913410DCD8}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{3D4B8794-9B4C-4217-A72E-882991B1A44A}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D870A7C0-A55E-4F9E-87D7-E9A49CAF8357}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{A4369710-2195-4536-BD20-3AC243B9CDC1}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{36BC02FA-A077-4863-89F6-7528CB4B2179}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"TCP Query User{66EE6C58-A706-476D-B918-67C7AD93B969}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7E61EE8D-ECB6-4F70-956F-A992A1F0B861}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{66C3F9A2-11CA-4237-BBAB-27289601BE7D}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{893DC732-8F47-46CE-BC02-40C357125C74}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{08467ABE-9A1D-4CC1-91EA-E001077630B7}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{17D94F7A-35FE-49F9-BF25-0DE22C1E31AC}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"TCP Query User{934C4113-6113-4A52-8823-D0DEB46E5173}c:\\programy\\mozilla firefox\\firefox.exe"= UDP:c:\programy\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B678B048-A437-4092-8C11-CEC5D7A94D70}c:\\programy\\mozilla firefox\\firefox.exe"= TCP:c:\programy\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1A332554-5130-4449-873D-87EEC14FC0DE}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{8627EBB4-F920-499F-8303-4700A06EE13B}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"{D68C7F63-871D-4E4A-B467-6E19BAC3FE42}"= UDP:8228:BitComet 8228 TCP
"{3E73ED71-5947-4345-8F40-D6A07E0D4C10}"= TCP:8228:BitComet 8228 UDP
"TCP Query User{9192FB3F-F399-4D87-9D01-CB8E93AB0B5A}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{92E4387C-1688-4C4D-BA2E-9BABF7FAA941}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{CEDADBBD-D15A-43B0-95E9-A65935534D6C}d:\\hry\\left 4 dead\\left4dead.exe"= UDP:d:\hry\left 4 dead\left4dead.exe:left4dead
"UDP Query User{63A456C7-F770-4451-8CC9-F4156A5BAE86}d:\\hry\\left 4 dead\\left4dead.exe"= TCP:d:\hry\left 4 dead\left4dead.exe:left4dead
"TCP Query User{EECF4B75-E0B7-4607-B298-4DEA460AD4A7}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D86C42AF-3DA4-4914-B62E-13808C0FBAF5}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{46AFB0FB-9438-4D78-A195-89014D14739F}d:\\hry\\left4dead\\left4dead.exe"= UDP:d:\hry\left4dead\left4dead.exe:left4dead
"UDP Query User{F6AA41B3-6B0D-4C9E-AE51-C394284B4EB3}d:\\hry\\left4dead\\left4dead.exe"= TCP:d:\hry\left4dead\left4dead.exe:left4dead
"TCP Query User{A5D2EA1D-1CE9-47CF-9B4C-CBA24771BB61}d:\\hry\\hd2\\hd2.exe"= UDP:d:\hry\hd2\hd2.exe:hd2
"UDP Query User{F79D1F63-9FD5-42A9-9E2C-94C20FBE1C6A}d:\\hry\\hd2\\hd2.exe"= TCP:d:\hry\hd2\hd2.exe:hd2
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-10-31 43184]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-08 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-11-01 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-08 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-08 51792]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-19 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-31 3484672]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-01 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2008-04-08 43736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-31 24064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [2008-05-07 17968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a9754c-d74a-11dd-8fbc-00215d44f08c}]
\shell\AutoRun\command - F:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387584d1-e645-11dd-b3d0-001d72d2425b}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a6-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a8-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a29-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - G:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a2b-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - I:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b229a0f-cc09-11dd-ae0d-001d72d2425b}]
\shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c65cc0-cab0-11dd-848a-001d72d2425b}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12754-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12755-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f875-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f876-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb9e764-049c-11de-bd43-00215d44f08c}]
\sheLL\auTopLay\CoMManD - G:\ocqxol.cmd
\sheLL\AutoRun\command - G:\ocqxol.cmd
\sheLL\eXpLoRe\ComMand - G:\ocqxol.cmd
\sheLL\open\CoMmand - G:\ocqxol.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd483df-a853-11dd-9052-001d72d2425b}]
\shell\AutoRun\command - F:\Autorun.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.travian.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddAllLink.htm
TCP: {9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05} = 217.77.161.130 217.77.161.131
FF - ProfilePath - c:\users\Karlík Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\d1mllin8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.lide.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programy\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 18:34:29
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2009-03-03 18:38:42
ComboFix-quarantined-files.txt 2009-03-03 17:38:39
ComboFix2.txt 2009-03-03 17:01:17
Před spuštěním: Volných bajtů: 107 047 014 400
Po spuštění: Volných bajtů: 107,008,024,576
300 --- E O F --- 2009-03-02 19:53:36
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
nemůžu najít soubor G:\ocqxol.cmd Disk G: je poskytovatel internetu přes vodafone
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Aha , tak to necháme, i když žádný takový soubor jsem nikde nenašel.....
