Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:24, on 27.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=e09 ... e=20090417
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c34a29819848) (gupdate1c9c34a29819848) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 9139 bytes
Prosím o kontrolu logu z hijackthisu - pomalé PC
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
Ano, díky tady je :
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2047
Windows 5.1.2600 Service Pack 3
27.4.2009 17:38:23
mbam-log-2009-04-27 (17-38-18).txt
Typ skenu: Rychlý sken
Objektu skenováno: 79934
Uplynulý cas: 6 minute(s), 33 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\clean.cmd (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2047
Windows 5.1.2600 Service Pack 3
27.4.2009 17:38:23
mbam-log-2009-04-27 (17-38-18).txt
Typ skenu: Rychlý sken
Objektu skenováno: 79934
Uplynulý cas: 6 minute(s), 33 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\clean.cmd (Trojan.Agent) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany u KIS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany u KIS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
Tak tady je výpis z malwarebytes antiviru :
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2047
Windows 5.1.2600 Service Pack 3
27.4.2009 18:50:08
mbam-log-2009-04-27 (18-50-08).txt
Typ skenu: Rychlý sken
Objektu skenováno: 79818
Uplynulý cas: 5 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
a tady výpis z combofixu :
ComboFix 09-04-25.A3 - Jakub Hasman 27.04.2009 18:11.1 - NTFSx86
Spuštěný z: c:\documents and settings\Jakub Hasman\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jakub Hasman\Data aplikací\inst.exe
c:\windows\system32\msssc.dll
c:\windows\system32\Pncrt.dll
c:\windows\system32\systeminfo3.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-4-27 )))))))))))))))))))))))))))))))
.
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Malwarebytes
2009-04-27 15:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 15:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-27 14:39 . 2009-04-27 14:39 -------- d-----w c:\program files\Trend Micro
2009-04-27 14:15 . 2009-04-27 14:24 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-27 14:06 . 2009-04-27 14:06 -------- d-----w c:\program files\Softwin
2009-04-27 14:04 . 2009-04-27 14:25 -------- d-----w c:\program files\Common Files\Softwin
2009-04-26 17:31 . 2009-04-26 17:31 0 ----a-w c:\windows\XXLGSC
2009-04-26 15:08 . 2009-04-26 15:08 64678 ----a-w c:\windows\BricoPackUninst.cmd
2009-04-26 15:08 . 2009-04-26 15:08 5760054 ----a-w c:\windows\BricoPack Wallpaper.bmp
2009-04-26 15:04 . 2009-04-26 15:08 7279 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-04-26 15:03 . 2009-04-26 15:03 -------- d-----w c:\windows\BricoPacks
2009-04-26 11:46 . 2009-04-26 11:46 -------- d-----w c:\program files\EA GAMES
2009-04-26 11:41 . 2002-08-29 01:41 31744 -c--a-w c:\windows\system32\dllcache\pid.dll
2009-04-26 11:03 . 2009-04-26 11:03 -------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-26 09:56 . 2009-04-26 09:56 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\OpenOffice.org
2009-04-25 22:04 . 2009-04-25 22:04 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\PCHealth
2009-04-25 21:44 . 2009-04-26 10:33 -------- d-----w c:\program files\Common Files\Stardock
2009-04-25 20:58 . 2005-01-27 23:49 111 ----a-w c:\windows\system32\winx.url
2009-04-25 20:58 . 2004-12-19 21:00 111104 ----a-w c:\windows\system32\uharc.exe
2009-04-25 20:58 . 2004-09-03 21:43 199 ----a-w c:\windows\system32\paypal.url
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:15 . 2009-04-25 20:16 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-25 20:02 . 2009-04-25 20:02 2330880 ----a-w c:\windows\system32\TUKernel.exe
2009-04-25 19:51 . 2009-04-25 19:55 -------- d-----w c:\program files\Paint.NET
2009-04-25 19:51 . 2009-04-26 12:19 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Paint.NET
2009-04-25 19:39 . 2009-04-25 19:39 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-25 19:39 . 2008-12-11 11:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-25 19:39 . 2009-04-25 19:39 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-25 19:39 . 2009-04-25 19:39 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:38 -------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:40 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-25 19:37 . 2009-04-25 19:37 -------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-25 17:51 . 2009-04-25 17:51 -------- d-----w c:\program files\Freeze.com
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Common Files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Canneverbe_Limited
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\program files\CDBurnerXP
2009-04-22 16:56 . 2009-04-22 16:58 -------- d-----w c:\program files\EasyLanguage Anglictina PPK
2009-04-22 16:53 . 2009-04-22 16:54 -------- d-----w c:\program files\EasyLanguage Nemcina PPK
2009-04-22 15:55 . 2009-04-22 15:55 491520 ----a-w c:\windows\WebIE.dll
2009-04-22 15:55 . 2009-04-22 15:55 294912 ----a-w c:\windows\TrnWord.dll
2009-04-22 15:55 . 2009-04-22 15:55 45056 ----a-w c:\windows\TRNOEH.DLL
2009-04-22 15:55 . 2009-04-22 15:55 356352 ----a-w c:\windows\TrnOutl.dll
2009-04-22 15:55 . 2009-04-22 15:55 26624 ----a-w c:\windows\OETRN.EXE
2009-04-22 15:55 . 2009-04-22 15:55 200704 ----a-w c:\windows\TRNOET.DLL
2009-04-22 15:55 . 2009-04-22 15:55 33 ----a-w c:\windows\WTRDCTM.INI
2009-04-22 15:54 . 2009-04-22 15:54 516096 ----a-w c:\windows\UN32.EXE
2009-04-22 15:54 . 2009-04-22 15:54 2753 ----a-w c:\windows\UN32P.INI
2009-04-22 15:53 . 2009-04-27 15:54 1732 ----a-w c:\windows\MAILTRAN.INI
2009-04-22 15:53 . 2009-04-22 20:10 2839 ----a-w c:\windows\TRNCOM.INI
2009-04-22 15:53 . 2009-04-26 17:32 4664 ----a-w c:\windows\WTRAN32.INI
2009-04-22 15:53 . 2009-04-22 15:53 1581 ----a-w c:\windows\WDICT32.INI
2009-04-22 15:53 . 2009-04-23 15:50 -------- d-----w C:\TRANSLAT
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\EuroTalk
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\program files\EuroTalk
2009-04-22 13:57 . 2009-04-22 14:00 -------- d-----w c:\program files\CloneDVD
2009-04-22 13:57 . 2009-04-22 13:57 -------- d-----w c:\documents and settings\All Users\Data aplikací\DVDXStudio
2009-04-22 13:26 . 2009-04-22 13:27 -------- d-----w c:\program files\QuickTime
2009-04-22 13:26 . 2009-04-22 13:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\program files\Apple Software Update
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple Computer
2009-04-22 13:18 . 2009-04-22 13:18 -------- d-----w c:\program files\ImTOO
2009-04-22 13:14 . 2009-04-22 13:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Stellarium
2009-04-22 13:13 . 2009-04-22 13:13 -------- d-----w c:\program files\Stellarium
2009-04-22 13:07 . 2008-11-20 19:19 9200 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-22 13:07 . 2008-11-20 19:19 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 12:59 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\program files\Google
2009-04-22 04:33 . 2009-04-22 04:44 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:40 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-22 04:33 . 2009-04-22 04:39 -------- d-----w c:\program files\AutoCAD 2009
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2009-04-20 12:10 . 2009-04-20 12:10 287 ----a-w c:\windows\game.ini
2009-04-20 12:03 . 2009-04-20 12:03 -------- d-----w c:\program files\Activision
2009-04-20 12:00 . 2009-04-20 12:00 -------- d-sh--w c:\windows\ftpcache
2009-04-19 17:21 . 2009-04-19 17:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Fraus
2009-04-19 15:55 . 2009-04-25 20:07 955128 ----a-w c:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-04-19 15:49 . 2009-04-19 15:49 -------- d-----w c:\windows\system32\XPSViewer
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\program files\Reference Assemblies
2009-04-19 15:47 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-19 15:33 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll
2009-04-19 15:31 . 2009-04-26 10:40 -------- d-----w c:\windows\Logs
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\gtk-2.0
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\.thumbnails
2009-04-17 13:47 . 2009-04-17 13:47 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Stardock
2009-04-17 13:47 . 2009-04-17 13:47 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{7D93B3B9-36B7-4383-9666-CFAD7F2AC87E}
2009-04-17 13:47 . 2009-04-25 21:44 -------- d-----w c:\program files\Stardock
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\PSpad
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\program files\PSPad editor
2009-04-15 21:29 . 2009-04-15 21:29 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-15 19:10 . 2009-04-15 19:10 -------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-04-15 19:02 . 2009-04-15 19:02 -------- d-----w c:\program files\Bonjour
2009-04-15 18:35 . 2009-04-15 18:35 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-15 18:30 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-04-15 18:30 . 2001-08-17 17:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-04-15 17:47 . 2009-04-15 17:47 280 ----a-w c:\windows\emm386n.dl
2009-04-15 16:14 . 2009-04-15 16:17 -------- d-----w c:\program files\Bus Driver
