Aktualne.cz - kontrola logu

Marek Lučin · Příspěvekod **Marek Lučin** » 17 črc 2009 10:02

Mohu poprosit o kontrolu logu?
Děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:14, on 17.7.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\DVDAudio\CTDVDDET.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 5650 bytes

//odděleno od původního tématu

//mmm

Reklama

Damned · Příspěvekod **Damned** » 17 črc 2009 12:31

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pak se ti na to mrkne někdo kdo zná Visty lépe než já.

Marek Lučin · Příspěvekod **Marek Lučin** » 17 črc 2009 18:27

Tak tady je log, vypadá to, že je vše v pořádku.Problém bude jinde.

Malwarebytes' Anti-Malware 1.39
Database version: 2451
Windows 6.0.6002 Service Pack 2

17.7.2009 18:25:50
mbam-log-2009-07-17 (18-25-50).txt

Scan type: Quick Scan
Objects scanned: 75172
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Příspěvekod **jaro3** » 17 črc 2009 18:44

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O1 - Hosts: ::1 localhost
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si GooredFix

a ulož si ho na plochu.Poklepej na něj .
Vyber 1 . Find Goored (no fix) a klikni na Enter.
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).
Neklikej na volbu 2 !
Popiš případně problémy.

Marek Lučin · Příspěvekod **Marek Lučin** » 17 črc 2009 18:57

Pro začátek popis problému :
Dnes jsem zjistil následující věc.Když kliknu v oblíbených záložkách na odkaz této stránky, zobrazí se mi červené varování, že aplikace Internet Explorer nemůže stáhnout z m.aktualne.centrum.cz něco (nějaký soubor ve formátu MIME nebo co) ..., že jí nelze otevřít.
PC pročištěno, problém přetrvává.Ten soubor, který se snaží IE stáhnout má velikost 3,66kb a je typu MIME, jinak se tváří jako neznámý typ.
Zadám Aktualne.cz, otevře se okno pro načtení stránky a hned vzápětí dialog pro stahování toho souboru.

Příspěvekod **jaro3** » 17 črc 2009 19:01

Stáhni si FixIEDef by ShadowPuterDude
na plochu.
Poklepej na FixIEDef
Až se objeví Copyright and Disclaimer notice, klikni na OK a poté na Scan.
Když se objeví zpráva , klikni na OK. Když program skončí , klikni na Exit.
Log se objeví na ploše. Vlož celý obsah toho logu sem.

poté vypni rez. ochranu u Avastu + štít u Windows Defenderu.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Marek Lučin · Příspěvekod **Marek Lučin** » 17 črc 2009 20:18

Na rovinu říkám, že to už je na mě moc.
Asi bych to zvládl, ale nechci na PC kvůli téhle věci instalovat tolik různých programů.
HiJackThis nestačí?

Příspěvekod **jaro3** » 17 črc 2009 20:46

HJT nestačí, potřebujeme další programy. Ty potom zase odinstalujeme.
Omlouvám se za zpoždění - bouřka -výpadky proudu.

Marek Lučin · Příspěvekod **Marek Lučin** » 17 črc 2009 23:07

Omlouvám se za zpoždění.

********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7514 *
* *
********************************************************************************

Created at 23:05:52 on Friday, July 17, 2009

Time Zone : (GMT+01:00) Praha, Bratislava, Budapešť, Bělehrad, Lublaň

Logged On User : Marek Lučin

Operating System : Microsoft® Windows Vista™ Home Premium Service Pack 2
OS Architecture : X86
System Langauge : Czech
Keyboard Layout : Czech
Processor : X64 Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz

System Drive : C:\
Windows Directory : C:\Windows
System Directory : C:\Windows\system32

System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 610.48 GB
System Drive Free : 525.83 GB

Total Physical Memory: 3070 MB
Free Physical Memory : 2198 MB
Total Page File : 3070 MB
Free Page File : 5463 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1943 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Marek Lučin · Příspěvekod **Marek Lučin** » 17 črc 2009 23:20