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86c65cc0-cab0-11dd-848a-001d72d2425b}]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
ComboFix 09-03-02.03 - Karlík Tomáš 2009-03-03 20:12:06.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3066.1772 [GMT 1:00]
Spuštěný z: c:\users\Karlík Tomáš\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karlík Tomáš\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 18:20 . 2009-03-03 18:20 268,106,731 --a------ c:\windows\MEMORY.DMP
2009-03-03 17:11 . 2009-03-03 17:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 17:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 17:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\users\All Users\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\programdata\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d--hs---- c:\windows\ftpcache
2009-02-24 16:27 . 2009-02-24 16:27 266 --a------ c:\windows\game.ini
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 22:36 . 2009-02-21 22:45 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-21 22:36 . 2003-04-01 07:36 94,208 --a------ c:\windows\System32\vbalIml6.ocx
2009-02-21 22:16 . 2004-08-17 15:49 561,179 --a-s---- c:\windows\System32\dao360.dll
2009-02-21 22:16 . 2000-05-22 00:00 203,976 --a-s---- c:\windows\System32\RICHTX32.OCX
2009-02-21 22:16 . 2004-03-09 00:00 132,880 --a-s---- c:\windows\System32\MSINET.OCX
2009-02-21 22:16 . 2000-07-15 00:00 101,888 --a-s---- c:\windows\System32\VB6STKIT.DLL
2009-02-21 22:16 . 1998-06-18 01:00 89,360 --a-s---- c:\windows\System32\VB5DB.DLL
2009-02-21 22:16 . 2003-01-26 12:41 40,960 --a-s---- c:\windows\System32\SSubTmr6.dll
2009-02-21 16:51 . 2009-02-21 22:38 <DIR> d-------- C:\USBStorage
2009-02-21 16:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-20 18:40 . 2009-02-20 18:40 45 --a------ c:\windows\System32\initdebug.nfo
2009-02-18 18:08 . 2009-02-18 18:08 <DIR> dr-h----- c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-17 17:39 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 17:39 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 17:39 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 17:39 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 17:39 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-11 22:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 19:12 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-03-03 19:12 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-02-28 09:35 --------- d-----w c:\program files\Launch Manager
2009-02-24 15:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:57 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-21 21:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-18 17:08 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 17:08 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 17:08 --------- d--h--r c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-13 13:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 02:01 --------- d-----w c:\program files\Windows Mail
2009-02-11 08:10 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-11 08:10 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 19:18 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 13:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Macrovision
2009-01-19 16:30 --------- d-----w c:\programdata\Macrovision
2009-01-19 16:30 --------- d-----w c:\program files\Vodafone
2009-01-10 12:59 --------- d-s---w c:\users\Karlík Tomáš\AppData\Roaming\Microsoft
2009-01-08 21:41 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Autodesk
2009-01-08 21:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-08 21:36 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-08 21:31 --------- d-----w c:\programdata\Autodesk
2008-11-20 17:35 22,328 ----a-w c:\users\Karlík Tomáš\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-03-03_17.59.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-03 16:57:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-03 16:57:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-03 15:42:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-03 17:22:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-03 15:42:40 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 17:22:06 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-03 15:42:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-03 17:22:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-03 15:47:58 143,250 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-03 17:27:02 143,250 ----a-w c:\windows\System32\perfc005.dat
- 2009-03-03 15:47:58 128,144 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-03 17:27:02 128,144 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-03 15:47:58 670,666 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-03 17:27:02 670,666 ----a-w c:\windows\System32\perfh005.dat