2009-04-15 16:01 . 2009-04-15 16:01 -------- d-----w c:\program files\Pothos
2009-04-13 10:47 . 2009-04-13 10:47 -------- d-----w c:\program files\VirualDub
2009-04-12 20:01 . 2009-04-12 20:11 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 20:01 . 2009-04-12 20:11 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 20:01 . 2009-04-27 15:41 -------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2009-04-12 20:01 . 2009-04-12 20:26 -------- d-----w c:\program files\Kaspersky Lab
2009-04-12 20:01 . 2009-04-27 16:20 6006816 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 20:01 . 2009-04-27 16:19 398624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 20:01 . 2009-04-27 15:39 37964 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-12 20:01 . 2009-04-27 15:39 80372 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 19:51 . 2009-04-14 12:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Adobe
2009-04-11 15:49 . 2008-04-13 20:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-11 10:33 . 2009-04-11 10:33 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikacíRetinax
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 14:24 . 2009-04-10 21:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-27 13:15 . 2009-04-10 21:03 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\AIMP
2009-04-26 15:08 . 2008-04-14 08:52 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-26 10:40 . 2009-04-10 21:18 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Vso
2009-04-26 09:54 . 2009-04-10 20:26 134664 ----a-w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-25 22:01 . 2009-04-10 20:43 -------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-25 20:30 . 2009-04-10 22:16 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\DAEMON Tools Lite
2009-04-25 20:16 . 2009-04-10 22:19 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-25 20:11 . 2009-04-10 22:16 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-20 12:01 . 2009-04-10 20:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-19 15:56 . 2001-10-25 16:00 76696 ----a-w c:\windows\system32\perfc005.dat
2009-04-19 15:56 . 2001-10-25 16:00 424356 ----a-w c:\windows\system32\perfh005.dat
2009-04-15 19:05 . 2009-04-10 21:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 17:46 . 2009-04-10 21:19 -------- d-----w c:\program files\Zoner
2009-04-15 17:46 . 2009-04-10 21:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-12 20:12 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-04-11 15:50 . 2009-04-10 22:04 -------- d-----w c:\program files\The KMPlayer
2009-04-10 22:49 . 2009-04-10 20:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 22:48 . 2009-04-10 22:48 -------- d-----w c:\program files\Rockstar Games
2009-04-10 22:34 . 2009-04-10 22:34 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\DAEMON Tools Pro
2009-04-10 22:34 . 2009-04-10 22:34 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\DAEMON Tools
2009-04-10 22:19 . 2009-04-10 22:19 -------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-04-10 22:14 . 2009-04-10 22:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Talkback
2009-04-10 22:14 . 2009-04-10 22:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Thunderbird
2009-04-10 21:53 . 2009-04-10 21:52 -------- d-----w c:\program files\ICQ6.5
2009-04-10 21:53 . 2009-04-10 21:52 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\ICQ
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\program files\NCH Swift Sound
2009-04-10 21:48 . 2009-04-10 21:08 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Ashampoo
2009-04-10 21:48 . 2009-04-10 21:07 -------- d-----w c:\program files\Ashampoo
2009-04-10 21:45 . 2009-04-10 21:20 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Zoner
2009-04-10 21:33 . 2009-04-10 21:33 -------- d-----w c:\program files\PowerISO
2009-04-10 21:32 . 2009-04-10 21:32 -------- d-----w c:\program files\Lavalys
2009-04-10 21:31 . 2009-04-10 21:08 -------- d-----w c:\documents and settings\All Users\Data aplikací\ashampoo
2009-04-10 21:29 . 2009-04-10 21:25 -------- d-----w c:\program files\TC UP
2009-04-10 21:26 . 2009-04-10 21:26 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\HEXelon
2009-04-10 21:24 . 2009-04-10 21:24 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\InterVideo
2009-04-10 21:23 . 2009-04-10 21:22 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-10 21:23 . 2009-04-10 21:23 -------- d-----w c:\program files\InterActual
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\InterVideo
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\Creative
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\documents and settings\Jakub Hasman\Data aplikací\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 -------- d-----w c:\program files\VSO
2009-04-10 21:17 . 2009-04-10 21:17 -------- d-----w c:\program files\PC Health Optimizer Free Edition
2009-04-10 21:15 . 2009-04-10 21:15 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\IrfanView
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\GIMP-2.0
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\Codec Pack - All In 1
2009-04-10 21:12 . 2009-04-10 21:13 737280 ----a-w c:\windows\iun6002.exe
2009-04-10 21:12 . 2009-04-10 21:12 -------- d-----w c:\program files\CCleaner
2009-04-10 21:11 . 2009-04-10 21:11 -------- d-----w c:\program files\DsNET Corp
2009-04-10 21:02 . 2009-04-10 21:02 -------- d-----w c:\program files\AIMP2
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\Microsoft Works
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\MSBuild
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Opera
2009-04-10 20:28 . 2009-04-10 20:28 -------- d-----w c:\program files\Analog Devices
2009-04-10 20:25 . 2009-04-10 20:25 -------- d-----w c:\program files\Windows Defender
2009-04-10 20:20 . 2009-04-10 20:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-10 20:18 . 2009-04-10 20:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-10 20:14 . 2009-04-10 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-10 20:14 . 2009-04-10 20:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 12:18 . 2009-04-19 15:34 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-19 15:34 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-19 15:34 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:23 . 2008-04-14 08:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2008-03-01 13:02 817152 ----a-w c:\windows\system32\wininet.dll
2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 17:13 . 2008-04-27 10:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:09 . 2008-04-14 06:06 2068224 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:07 . 2008-04-14 07:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2008-04-14 08:07 2191232 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-14 08:52 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-14 08:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-14 08:51 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-14 08:51 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2008-04-14 08:51 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-10-25 16:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-14 08:51 56832 ----a-w c:\windows\system32\secur32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-09-25 87751]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9c34a29819848;Google Update Service (gupdate1c9c34a29819848);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-25 603904]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-14 69120]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AshampooDefragService
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gupdate1c9c34a29819848
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ParVdm
*Deregistered* - pcouffin
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Schedule
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - TuneUp.ProgramStatisticsSvc
*Deregistered* - Update
*Deregistered* - UxTuneUp
*Deregistered* - VD_FileDisk
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-04-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 12:59]
2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-04-27 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=e09 ... e=20090417
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 18:20
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1176)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Celkový čas: 2009-04-27 18:24
ComboFix-quarantined-files.txt 2009-04-27 16:24
Před spuštěním: Volných bajtů: 34 162 188 288
Po spuštění: Volných bajtů: 34 157 338 624
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=5N0TME
430 --- E O F --- 2009-04-24 12:14
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2047
Windows 5.1.2600 Service Pack 3
27.4.2009 18:50:08
mbam-log-2009-04-27 (18-50-08).txt
Typ skenu: Rychlý sken
Objektu skenováno: 79818
Uplynulý cas: 5 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
a tady výpis z combofixu :
ComboFix 09-04-25.A3 - Jakub Hasman 27.04.2009 18:11.1 - NTFSx86
Spuštěný z: c:\documents and settings\Jakub Hasman\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jakub Hasman\Data aplikací\inst.exe
c:\windows\system32\msssc.dll
c:\windows\system32\Pncrt.dll
c:\windows\system32\systeminfo3.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-4-27 )))))))))))))))))))))))))))))))
.