ComboFix 09-07-14.08 - Marek Lučin 17.07.2009 23:11.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2184 [GMT 2:00]
Spuštěný z: c:\users\Marek Lučin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-17 do 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 21:05 . 2009-07-17 21:05 -------- d-----w- c:\windows\ERUNT
2009-07-17 21:05 . 2009-07-17 21:05 -------- d-----w- C:\!FixIEDef
2009-07-17 16:31 . 2009-07-17 16:31 -------- d-----w- c:\program files\iPod
2009-07-17 16:31 . 2009-07-17 16:31 -------- d-----w- c:\program files\iTunes
2009-07-17 16:29 . 2009-07-17 16:29 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 16:22 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 16:22 . 2009-07-17 16:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 16:22 . 2009-07-17 16:22 -------- d-----w- c:\programdata\Malwarebytes
2009-07-17 16:22 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 08:01 . 2009-07-17 08:01 -------- d-----w- c:\program files\Trend Micro
2009-07-15 06:55 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:55 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 06:55 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:55 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:55 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-04 20:41 . 2009-05-18 12:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2009-07-04 20:36 . 2009-07-04 20:41 56725552 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Sound Blaster X-Fi series driver 2.18.0013__\SBXF_PCDRV_LB_2_18_0013.exe
2009-07-01 07:59 . 2009-07-01 07:59 -------- d-----w- c:\windows\system32\eu-ES
2009-07-01 07:59 . 2009-07-01 07:59 -------- d-----w- c:\windows\system32\ca-ES
2009-07-01 07:59 . 2009-07-01 07:59 -------- d-----w- c:\windows\system32\vi-VN
2009-07-01 07:55 . 2009-07-01 07:55 -------- d-----w- c:\windows\system32\EventProviders
2009-07-01 07:53 . 2009-04-11 06:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 20:56 . 2008-01-21 06:46 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-07-17 20:56 . 2008-01-21 06:46 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-07-17 20:52 . 2009-05-27 13:31 32441 ----a-w- c:\programdata\nvModes.dat
2009-07-17 20:52 . 2009-01-30 05:45 -------- d-----w- c:\programdata\NVIDIA
2009-07-17 20:52 . 2009-01-30 05:18 16608 ----a-w- c:\windows\gdrv.sys
2009-07-17 16:31 . 2009-01-30 06:53 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 21:09 . 2009-01-30 07:47 -------- d-----w- c:\program files\Steam
2009-07-15 06:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-04 20:42 . 2009-01-30 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 20:42 . 2009-01-30 05:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-04 20:42 . 2009-01-30 05:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-01 17:06 . 2009-03-23 09:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-01 17:06 . 2009-03-23 09:02 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-01 07:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-01 07:56 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-29 17:25 . 2009-01-30 07:52 -------- d-----w- c:\program files\Common Files\Steam
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 06:34 . 2009-06-10 06:34 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-06-10 06:34 . 2009-06-10 06:34 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-06-10 06:34 . 2009-06-10 06:34 4028960 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:34 . 2009-06-10 06:34 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:34 . 2009-06-10 06:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-06-10 06:34 . 2009-06-10 06:34 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-06-10 06:34 . 2009-06-10 06:34 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-06-10 06:34 . 2009-06-10 06:34 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:34 . 2009-06-10 06:34 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-06-10 06:34 . 2009-06-10 06:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 06:34 . 2009-06-10 06:34 13785632 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 04:03 . 2009-06-10 04:03 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 04:03 . 