- 2009-03-03 15:47:58 650,252 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-03 17:27:02 650,252 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-03 15:44:33 10,758 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
+ 2009-03-03 17:22:24 11,128 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
- 2009-03-03 15:44:33 100,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 17:22:24 101,336 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 68856]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-31 3687936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-10 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-31 24064]
"avast!"="c:\programy\Avast\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-31 14:10 3085824 c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 15:24 567560 c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2027541190-559730384-1912191512-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D84111C-57B7-4992-BC68-C666979917BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6884FF46-F981-4823-A7C4-D8CF794323D3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9DCB7025-EB4F-448F-BADB-EBBEDDAB0788}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{DF5A2A51-AD76-4E6D-B5B0-59CCB177AA5D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FFB997BD-3E9A-47F5-9D11-F5B4071EF6F7}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7DAE3262-5554-44BC-8305-EF735781FDE3}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AE3E9577-FDF2-492E-8D8F-BD62125AFB8D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{873337CF-EAB9-44D5-8833-F015AC632C9B}"= UDP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"{AE31E5DB-EDD1-4B37-A59B-385FA551C901}"= TCP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"TCP Query User{F2DE7194-C8E9-414B-95FD-D6FC01A09608}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{B3147176-0CF5-488E-A203-5EEECBCBF650}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{455BC8E5-6AF1-4AC4-8C7D-FC09D72CA5B9}d:\\hry\\warcraft iii\\war3.exe"= UDP:d:\hry\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8BF46AF5-4B1A-4161-A5CF-5B85190A8877}d:\\hry\\warcraft iii\\war3.exe"= TCP:d:\hry\warcraft iii\war3.exe:Warcraft III
"TCP Query User{0E3AE1A5-11F9-487C-8F86-4F7FB8F6C753}d:\\hry\\company of heroes\\reliccoh.exe"= UDP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{B379B00F-97CF-4E37-9C51-EFCAE7D29913}d:\\hry\\company of heroes\\reliccoh.exe"= TCP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{DEFC86E3-6A11-4752-B732-968F314009B4}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{50E0E661-CF28-4F5B-8DFC-E78B6490BF52}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"{BC941C44-A95C-450C-83D8-2C0784F0F4CD}"= UDP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{F5E40CB5-E5B6-47AD-9172-F5B81215A667}"= TCP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{EAC08768-6CFD-42AB-9A55-CDD423ECBD86}"= UDP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0147F871-8C0C-4BA5-A92F-E7B0CA655DDF}"= TCP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9D2AA8BF-D5CF-4680-B495-7085D44BDACA}"= UDP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{510E3393-052C-4AC3-BD46-CECB3467E7C5}"= TCP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{79BE2B29-2192-4C94-97A6-671DC4046170}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{644AD020-7C4B-45D7-A51B-51AF06804868}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3049F07E-E3E7-4A9F-B2D6-BAF922A9176C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1EC6F689-4E85-4A82-BBB8-6D81EB2774E2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D44B72E7-0925-4F2C-AA40-F8FC05EC47FE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{76DD2F4C-0D2B-4B87-88B8-59532DBB4E72}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6D1F515E-40D2-43FF-9A31-396933932366}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{E8C2A3A6-C579-44DA-9450-96913410DCD8}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{3D4B8794-9B4C-4217-A72E-882991B1A44A}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D870A7C0-A55E-4F9E-87D7-E9A49CAF8357}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{A4369710-2195-4536-BD20-3AC243B9CDC1}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{36BC02FA-A077-4863-89F6-7528CB4B2179}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"TCP Query User{66EE6C58-A706-476D-B918-67C7AD93B969}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7E61EE8D-ECB6-4F70-956F-A992A1F0B861}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{66C3F9A2-11CA-4237-BBAB-27289601BE7D}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{893DC732-8F47-46CE-BC02-40C357125C74}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{08467ABE-9A1D-4CC1-91EA-E001077630B7}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{17D94F7A-35FE-49F9-BF25-0DE22C1E31AC}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"TCP Query User{934C4113-6113-4A52-8823-D0DEB46E5173}c:\\programy\\mozilla firefox\\firefox.exe"= UDP:c:\programy\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B678B048-A437-4092-8C11-CEC5D7A94D70}c:\\programy\\mozilla firefox\\firefox.exe"= TCP:c:\programy\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1A332554-5130-4449-873D-87EEC14FC0DE}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{8627EBB4-F920-499F-8303-4700A06EE13B}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"{D68C7F63-871D-4E4A-B467-6E19BAC3FE42}"= UDP:8228:BitComet 8228 TCP