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Malwarebytes
2009-04-27 15:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 15:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-27 14:39 . 2009-04-27 14:39 -------- d-----w c:\program files\Trend Micro
2009-04-27 14:15 . 2009-04-27 14:24 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-27 14:06 . 2009-04-27 14:06 -------- d-----w c:\program files\Softwin
2009-04-27 14:04 . 2009-04-27 14:25 -------- d-----w c:\program files\Common Files\Softwin
2009-04-26 17:31 . 2009-04-26 17:31 0 ----a-w c:\windows\XXLGSC
2009-04-26 15:08 . 2009-04-26 15:08 64678 ----a-w c:\windows\BricoPackUninst.cmd
2009-04-26 15:08 . 2009-04-26 15:08 5760054 ----a-w c:\windows\BricoPack Wallpaper.bmp
2009-04-26 15:04 . 2009-04-26 15:08 7279 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-04-26 15:03 . 2009-04-26 15:03 -------- d-----w c:\windows\BricoPacks
2009-04-26 11:46 . 2009-04-26 11:46 -------- d-----w c:\program files\EA GAMES
2009-04-26 11:41 . 2002-08-29 01:41 31744 -c--a-w c:\windows\system32\dllcache\pid.dll
2009-04-26 11:03 . 2009-04-26 11:03 -------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-26 09:56 . 2009-04-26 09:56 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\OpenOffice.org
2009-04-25 22:04 . 2009-04-25 22:04 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\PCHealth
2009-04-25 21:44 . 2009-04-26 10:33 -------- d-----w c:\program files\Common Files\Stardock
2009-04-25 20:58 . 2005-01-27 23:49 111 ----a-w c:\windows\system32\winx.url
2009-04-25 20:58 . 2004-12-19 21:00 111104 ----a-w c:\windows\system32\uharc.exe
2009-04-25 20:58 . 2004-09-03 21:43 199 ----a-w c:\windows\system32\paypal.url
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:15 . 2009-04-25 20:16 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-25 20:02 . 2009-04-25 20:02 2330880 ----a-w c:\windows\system32\TUKernel.exe
2009-04-25 19:51 . 2009-04-25 19:55 -------- d-----w c:\program files\Paint.NET
2009-04-25 19:51 . 2009-04-26 12:19 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Paint.NET
2009-04-25 19:39 . 2009-04-25 19:39 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-25 19:39 . 2008-12-11 11:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-25 19:39 . 2009-04-25 19:39 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-25 19:39 . 2009-04-25 19:39 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:38 -------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:40 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-25 19:37 . 2009-04-25 19:37 -------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-25 17:51 . 2009-04-25 17:51 -------- d-----w c:\program files\Freeze.com
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Common Files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Canneverbe_Limited
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\program files\CDBurnerXP
2009-04-22 16:56 . 2009-04-22 16:58 -------- d-----w c:\program files\EasyLanguage Anglictina PPK
2009-04-22 16:53 . 2009-04-22 16:54 -------- d-----w c:\program files\EasyLanguage Nemcina PPK
2009-04-22 15:55 . 2009-04-22 15:55 491520 ----a-w c:\windows\WebIE.dll
2009-04-22 15:55 . 2009-04-22 15:55 294912 ----a-w c:\windows\TrnWord.dll
2009-04-22 15:55 . 2009-04-22 15:55 45056 ----a-w c:\windows\TRNOEH.DLL
2009-04-22 15:55 . 2009-04-22 15:55 356352 ----a-w c:\windows\TrnOutl.dll
2009-04-22 15:55 . 2009-04-22 15:55 26624 ----a-w c:\windows\OETRN.EXE
2009-04-22 15:55 . 2009-04-22 15:55 200704 ----a-w c:\windows\TRNOET.DLL
2009-04-22 15:55 . 2009-04-22 15:55 33 ----a-w c:\windows\WTRDCTM.INI
2009-04-22 15:54 . 2009-04-22 15:54 516096 ----a-w c:\windows\UN32.EXE
2009-04-22 15:54 . 2009-04-22 15:54 2753 ----a-w c:\windows\UN32P.INI
2009-04-22 15:53 . 2009-04-27 15:54 1732 ----a-w c:\windows\MAILTRAN.INI
2009-04-22 15:53 . 2009-04-22 20:10 2839 ----a-w c:\windows\TRNCOM.INI
2009-04-22 15:53 . 2009-04-26 17:32 4664 ----a-w c:\windows\WTRAN32.INI
2009-04-22 15:53 . 2009-04-22 15:53 1581 ----a-w c:\windows\WDICT32.INI
2009-04-22 15:53 . 2009-04-23 15:50 -------- d-----w C:\TRANSLAT
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\EuroTalk
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\program files\EuroTalk
2009-04-22 13:57 . 2009-04-22 14:00 -------- d-----w c:\program files\CloneDVD
2009-04-22 13:57 . 2009-04-22 13:57 -------- d-----w c:\documents and settings\All Users\Data aplikací\DVDXStudio
2009-04-22 13:26 . 2009-04-22 13:27 -------- d-----w c:\program files\QuickTime
2009-04-22 13:26 . 2009-04-22 13:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\program files\Apple Software Update
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple Computer
2009-04-22 13:18 . 2009-04-22 13:18 -------- d-----w c:\program files\ImTOO
2009-04-22 13:14 . 2009-04-22 13:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Stellarium
2009-04-22 13:13 . 2009-04-22 13:13 -------- d-----w c:\program files\Stellarium
2009-04-22 13:07 . 2008-11-20 19:19 9200 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-22 13:07 . 2008-11-20 19:19 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 12:59 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\program files\Google
2009-04-22 04:33 . 2009-04-22 04:44 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:40 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-22 04:33 . 2009-04-22 04:39 -------- d-----w c:\program files\AutoCAD 2009
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2009-04-20 12:10 . 2009-04-20 12:10 287 ----a-w c:\windows\game.ini
2009-04-20 12:03 . 2009-04-20 12:03 -------- d-----w c:\program files\Activision
2009-04-20 12:00 . 2009-04-20 12:00 -------- d-sh--w c:\windows\ftpcache
2009-04-19 17:21 . 2009-04-19 17:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Fraus
2009-04-19 15:55 . 2009-04-25 20:07 955128 ----a-w c:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-04-19 15:49 . 2009-04-19 15:49 -------- d-----w c:\windows\system32\XPSViewer
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\program files\Reference Assemblies
2009-04-19 15:47 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-19 15:33 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll
2009-04-19 15:31 . 2009-04-26 10:40 -------- d-----w c:\windows\Logs
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\gtk-2.0
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\.thumbnails
2009-04-17 13:47 . 2009-04-17 13:47 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Stardock
2009-04-17 13:47 . 2009-04-17 13:47 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{7D93B3B9-36B7-4383-9666-CFAD7F2AC87E}
2009-04-17 13:47 . 2009-04-25 21:44 -------- d-----w c:\program files\Stardock
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\PSpad
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\program files\PSPad editor
2009-04-15 21:29 . 2009-04-15 21:29 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-15 19:10 . 2009-04-15 19:10 -------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-04-15 19:02 . 2009-04-15 19:02 -------- d-----w c:\program files\Bonjour
2009-04-15 18:35 . 2009-04-15 18:35 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-15 18:30 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-04-15 18:30 . 2001-08-17 17:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-04-15 17:47 . 2009-04-15 17:47 280 ----a-w c:\windows\emm386n.dl
2009-04-15 16:14 . 2009-04-15 16:17 -------- d-----w c:\program files\Bus Driver
2009-04-15 16:01 . 2009-04-15 16:01 -------- d-----w c:\program files\Pothos
2009-04-13 10:47 . 2009-04-13 10:47 -------- d-----w c:\program files\VirualDub
2009-04-12 20:01 . 2009-04-12 20:11 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 20:01 . 2009-04-12 20:11 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 20:01 . 2009-04-27 15:41 -------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2009-04-12 20:01 . 2009-04-12 20:26 -------- d-----w c:\program files\Kaspersky Lab
2009-04-12 20:01 . 2009-04-27 16:20 6006816 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 20:01 . 2009-04-27 16:19 398624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 20:01 . 2009-04-27 15:39 37964 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-12 20:01 . 2009-04-27 15:39 80372 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-12 19:51 . 2009-04-14 12:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Adobe
2009-04-11 15:49 . 2008-04-13 20:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-11 10:33 . 2009-04-11 10:33 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikacíRetinax
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 14:24 . 2009-04-10 21:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-27 13:15 . 2009-04-10 21:03 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\AIMP
2009-04-26 15:08 . 2008-04-14 08:52 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-26 10:40 . 2009-04-10 21:18 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Vso
2009-04-26 09:54 . 2009-04-10 20:26 134664 ----a-w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-25 22:01 . 2009-04-10 20:43 -------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-04-25 20:30 . 2009-04-10 22:16 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\DAEMON Tools Lite
2009-04-25 20:16 . 2009-04-10 22:19 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-25 20:11 . 2009-04-10 22:16 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-20 12:01 . 2009-04-10 20:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-19 15:56 . 2001-10-25 16:00 76696 ----a-w c:\windows\system32\perfc005.dat
2009-04-19 15:56 . 2001-10-25 16:00 424356 ----a-w c:\windows\system32\perfh005.dat
2009-04-15 19:05 . 2009-04-10 21:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 17:46 . 2009-04-10 21:19 -------- d-----w c:\program files\Zoner
2009-04-15 17:46 . 2009-04-10 21:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-12 20:12 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-04-11 15:50 . 2009-04-10 22:04 -------- d-----w c:\program files\The KMPlayer
2009-04-10 22:49 . 2009-04-10 20:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 22:48 . 2009-04-10 22:48 -------- d-----w c:\program files\Rockstar Games
2009-04-10 22:34 . 2009-04-10 22:34 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\DAEMON Tools Pro
2009-04-10 22:34 . 2009-04-10 22:34 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\DAEMON Tools
2009-04-10 22:19 . 2009-04-10 22:19 -------- d-----w c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-04-10 22:14 . 2009-04-10 22:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Talkback
2009-04-10 22:14 . 2009-04-10 22:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Thunderbird
2009-04-10 21:53 . 2009-04-10 21:52 -------- d-----w c:\program files\ICQ6.5
2009-04-10 21:53 . 2009-04-10 21:52 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\ICQ
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\program files\NCH Swift Sound
2009-04-10 21:48 . 2009-04-10 21:08 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Ashampoo
2009-04-10 21:48 . 2009-04-10 21:07 -------- d-----w c:\program files\Ashampoo
2009-04-10 21:45 . 2009-04-10 21:20 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Zoner
2009-04-10 21:33 . 2009-04-10 21:33 -------- d-----w c:\program files\PowerISO
2009-04-10 21:32 . 2009-04-10 21:32 -------- d-----w c:\program files\Lavalys
2009-04-10 21:31 . 2009-04-10 21:08 -------- d-----w c:\documents and settings\All Users\Data aplikací\ashampoo
2009-04-10 21:29 . 2009-04-10 21:25 -------- d-----w c:\program files\TC UP
2009-04-10 21:26 . 2009-04-10 21:26 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\HEXelon
2009-04-10 21:24 . 2009-04-10 21:24 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\InterVideo
2009-04-10 21:23 . 2009-04-10 21:22 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-10 21:23 . 2009-04-10 21:23 -------- d-----w c:\program files\InterActual
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\InterVideo
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\Creative
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\documents and settings\Jakub Hasman\Data aplikací\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 -------- d-----w c:\program files\VSO
2009-04-10 21:17 . 2009-04-10 21:17 -------- d-----w c:\program files\PC Health Optimizer Free Edition
2009-04-10 21:15 . 2009-04-10 21:15 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\IrfanView
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\GIMP-2.0
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\Codec Pack - All In 1
2009-04-10 21:12 . 2009-04-10 21:13 737280 ----a-w c:\windows\iun6002.exe
2009-04-10 21:12 . 2009-04-10 21:12 -------- d-----w c:\program files\CCleaner
2009-04-10 21:11 . 2009-04-10 21:11 -------- d-----w c:\program files\DsNET Corp
2009-04-10 21:02 . 2009-04-10 21:02 -------- d-----w c:\program files\AIMP2
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\Microsoft Works
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\MSBuild
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Opera
2009-04-10 20:28 . 2009-04-10 20:28 -------- d-----w c:\program files\Analog Devices
2009-04-10 20:25 . 2009-04-10 20:25 -------- d-----w c:\program files\Windows Defender
2009-04-10 20:20 . 2009-04-10 20:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-10 20:18 . 2009-04-10 20:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-10 20:14 . 2009-04-10 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-10 20:14 . 2009-04-10 20:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 12:18 . 2009-04-19 15:34 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-19 15:34 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-19 15:34 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:23 . 2008-04-14 08:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2008-03-01 13:02 817152 ----a-w c:\windows\system32\wininet.dll
2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 17:13 . 2008-04-27 10:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:09 . 2008-04-14 06:06 2068224 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:07 . 2008-04-14 07:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2008-04-14 08:07 2191232 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-14 08:52 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-14 08:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-14 08:51 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-14 08:51 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2008-04-14 08:51 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-10-25 16:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-14 08:51 56832 ----a-w c:\windows\system32\secur32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-09-25 87751]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9c34a29819848;Google Update Service (gupdate1c9c34a29819848);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-25 603904]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-14 69120]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AshampooDefragService
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gupdate1c9c34a29819848
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ParVdm
*Deregistered* - pcouffin
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Schedule
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - TuneUp.ProgramStatisticsSvc
*Deregistered* - Update
*Deregistered* - UxTuneUp
*Deregistered* - VD_FileDisk
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-04-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 12:59]
2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-04-27 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=e09 ... e=20090417
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 18:20
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1176)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Celkový čas: 2009-04-27 18:24
ComboFix-quarantined-files.txt 2009-04-27 16:24
Před spuštěním: Volných bajtů: 34 162 188 288
Po spuštění: Volných bajtů: 34 157 338 624
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=5N0TME
430 --- E O F --- 2009-04-24 12:14
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\bdod.bin
c:\windows\emm386n.dl
Folder::
c:\windows\XXLGSC
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
taky tady je nový log z combofixu :
ComboFix 09-04-27.02 - Jakub Hasman 27.04.2009 20:21.2 - NTFSx86
Spuštěný z: c:\documents and settings\Jakub Hasman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jakub Hasman\Plocha\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FILE ::
c:\windows\emm386n.dl
c:\windows\system32\bdod.bin
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\emm386n.dl
c:\windows\system32\bdod.bin
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-4-27 )))))))))))))))))))))))))))))))
.