"{3E73ED71-5947-4345-8F40-D6A07E0D4C10}"= TCP:8228:BitComet 8228 UDP
"TCP Query User{9192FB3F-F399-4D87-9D01-CB8E93AB0B5A}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{92E4387C-1688-4C4D-BA2E-9BABF7FAA941}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{CEDADBBD-D15A-43B0-95E9-A65935534D6C}d:\\hry\\left 4 dead\\left4dead.exe"= UDP:d:\hry\left 4 dead\left4dead.exe:left4dead
"UDP Query User{63A456C7-F770-4451-8CC9-F4156A5BAE86}d:\\hry\\left 4 dead\\left4dead.exe"= TCP:d:\hry\left 4 dead\left4dead.exe:left4dead
"TCP Query User{EECF4B75-E0B7-4607-B298-4DEA460AD4A7}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D86C42AF-3DA4-4914-B62E-13808C0FBAF5}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{46AFB0FB-9438-4D78-A195-89014D14739F}d:\\hry\\left4dead\\left4dead.exe"= UDP:d:\hry\left4dead\left4dead.exe:left4dead
"UDP Query User{F6AA41B3-6B0D-4C9E-AE51-C394284B4EB3}d:\\hry\\left4dead\\left4dead.exe"= TCP:d:\hry\left4dead\left4dead.exe:left4dead
"TCP Query User{A5D2EA1D-1CE9-47CF-9B4C-CBA24771BB61}d:\\hry\\hd2\\hd2.exe"= UDP:d:\hry\hd2\hd2.exe:hd2
"UDP Query User{F79D1F63-9FD5-42A9-9E2C-94C20FBE1C6A}d:\\hry\\hd2\\hd2.exe"= TCP:d:\hry\hd2\hd2.exe:hd2
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-10-31 43184]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-08 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-11-01 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-08 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-08 51792]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-19 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-31 3484672]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-01 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2008-04-08 43736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-31 24064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [2008-05-07 17968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a9754c-d74a-11dd-8fbc-00215d44f08c}]
\shell\AutoRun\command - F:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387584d1-e645-11dd-b3d0-001d72d2425b}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a6-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a8-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a29-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - G:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a2b-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - I:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b229a0f-cc09-11dd-ae0d-001d72d2425b}]
\shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12754-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12755-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f875-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f876-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb9e764-049c-11de-bd43-00215d44f08c}]
\sheLL\auTopLay\CoMManD - G:\ocqxol.cmd
\sheLL\AutoRun\command - G:\ocqxol.cmd
\sheLL\eXpLoRe\ComMand - G:\ocqxol.cmd
\sheLL\open\CoMmand - G:\ocqxol.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd483df-a853-11dd-9052-001d72d2425b}]
\shell\AutoRun\command - F:\Autorun.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.travian.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddAllLink.htm
TCP: {9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05} = 217.77.161.130 217.77.161.131
FF - ProfilePath - c:\users\Karlík Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\d1mllin8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.lide.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programy\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 20:14:27
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP0000007EBE57F40B4B966589 524288 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4588)
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2009-03-03 20:18:44
ComboFix-quarantined-files.txt 2009-03-03 19:18:41
ComboFix2.txt 2009-03-03 17:38:43
ComboFix3.txt 2009-03-03 17:01:17
Před spuštěním: Volných bajtů: 109 222 141 952
Po spuštění: Volných bajtů: 108,868,050,944
300 --- E O F --- 2009-03-02 19:53:36
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3066.1772 [GMT 1:00]
Spuštěný z: c:\users\Karlík Tomáš\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karlík Tomáš\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1290 [VPS 081121-0] *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))
.