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Malwarebytes
2009-04-27 15:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 15:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 14:39 . 2009-04-27 14:39 -------- d-----w c:\program files\Trend Micro
2009-04-27 14:06 . 2009-04-27 14:06 -------- d-----w c:\program files\Softwin
2009-04-27 14:04 . 2009-04-27 14:25 -------- d-----w c:\program files\Common Files\Softwin
2009-04-26 15:08 . 2009-04-26 15:08 64678 ----a-w c:\windows\BricoPackUninst.cmd
2009-04-26 15:04 . 2009-04-26 15:08 7279 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-04-26 15:03 . 2009-04-26 15:03 -------- d-----w c:\windows\BricoPacks
2009-04-26 11:46 . 2009-04-26 11:46 -------- d-----w c:\program files\EA GAMES
2009-04-26 11:41 . 2002-08-29 01:41 31744 -c--a-w c:\windows\system32\dllcache\pid.dll
2009-04-26 11:03 . 2009-04-26 11:03 -------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-26 09:56 . 2009-04-26 09:56 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\OpenOffice.org
2009-04-25 22:04 . 2009-04-25 22:04 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\PCHealth
2009-04-25 21:44 . 2009-04-26 10:33 -------- d-----w c:\program files\Common Files\Stardock
2009-04-25 20:58 . 2004-12-19 21:00 111104 ----a-w c:\windows\system32\uharc.exe
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:15 . 2009-04-25 20:16 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-25 20:02 . 2009-04-25 20:02 2330880 ----a-w c:\windows\system32\TUKernel.exe
2009-04-25 19:51 . 2009-04-25 19:55 -------- d-----w c:\program files\Paint.NET
2009-04-25 19:51 . 2009-04-26 12:19 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Paint.NET
2009-04-25 19:39 . 2009-04-25 19:39 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-25 19:39 . 2008-12-11 11:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-25 19:39 . 2009-04-25 19:39 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-25 19:39 . 2009-04-25 19:39 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:38 -------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:40 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-25 19:37 . 2009-04-25 19:37 -------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-25 17:51 . 2009-04-25 17:51 -------- d-----w c:\program files\Freeze.com
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Common Files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Canneverbe_Limited
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\program files\CDBurnerXP
2009-04-22 16:56 . 2009-04-22 16:58 -------- d-----w c:\program files\EasyLanguage Anglictina PPK
2009-04-22 16:53 . 2009-04-22 16:54 -------- d-----w c:\program files\EasyLanguage Nemcina PPK
2009-04-22 15:55 . 2009-04-22 15:55 491520 ----a-w c:\windows\WebIE.dll
2009-04-22 15:55 . 2009-04-22 15:55 294912 ----a-w c:\windows\TrnWord.dll
2009-04-22 15:55 . 2009-04-22 15:55 356352 ----a-w c:\windows\TrnOutl.dll
2009-04-22 15:55 . 2009-04-22 15:55 200704 ----a-w c:\windows\TRNOET.DLL
2009-04-22 15:55 . 2009-04-22 15:55 26624 ----a-w c:\windows\OETRN.EXE
2009-04-22 15:55 . 2009-04-22 15:55 45056 ----a-w c:\windows\TRNOEH.DLL
2009-04-22 15:54 . 2009-04-22 15:54 516096 ----a-w c:\windows\UN32.EXE
2009-04-22 15:53 . 2009-04-23 15:50 -------- d-----w C:\TRANSLAT
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\EuroTalk
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\program files\EuroTalk
2009-04-22 13:57 . 2009-04-22 13:57 -------- d-----w c:\documents and settings\All Users\Data aplikací\DVDXStudio
2009-04-22 13:57 . 2009-04-22 14:00 -------- d-----w c:\program files\CloneDVD
2009-04-22 13:26 . 2009-04-22 13:27 -------- d-----w c:\program files\QuickTime
2009-04-22 13:26 . 2009-04-22 13:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\program files\Apple Software Update
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple Computer
2009-04-22 13:18 . 2009-04-22 13:18 -------- d-----w c:\program files\ImTOO
2009-04-22 13:14 . 2009-04-22 13:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Stellarium
2009-04-22 13:13 . 2009-04-22 13:13 -------- d-----w c:\program files\Stellarium
2009-04-22 13:07 . 2008-11-20 19:19 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-22 13:07 . 2008-11-20 19:19 9200 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-22 12:59 . 2009-04-22 12:59 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\program files\Google
2009-04-22 04:33 . 2009-04-22 04:40 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-22 04:33 . 2009-04-22 04:44 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:39 -------- d-----w c:\program files\AutoCAD 2009
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Autodesk
2009-04-20 12:03 . 2009-04-20 12:03 -------- d-----w c:\program files\Activision
2009-04-20 12:00 . 2009-04-20 12:00 -------- d-sh--w c:\windows\ftpcache
2009-04-19 17:21 . 2009-04-19 17:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Fraus
2009-04-19 15:55 . 2009-04-25 20:07 955128 ----a-w c:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-04-19 15:49 . 2009-04-19 15:49 -------- d-----w c:\windows\system32\XPSViewer
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\program files\Reference Assemblies
2009-04-19 15:47 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-19 15:33 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll
2009-04-19 15:31 . 2009-04-26 10:40 -------- d-----w c:\windows\Logs
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\gtk-2.0
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\.thumbnails
2009-04-17 13:47 . 2009-04-17 13:47 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Stardock
2009-04-17 13:47 . 2009-04-17 13:47 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{7D93B3B9-36B7-4383-9666-CFAD7F2AC87E}
2009-04-17 13:47 . 2009-04-25 21:44 -------- d-----w c:\program files\Stardock
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\PSpad
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\program files\PSPad editor
2009-04-15 21:29 . 2009-04-15 21:29 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-15 19:10 . 2009-04-15 19:10 -------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-04-15 19:02 . 2009-04-15 19:02 -------- d-----w c:\program files\Bonjour
2009-04-15 18:35 . 2009-04-15 18:35 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-15 18:30 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-04-15 18:30 . 2001-08-17 17:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-04-15 16:14 . 2009-04-15 16:17 -------- d-----w c:\program files\Bus Driver
2009-04-15 16:01 . 2009-04-15 16:01 -------- d-----w c:\program files\Pothos
2009-04-13 10:47 . 2009-04-13 10:47 -------- d-----w c:\program files\VirualDub
2009-04-12 20:01 . 2009-04-12 20:11 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 20:01 . 2009-04-12 20:11 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 20:01 . 2009-04-12 20:26 -------- d-----w c:\program files\Kaspersky Lab
2009-04-12 20:01 . 2009-04-27 16:42 -------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2009-04-12 20:01 . 2009-04-27 18:28 6132256 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 20:01 . 2009-04-27 18:28 403488 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 19:51 . 2009-04-14 12:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Adobe
2009-04-11 15:49 . 2008-04-13 20:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-11 10:33 . 2009-04-11 10:33 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikacíRetinax
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 17:53 . 2009-04-10 21:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-27 15:39 . 2009-04-12 20:01 37964 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-27 15:39 . 2009-04-12 20:01 80372 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-26 15:08 . 2008-04-14 08:52 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-26 09:54 . 2009-04-10 20:26 134664 ----a-w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-25 20:16 . 2009-04-10 22:19 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-25 20:11 . 2009-04-10 22:16 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-22 17:01 . 2006-04-03 17:47 48 ----a-w c:\windows\ELP0102.dat
2009-04-22 16:56 . 2004-03-28 16:35 48 ----a-w c:\windows\ELP0103.dat
2009-04-20 12:01 . 2009-04-10 20:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-19 15:56 . 2001-10-25 16:00 76696 ----a-w c:\windows\system32\perfc005.dat
2009-04-19 15:56 . 2001-10-25 16:00 424356 ----a-w c:\windows\system32\perfh005.dat
2009-04-15 19:05 . 2009-04-10 21:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 17:46 . 2009-04-10 21:19 -------- d-----w c:\program files\Zoner
2009-04-15 17:46 . 2009-04-10 21:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-12 20:12 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-04-11 15:50 . 2009-04-10 22:04 -------- d-----w c:\program files\The KMPlayer
2009-04-10 22:49 . 2009-04-10 20:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 22:48 . 2009-04-10 22:48 -------- d-----w c:\program files\Rockstar Games
2009-04-10 21:53 . 2009-04-10 21:52 -------- d-----w c:\program files\ICQ6.5
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\program files\NCH Swift Sound
2009-04-10 21:48 . 2009-04-10 21:07 -------- d-----w c:\program files\Ashampoo
2009-04-10 21:33 . 2009-04-10 21:33 -------- d-----w c:\program files\PowerISO
2009-04-10 21:32 . 2009-04-10 21:32 -------- d-----w c:\program files\Lavalys
2009-04-10 21:29 . 2009-04-10 21:25 -------- d-----w c:\program files\TC UP
2009-04-10 21:23 . 2009-04-10 21:22 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-10 21:23 . 2009-04-10 21:23 -------- d-----w c:\program files\InterActual
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\InterVideo
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\Creative
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\documents and settings\Jakub Hasman\Data aplikací\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 -------- d-----w c:\program files\VSO
2009-04-10 21:17 . 2009-04-10 21:17 -------- d-----w c:\program files\PC Health Optimizer Free Edition
2009-04-10 21:15 . 2009-04-10 21:15 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\IrfanView
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\GIMP-2.0
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\Codec Pack - All In 1
2009-04-10 21:12 . 2009-04-10 21:13 737280 ----a-w c:\windows\iun6002.exe
2009-04-10 21:12 . 2009-04-10 21:12 -------- d-----w c:\program files\CCleaner
2009-04-10 21:11 . 2009-04-10 21:11 -------- d-----w c:\program files\DsNET Corp
2009-04-10 21:02 . 2009-04-10 21:02 -------- d-----w c:\program files\AIMP2
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\Microsoft Works
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\MSBuild
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Opera
2009-04-10 20:28 . 2009-04-10 20:28 -------- d-----w c:\program files\Analog Devices
2009-04-10 20:25 . 2009-04-10 20:25 -------- d-----w c:\program files\Windows Defender
2009-04-10 20:20 . 2009-04-10 20:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-10 20:18 . 2001-10-25 16:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-10 20:18 . 2009-04-10 20:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-10 20:14 . 2009-04-10 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-10 20:14 . 2009-04-10 20:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 12:18 . 2009-04-19 15:34 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-19 15:34 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-19 15:34 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:23 . 2008-04-14 08:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2008-03-01 13:02 817152 ----a-w c:\windows\system32\wininet.dll
2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 17:13 . 2008-04-27 10:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:09 . 2008-04-14 06:06 2068224 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:07 . 2008-04-14 07:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2008-04-14 08:07 2191232 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-14 08:52 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-14 08:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-14 08:51 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-14 08:51 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2008-04-14 08:51 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-10-25 16:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-14 08:51 56832 ----a-w c:\windows\system32\secur32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-09-25 87751]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9c34a29819848;Google Update Service (gupdate1c9c34a29819848);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-25 603904]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-14 69120]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AshampooDefragService
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gupdate1c9c34a29819848
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ParVdm
*Deregistered* - pcouffin
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Schedule
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - TuneUp.ProgramStatisticsSvc
*Deregistered* - Update
*Deregistered* - UxTuneUp
*Deregistered* - VD_FileDisk
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-04-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 12:59]
2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-04-27 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=e09 ... e=20090417
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
c:\windows\system32\ZSHP1020.EXE [2096] 0x85640CB0
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1176)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Celkový čas: 2009-04-27 20:30
ComboFix-quarantined-files.txt 2009-04-27 18:30
ComboFix2.txt 2009-04-27 16:25
Před spuštěním: Volných bajtů: 34 176 016 384
Po spuštění: Volných bajtů: 34 173 005 824
400 --- E O F --- 2009-04-24 12:14
a tady nový log z hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:42, on 27.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=e09 ... e=20090417
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c34a29819848) (gupdate1c9c34a29819848) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8559 bytes
ComboFix 09-04-27.02 - Jakub Hasman 27.04.2009 20:21.2 - NTFSx86
Spuštěný z: c:\documents and settings\Jakub Hasman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jakub Hasman\Plocha\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FILE ::
c:\windows\emm386n.dl
c:\windows\system32\bdod.bin
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\emm386n.dl
c:\windows\system32\bdod.bin
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-27 do 2009-4-27 )))))))))))))))))))))))))))))))
.