2009-03-03 18:20 . 2009-03-03 18:20 268,106,731 --a------ c:\windows\MEMORY.DMP
2009-03-03 17:11 . 2009-03-03 17:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 17:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 17:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\users\All Users\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\programdata\ICQ
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-02-24 16:28 . 2009-02-24 16:28 <DIR> d--hs---- c:\windows\ftpcache
2009-02-24 16:27 . 2009-02-24 16:27 266 --a------ c:\windows\game.ini
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 22:57 . 2009-02-22 22:57 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-21 22:36 . 2009-02-21 22:45 <DIR> d-------- c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-21 22:36 . 2003-04-01 07:36 94,208 --a------ c:\windows\System32\vbalIml6.ocx
2009-02-21 22:16 . 2004-08-17 15:49 561,179 --a-s---- c:\windows\System32\dao360.dll
2009-02-21 22:16 . 2000-05-22 00:00 203,976 --a-s---- c:\windows\System32\RICHTX32.OCX
2009-02-21 22:16 . 2004-03-09 00:00 132,880 --a-s---- c:\windows\System32\MSINET.OCX
2009-02-21 22:16 . 2000-07-15 00:00 101,888 --a-s---- c:\windows\System32\VB6STKIT.DLL
2009-02-21 22:16 . 1998-06-18 01:00 89,360 --a-s---- c:\windows\System32\VB5DB.DLL
2009-02-21 22:16 . 2003-01-26 12:41 40,960 --a-s---- c:\windows\System32\SSubTmr6.dll
2009-02-21 16:51 . 2009-02-21 22:38 <DIR> d-------- C:\USBStorage
2009-02-21 16:50 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-02-20 18:40 . 2009-02-20 18:40 45 --a------ c:\windows\System32\initdebug.nfo
2009-02-18 18:08 . 2009-02-18 18:08 <DIR> dr-h----- c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-17 17:39 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 17:39 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 17:39 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 17:39 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 17:39 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-12 14:43 . 2009-02-12 14:43 <DIR> d-------- c:\users\Karlík Tomáš\NFS ProStreet
2009-02-11 22:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 22:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 19:12 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-03-03 19:12 3,407,872 --sha-w c:\users\Karlík Tomáš\ntuser.dat
2009-02-28 09:35 --------- d-----w c:\program files\Launch Manager
2009-02-24 15:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 21:57 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Malwarebytes
2009-02-21 21:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\365dni
2009-02-18 17:08 183,112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 17:08 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 17:08 --------- d--h--r c:\users\Karlík Tomáš\AppData\Roaming\SecuROM
2009-02-13 13:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 02:01 --------- d-----w c:\program files\Windows Mail
2009-02-11 08:10 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-02-11 08:10 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 19:18 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 13:45 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Macrovision
2009-01-19 16:30 --------- d-----w c:\programdata\Macrovision
2009-01-19 16:30 --------- d-----w c:\program files\Vodafone
2009-01-10 12:59 --------- d-s---w c:\users\Karlík Tomáš\AppData\Roaming\Microsoft
2009-01-08 21:41 --------- d-----w c:\users\Karlík Tomáš\AppData\Roaming\Autodesk
2009-01-08 21:36 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-08 21:36 --------- d-----w c:\program files\AnswerWorks 4.0
2009-01-08 21:31 --------- d-----w c:\programdata\Autodesk