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Malwarebytes
2009-04-27 15:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 15:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-27 15:27 . 2009-04-27 15:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 14:39 . 2009-04-27 14:39 -------- d-----w c:\program files\Trend Micro
2009-04-27 14:06 . 2009-04-27 14:06 -------- d-----w c:\program files\Softwin
2009-04-27 14:04 . 2009-04-27 14:25 -------- d-----w c:\program files\Common Files\Softwin
2009-04-26 15:08 . 2009-04-26 15:08 64678 ----a-w c:\windows\BricoPackUninst.cmd
2009-04-26 15:04 . 2009-04-26 15:08 7279 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-04-26 15:03 . 2009-04-26 15:03 -------- d-----w c:\windows\BricoPacks
2009-04-26 11:46 . 2009-04-26 11:46 -------- d-----w c:\program files\EA GAMES
2009-04-26 11:41 . 2002-08-29 01:41 31744 -c--a-w c:\windows\system32\dllcache\pid.dll
2009-04-26 11:03 . 2009-04-26 11:03 -------- d-----w c:\documents and settings\All Users\Data aplikací\Office Genuine Advantage
2009-04-26 09:56 . 2009-04-26 09:56 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\OpenOffice.org
2009-04-25 22:04 . 2009-04-25 22:04 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\PCHealth
2009-04-25 21:44 . 2009-04-26 10:33 -------- d-----w c:\program files\Common Files\Stardock
2009-04-25 20:58 . 2004-12-19 21:00 111104 ----a-w c:\windows\system32\uharc.exe
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:29 . 2009-04-25 20:29 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2009-04-25 20:15 . 2009-04-25 20:16 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-25 20:02 . 2009-04-25 20:02 2330880 ----a-w c:\windows\system32\TUKernel.exe
2009-04-25 19:51 . 2009-04-25 19:55 -------- d-----w c:\program files\Paint.NET
2009-04-25 19:51 . 2009-04-26 12:19 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Paint.NET
2009-04-25 19:39 . 2009-04-25 19:39 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-25 19:39 . 2008-12-11 11:31 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-25 19:39 . 2009-04-25 19:39 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-25 19:39 . 2009-04-25 19:39 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:38 -------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-04-25 19:38 . 2009-04-25 19:40 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-25 19:37 . 2009-04-25 19:37 -------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-25 17:51 . 2009-04-25 17:51 -------- d-----w c:\program files\Freeze.com
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\program files\Common Files\Skype
2009-04-23 16:01 . 2009-04-23 16:01 -------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Canneverbe_Limited
2009-04-23 15:21 . 2009-04-23 15:21 -------- d-----w c:\program files\CDBurnerXP
2009-04-22 16:56 . 2009-04-22 16:58 -------- d-----w c:\program files\EasyLanguage Anglictina PPK
2009-04-22 16:53 . 2009-04-22 16:54 -------- d-----w c:\program files\EasyLanguage Nemcina PPK
2009-04-22 15:55 . 2009-04-22 15:55 491520 ----a-w c:\windows\WebIE.dll
2009-04-22 15:55 . 2009-04-22 15:55 294912 ----a-w c:\windows\TrnWord.dll
2009-04-22 15:55 . 2009-04-22 15:55 356352 ----a-w c:\windows\TrnOutl.dll
2009-04-22 15:55 . 2009-04-22 15:55 200704 ----a-w c:\windows\TRNOET.DLL
2009-04-22 15:55 . 2009-04-22 15:55 26624 ----a-w c:\windows\OETRN.EXE
2009-04-22 15:55 . 2009-04-22 15:55 45056 ----a-w c:\windows\TRNOEH.DLL
2009-04-22 15:54 . 2009-04-22 15:54 516096 ----a-w c:\windows\UN32.EXE
2009-04-22 15:53 . 2009-04-23 15:50 -------- d-----w C:\TRANSLAT
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\EuroTalk
2009-04-22 14:01 . 2009-04-22 14:01 -------- d-----w c:\program files\EuroTalk
2009-04-22 13:57 . 2009-04-22 13:57 -------- d-----w c:\documents and settings\All Users\Data aplikací\DVDXStudio
2009-04-22 13:57 . 2009-04-22 14:00 -------- d-----w c:\program files\CloneDVD
2009-04-22 13:26 . 2009-04-22 13:27 -------- d-----w c:\program files\QuickTime
2009-04-22 13:26 . 2009-04-22 13:26 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\program files\Apple Software Update
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\All Users\Data aplikací\Apple
2009-04-22 13:25 . 2009-04-22 13:25 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Apple Computer
2009-04-22 13:18 . 2009-04-22 13:18 -------- d-----w c:\program files\ImTOO
2009-04-22 13:14 . 2009-04-22 13:14 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Stellarium
2009-04-22 13:13 . 2009-04-22 13:13 -------- d-----w c:\program files\Stellarium
2009-04-22 13:07 . 2008-11-20 19:19 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-22 13:07 . 2008-11-20 19:19 9200 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-22 13:06 . 2009-04-22 13:06 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-22 12:59 . 2009-04-22 12:59 -------- d-----w c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Google
2009-04-22 12:59 . 2009-04-22 13:07 -------- d-----w c:\program files\Google
2009-04-22 04:33 . 2009-04-22 04:40 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-22 04:33 . 2009-04-22 04:44 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2009-04-22 04:33 . 2009-04-22 04:39 -------- d-----w c:\program files\AutoCAD 2009
2009-04-22 04:33 . 2009-04-22 04:33 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Autodesk
2009-04-20 12:03 . 2009-04-20 12:03 -------- d-----w c:\program files\Activision
2009-04-20 12:00 . 2009-04-20 12:00 -------- d-sh--w c:\windows\ftpcache
2009-04-19 17:21 . 2009-04-19 17:21 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\Fraus
2009-04-19 15:55 . 2009-04-25 20:07 955128 ----a-w c:\documents and settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2009-04-19 15:49 . 2009-04-19 15:49 -------- d-----w c:\windows\system32\XPSViewer
2009-04-19 15:48 . 2009-04-19 15:48 -------- d-----w c:\program files\Reference Assemblies
2009-04-19 15:47 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-19 15:33 . 2008-05-30 12:18 238088 ----a-w c:\windows\system32\xactengine3_1.dll
2009-04-19 15:31 . 2009-04-26 10:40 -------- d-----w c:\windows\Logs
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\gtk-2.0
2009-04-17 20:42 . 2009-04-17 20:42 -------- d-----w c:\documents and settings\Jakub Hasman\.thumbnails
2009-04-17 13:47 . 2009-04-17 13:47 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Stardock
2009-04-17 13:47 . 2009-04-17 13:47 -------- dc-h--w c:\documents and settings\All Users\Data aplikací\{7D93B3B9-36B7-4383-9666-CFAD7F2AC87E}
2009-04-17 13:47 . 2009-04-25 21:44 -------- d-----w c:\program files\Stardock
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikací\PSpad
2009-04-17 12:23 . 2009-04-17 12:23 -------- d-----w c:\program files\PSPad editor
2009-04-15 21:29 . 2009-04-15 21:29 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-15 19:10 . 2009-04-15 19:10 -------- d-----w c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-04-15 19:02 . 2009-04-15 19:02 -------- d-----w c:\program files\Bonjour
2009-04-15 18:35 . 2009-04-15 18:35 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-15 18:30 . 2001-08-17 17:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys
2009-04-15 18:30 . 2001-08-17 17:57 16128 ----a-w c:\windows\system32\drivers\MODEMCSA.sys
2009-04-15 16:14 . 2009-04-15 16:17 -------- d-----w c:\program files\Bus Driver
2009-04-15 16:01 . 2009-04-15 16:01 -------- d-----w c:\program files\Pothos
2009-04-13 10:47 . 2009-04-13 10:47 -------- d-----w c:\program files\VirualDub
2009-04-12 20:01 . 2009-04-12 20:11 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 20:01 . 2009-04-12 20:11 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 20:01 . 2009-04-12 20:26 -------- d-----w c:\program files\Kaspersky Lab
2009-04-12 20:01 . 2009-04-27 16:42 -------- d-----w c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2009-04-12 20:01 . 2009-04-27 18:28 6132256 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-12 20:01 . 2009-04-27 18:28 403488 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-12 19:51 . 2009-04-14 12:07 -------- d-----w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\Adobe