2008-11-20 17:35 22,328 ----a-w c:\users\Karlík Tomáš\AppData\Roaming\PnkBstrK.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-03-03_17.59.09.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-03 17:20:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-03 16:57:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-03 17:22:03 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-03 16:57:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-03 17:21:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-03 15:42:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-03 17:22:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-03 15:42:40 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 17:22:06 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-03 15:42:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-03 17:22:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-03 15:47:58 143,250 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-03 17:27:02 143,250 ----a-w c:\windows\System32\perfc005.dat
- 2009-03-03 15:47:58 128,144 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-03 17:27:02 128,144 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-03 15:47:58 670,666 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-03 17:27:02 670,666 ----a-w c:\windows\System32\perfh005.dat
- 2009-03-03 15:47:58 650,252 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-03 17:27:02 650,252 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-03 15:44:33 10,758 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
+ 2009-03-03 17:22:24 11,128 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2027541190-559730384-1912191512-1003_UserData.bin
- 2009-03-03 15:44:33 100,574 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 17:22:24 101,336 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 68856]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-31 3687936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-10 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-31 24064]
"avast!"="c:\programy\Avast\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-31 14:10 3085824 c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 15:24 567560 c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2027541190-559730384-1912191512-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D84111C-57B7-4992-BC68-C666979917BF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6884FF46-F981-4823-A7C4-D8CF794323D3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{9DCB7025-EB4F-448F-BADB-EBBEDDAB0788}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{DF5A2A51-AD76-4E6D-B5B0-59CCB177AA5D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FFB997BD-3E9A-47F5-9D11-F5B4071EF6F7}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7DAE3262-5554-44BC-8305-EF735781FDE3}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AE3E9577-FDF2-492E-8D8F-BD62125AFB8D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{873337CF-EAB9-44D5-8833-F015AC632C9B}"= UDP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"{AE31E5DB-EDD1-4B37-A59B-385FA551C901}"= TCP:c:\program files\Willing Webcam\wwcam.exe:Willing Webcam
"TCP Query User{F2DE7194-C8E9-414B-95FD-D6FC01A09608}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{B3147176-0CF5-488E-A203-5EEECBCBF650}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{455BC8E5-6AF1-4AC4-8C7D-FC09D72CA5B9}d:\\hry\\warcraft iii\\war3.exe"= UDP:d:\hry\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8BF46AF5-4B1A-4161-A5CF-5B85190A8877}d:\\hry\\warcraft iii\\war3.exe"= TCP:d:\hry\warcraft iii\war3.exe:Warcraft III
"TCP Query User{0E3AE1A5-11F9-487C-8F86-4F7FB8F6C753}d:\\hry\\company of heroes\\reliccoh.exe"= UDP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{B379B00F-97CF-4E37-9C51-EFCAE7D29913}d:\\hry\\company of heroes\\reliccoh.exe"= TCP:d:\hry\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{DEFC86E3-6A11-4752-B732-968F314009B4}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{50E0E661-CF28-4F5B-8DFC-E78B6490BF52}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"{BC941C44-A95C-450C-83D8-2C0784F0F4CD}"= UDP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{F5E40CB5-E5B6-47AD-9172-F5B81215A667}"= TCP:d:\hry\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{EAC08768-6CFD-42AB-9A55-CDD423ECBD86}"= UDP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0147F871-8C0C-4BA5-A92F-E7B0CA655DDF}"= TCP:d:\hry\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9D2AA8BF-D5CF-4680-B495-7085D44BDACA}"= UDP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{510E3393-052C-4AC3-BD46-CECB3467E7C5}"= TCP:d:\hry\Far Cry 2\bin\FC2Editor.exe:Editor
"{79BE2B29-2192-4C94-97A6-671DC4046170}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{644AD020-7C4B-45D7-A51B-51AF06804868}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3049F07E-E3E7-4A9F-B2D6-BAF922A9176C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1EC6F689-4E85-4A82-BBB8-6D81EB2774E2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D44B72E7-0925-4F2C-AA40-F8FC05EC47FE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{76DD2F4C-0D2B-4B87-88B8-59532DBB4E72}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6D1F515E-40D2-43FF-9A31-396933932366}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{E8C2A3A6-C579-44DA-9450-96913410DCD8}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{3D4B8794-9B4C-4217-A72E-882991B1A44A}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D870A7C0-A55E-4F9E-87D7-E9A49CAF8357}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{A4369710-2195-4536-BD20-3AC243B9CDC1}c:\\programy\\icq6\\icq.exe"= UDP:c:\programy\icq6\icq.exe:ICQ Library
"UDP Query User{36BC02FA-A077-4863-89F6-7528CB4B2179}c:\\programy\\icq6\\icq.exe"= TCP:c:\programy\icq6\icq.exe:ICQ Library
"TCP Query User{66EE6C58-A706-476D-B918-67C7AD93B969}c:\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7E61EE8D-ECB6-4F70-956F-A992A1F0B861}c:\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{66C3F9A2-11CA-4237-BBAB-27289601BE7D}d:\\hry\\counter-strike source\\hl2.exe"= UDP:d:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{893DC732-8F47-46CE-BC02-40C357125C74}d:\\hry\\counter-strike source\\hl2.exe"= TCP:d:\hry\counter-strike source\hl2.exe:hl2
"TCP Query User{08467ABE-9A1D-4CC1-91EA-E001077630B7}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{17D94F7A-35FE-49F9-BF25-0DE22C1E31AC}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"TCP Query User{934C4113-6113-4A52-8823-D0DEB46E5173}c:\\programy\\mozilla firefox\\firefox.exe"= UDP:c:\programy\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B678B048-A437-4092-8C11-CEC5D7A94D70}c:\\programy\\mozilla firefox\\firefox.exe"= TCP:c:\programy\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1A332554-5130-4449-873D-87EEC14FC0DE}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= UDP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"UDP Query User{8627EBB4-F920-499F-8303-4700A06EE13B}d:\\hry\\cs 1.6\\valve\\cstrike.exe"= TCP:d:\hry\cs 1.6\valve\cstrike.exe:Counter-Strike Launcher
"{D68C7F63-871D-4E4A-B467-6E19BAC3FE42}"= UDP:8228:BitComet 8228 TCP
"{3E73ED71-5947-4345-8F40-D6A07E0D4C10}"= TCP:8228:BitComet 8228 UDP
"TCP Query User{9192FB3F-F399-4D87-9D01-CB8E93AB0B5A}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{92E4387C-1688-4C4D-BA2E-9BABF7FAA941}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{CEDADBBD-D15A-43B0-95E9-A65935534D6C}d:\\hry\\left 4 dead\\left4dead.exe"= UDP:d:\hry\left 4 dead\left4dead.exe:left4dead
"UDP Query User{63A456C7-F770-4451-8CC9-F4156A5BAE86}d:\\hry\\left 4 dead\\left4dead.exe"= TCP:d:\hry\left 4 dead\left4dead.exe:left4dead
"TCP Query User{EECF4B75-E0B7-4607-B298-4DEA460AD4A7}d:\\hry\\call of duty 2\\cod2mp_s.exe"= UDP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{D86C42AF-3DA4-4914-B62E-13808C0FBAF5}d:\\hry\\call of duty 2\\cod2mp_s.exe"= TCP:d:\hry\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{46AFB0FB-9438-4D78-A195-89014D14739F}d:\\hry\\left4dead\\left4dead.exe"= UDP:d:\hry\left4dead\left4dead.exe:left4dead
"UDP Query User{F6AA41B3-6B0D-4C9E-AE51-C394284B4EB3}d:\\hry\\left4dead\\left4dead.exe"= TCP:d:\hry\left4dead\left4dead.exe:left4dead
"TCP Query User{A5D2EA1D-1CE9-47CF-9B4C-CBA24771BB61}d:\\hry\\hd2\\hd2.exe"= UDP:d:\hry\hd2\hd2.exe:hd2
"UDP Query User{F79D1F63-9FD5-42A9-9E2C-94C20FBE1C6A}d:\\hry\\hd2\\hd2.exe"= TCP:d:\hry\hd2\hd2.exe:hd2
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-10-31 43184]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-08 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-11-01 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-08 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-08 51792]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-19 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-31 3484672]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-01 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2008-04-08 43736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-31 24064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [2008-05-07 17968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a9754c-d74a-11dd-8fbc-00215d44f08c}]