2009-04-11 15:49 . 2008-04-13 20:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-11 10:33 . 2009-04-11 10:33 -------- d-----w c:\documents and settings\Jakub Hasman\Data aplikacíRetinax
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 17:53 . 2009-04-10 21:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-27 15:39 . 2009-04-12 20:01 37964 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-27 15:39 . 2009-04-12 20:01 80372 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-26 15:08 . 2008-04-14 08:52 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-26 09:54 . 2009-04-10 20:26 134664 ----a-w c:\documents and settings\Jakub Hasman\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2009-04-25 20:16 . 2009-04-10 22:19 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-25 20:11 . 2009-04-10 22:16 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-22 17:01 . 2006-04-03 17:47 48 ----a-w c:\windows\ELP0102.dat
2009-04-22 16:56 . 2004-03-28 16:35 48 ----a-w c:\windows\ELP0103.dat
2009-04-20 12:01 . 2009-04-10 20:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-19 15:56 . 2001-10-25 16:00 76696 ----a-w c:\windows\system32\perfc005.dat
2009-04-19 15:56 . 2001-10-25 16:00 424356 ----a-w c:\windows\system32\perfh005.dat
2009-04-15 19:05 . 2009-04-10 21:01 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 17:46 . 2009-04-10 21:19 -------- d-----w c:\program files\Zoner
2009-04-15 17:46 . 2009-04-10 21:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-12 20:12 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-04-11 15:50 . 2009-04-10 22:04 -------- d-----w c:\program files\The KMPlayer
2009-04-10 22:49 . 2009-04-10 20:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 22:48 . 2009-04-10 22:48 -------- d-----w c:\program files\Rockstar Games
2009-04-10 21:53 . 2009-04-10 21:52 -------- d-----w c:\program files\ICQ6.5
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\program files\NCH Swift Sound
2009-04-10 21:48 . 2009-04-10 21:07 -------- d-----w c:\program files\Ashampoo
2009-04-10 21:33 . 2009-04-10 21:33 -------- d-----w c:\program files\PowerISO
2009-04-10 21:32 . 2009-04-10 21:32 -------- d-----w c:\program files\Lavalys
2009-04-10 21:29 . 2009-04-10 21:25 -------- d-----w c:\program files\TC UP
2009-04-10 21:23 . 2009-04-10 21:22 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-10 21:23 . 2009-04-10 21:23 -------- d-----w c:\program files\InterActual
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\InterVideo
2009-04-10 21:22 . 2009-04-10 21:22 -------- d-----w c:\program files\Creative
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 47360 ----a-w c:\documents and settings\Jakub Hasman\Data aplikací\pcouffin.sys
2009-04-10 21:18 . 2009-04-10 21:18 -------- d-----w c:\program files\VSO
2009-04-10 21:17 . 2009-04-10 21:17 -------- d-----w c:\program files\PC Health Optimizer Free Edition
2009-04-10 21:15 . 2009-04-10 21:15 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\IrfanView
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\GIMP-2.0
2009-04-10 21:13 . 2009-04-10 21:13 -------- d-----w c:\program files\Codec Pack - All In 1
2009-04-10 21:12 . 2009-04-10 21:13 737280 ----a-w c:\windows\iun6002.exe
2009-04-10 21:12 . 2009-04-10 21:12 -------- d-----w c:\program files\CCleaner
2009-04-10 21:11 . 2009-04-10 21:11 -------- d-----w c:\program files\DsNET Corp
2009-04-10 21:02 . 2009-04-10 21:02 -------- d-----w c:\program files\AIMP2
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\Microsoft Works
2009-04-10 20:49 . 2009-04-10 20:49 -------- d-----w c:\program files\MSBuild
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Opera
2009-04-10 20:28 . 2009-04-10 20:28 -------- d-----w c:\program files\Analog Devices
2009-04-10 20:25 . 2009-04-10 20:25 -------- d-----w c:\program files\Windows Defender
2009-04-10 20:20 . 2009-04-10 20:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-10 20:18 . 2001-10-25 16:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-10 20:18 . 2009-04-10 20:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-10 20:14 . 2009-04-10 20:14 21812 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-10 20:14 . 2009-04-10 20:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 12:18 . 2009-04-19 15:34 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 . 2009-04-19 15:34 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 . 2009-04-19 15:34 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 . 2009-04-19 15:34 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 . 2009-04-19 15:34 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-06 14:23 . 2008-04-14 08:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:14 . 2008-03-01 13:02 817152 ----a-w c:\windows\system32\wininet.dll
2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 17:13 . 2008-04-27 10:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:09 . 2008-04-14 06:06 2068224 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:07 . 2008-04-14 07:45 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:26 . 2008-04-14 08:07 2191232 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:25 . 2008-04-14 08:52 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:56 . 2008-04-14 08:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:56 . 2008-04-14 08:51 728064 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:56 . 2008-04-14 08:51 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:56 . 2008-04-14 08:51 709632 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-10-25 16:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-14 08:51 56832 ----a-w c:\windows\system32\secur32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-09-25 87751]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
"wave1"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 gupdate1c9c34a29819848;Google Update Service (gupdate1c9c34a29819848);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-01-09 410976]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-25 603904]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-14 69120]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AshampooDefragService
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gupdate1c9c34a29819848
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ParVdm
*Deregistered* - pcouffin
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Schedule
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - TuneUp.ProgramStatisticsSvc
*Deregistered* - Update
*Deregistered* - UxTuneUp
*Deregistered* - VD_FileDisk
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-04-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 12:59]
2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-04-27 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=e09 ... e=20090417
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
c:\windows\system32\ZSHP1020.EXE [2096] 0x85640CB0
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1176)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Celkový čas: 2009-04-27 20:30
ComboFix-quarantined-files.txt 2009-04-27 18:30
ComboFix2.txt 2009-04-27 16:25
Před spuštěním: Volných bajtů: 34 176 016 384
Po spuštění: Volných bajtů: 34 173 005 824
400 --- E O F --- 2009-04-24 12:14
a tady nový log z hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:42, on 27.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?AcquisitionID=e09 ... e=20090417
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-448539723-261903793-1417001333-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c34a29819848) (gupdate1c9c34a29819848) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8559 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
nainstaluj si nějaký free antivir, Avast, Avira nebo AVG.
defragmentaci HDD můžeš zkusit, tady je to vše.
Kód: Vybrat vše
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
nainstaluj si nějaký free antivir, Avast, Avira nebo AVG.
defragmentaci HDD můžeš zkusit, tady je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu z hijackthisu - pomalé PC
dobře - děkuji za ochotu
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 66 hostů