\shell\AutoRun\command - F:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387584d1-e645-11dd-b3d0-001d72d2425b}]
\shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a6-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396e4a8-04e1-11de-8e7c-001d72d2425b}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a29-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - G:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f28a2b-a925-11dd-b337-00215d44f08c}]
\shell\AutoRun\command - I:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b229a0f-cc09-11dd-ae0d-001d72d2425b}]
\shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12754-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a12755-0803-11de-bca3-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f875-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a0f876-01b9-11de-947c-00215d44f08c}]
\shell\AutoRun\command - G:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb9e764-049c-11de-bd43-00215d44f08c}]
\sheLL\auTopLay\CoMManD - G:\ocqxol.cmd
\sheLL\AutoRun\command - G:\ocqxol.cmd
\sheLL\eXpLoRe\ComMand - G:\ocqxol.cmd
\sheLL\open\CoMmand - G:\ocqxol.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd483df-a853-11dd-9052-001d72d2425b}]
\shell\AutoRun\command - F:\Autorun.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.travian.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\programy\BitComet\BitComet.exe/AddAllLink.htm
TCP: {9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05} = 217.77.161.130 217.77.161.131
FF - ProfilePath - c:\users\Karlík Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\d1mllin8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.lide.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programy\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 20:14:27
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP0000007EBE57F40B4B966589 524288 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4588)
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2009-03-03 20:18:44
ComboFix-quarantined-files.txt 2009-03-03 19:18:41
ComboFix2.txt 2009-03-03 17:38:43
ComboFix3.txt 2009-03-03 17:01:17
Před spuštěním: Volných bajtů: 109 222 141 952
Po spuštění: Volných bajtů: 108,868,050,944
300 --- E O F --- 2009-03-02 19:53:36
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:48, on 3.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programy\Avast\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Programy\ICQ6.5\ICQ.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Programy\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05}: NameServer = 217.77.161.130 217.77.161.131
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9965 bytes
Scan saved at 20:21:48, on 3.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programy\Avast\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Programy\ICQ6.5\ICQ.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Programy\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B10AC69-1D3B-454E-A06A-DE6D5E7DAD05}: NameServer = 217.77.161.130 217.77.161.131
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9965 bytes
Základní deska: MSI B85-G41 PC Mate
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
CPU: Intel Core i3 4170 / Chladič SilentiumPC Fera 3 HE1224 v2
RAM: Kingston HyperX Fury Blue 8GB DDR3 1600 MHz
GPU: MSI N750Ti Twin Frozr IV 2GD5/OC Gaming
Zdroj: Seasonic Energy Knight SS-500ET, T3 500W OEM
HDD/SSD: Seagate Desktop HDD - 1TB/Crucial MX500 - 500 GB
Monitor: AOC 2269WM
Skříň: Zalman Z1
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z HJT(notebook se vypíná)
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj si javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Vše.
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj si javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 105 hostů