2009-06-10 04:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-06-10 04:03 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 04:03 . 2009-06-10 04:03 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 04:03 . 2009-06-10 04:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2009-06-10 04:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-06-10 04:03 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 04:03 . 2009-01-15 07:19 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-01-15 07:19 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-05 16:44 . 2009-06-05 16:44 -------- d-----w- c:\program files\QuickTime
2009-06-04 14:39 . 2009-01-30 05:37 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-04 00:48 . 2009-06-04 00:48 15384 ----a-w- c:\windows\system32\drivers\pfmodnt.sys
2009-06-04 00:48 . 2009-06-04 00:48 1177624 ----a-w- c:\windows\system32\drivers\ha20x2k.sys
2009-06-04 00:48 . 2009-06-04 00:48 95768 ----a-w- c:\windows\system32\drivers\emupia2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 158744 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 14360 ----a-w- c:\windows\system32\drivers\ctprxy2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 130072 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 347080 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 526232 ----a-w- c:\windows\system32\drivers\ctaud2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 511000 ----a-w- c:\windows\system32\drivers\ctac32k.sys
2009-06-04 00:46 . 2009-06-04 00:46 1324056 ----a-w- c:\windows\system32\drivers\CTEXFIFX.sys
2009-06-04 00:46 . 2009-06-04 00:46 72728 ----a-w- c:\windows\system32\drivers\CTHWIUT.sys
2009-06-04 00:46 . 2009-06-04 00:46 171032 ----a-w- c:\windows\system32\drivers\CT20XUT.sys
2009-06-03 22:59 . 2007-10-25 13:59 11776 ----a-w- c:\windows\INRES.DLL
2009-06-03 22:59 . 2008-10-07 22:44 181248 ----a-w- c:\windows\system32\ctdvinst.dll
2009-06-03 22:59 . 2007-10-25 13:59 86016 ----a-w- c:\windows\system32\ctcoinst.dll
2009-06-03 22:57 . 2009-06-03 22:57 60928 ----a-w- c:\windows\system32\a3d.dll
2009-06-03 22:56 . 2009-06-03 22:56 48640 ----a-w- c:\windows\system32\ac3api.dll
2009-06-03 22:55 . 2009-06-03 22:55 41472 ----a-w- c:\windows\system32\CTxfiBtn.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\system32\CtxfiRes.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\CTXFIRES.DLL
2009-06-03 22:55 . 2009-06-03 22:55 39424 ----a-w- c:\windows\system32\CTxfiSpk.dll
2009-06-03 22:55 . 2009-06-03 22:55 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2009-06-03 22:50 . 2009-06-03 22:50 47104 ----a-w- c:\windows\system32\CTxfiReg.exe
2009-06-03 22:50 . 2009-06-03 22:50 15360 ----a-w- c:\windows\system32\Ct20xspi.dll
2009-06-03 22:49 . 2009-06-03 22:49 1213440 ----a-w- c:\windows\system32\CTxfispi.exe
2009-06-03 22:40 . 2009-06-03 22:40 56509 ----a-w- c:\windows\system32\SETE968.tmp
2009-06-03 22:40 . 2009-06-03 22:40 321512 ----a-w- c:\windows\system32\SETE907.tmp
2009-06-03 22:40 . 2009-06-03 22:40 114688 ----a-w- c:\windows\system32\ctemupia.dll
2009-06-03 22:37 . 2009-06-03 22:37 193024 ----a-w- c:\windows\system32\ct_oal.dll
2009-06-03 22:37 . 2009-06-03 22:37 50688 ----a-w- c:\windows\system32\ctasio.dll
2009-06-03 22:37 . 2008-10-07 22:27 53248 ----a-w- c:\windows\system32\ctdproxy.dll
2009-06-03 22:36 . 2009-06-03 22:36 74752 ----a-w- c:\windows\system32\ctosuser.dll
2009-06-03 22:36 . 2009-06-03 22:36 10240 ----a-w- c:\windows\system32\sfman32.dll
2009-06-03 22:36 . 2009-06-03 22:36 108544 ----a-w- c:\windows\system32\sfms32.dll
2009-06-03 22:36 . 2009-06-03 22:36 16384 ----a-w- c:\windows\system32\regplib.exe
2009-06-03 22:36 . 2009-06-03 22:36 68608 ----a-w- c:\windows\system32\piaproxy.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2009-06-03 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,fc,e5,62,22,fa,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D45FD965-254E-432E-B533-02EA04422797}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F9882C47-28E4-4D20-A6BB-81A7ECC0A8D4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{869E4A88-FBE5-4C48-88F1-724DADA44E40}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\team fortress 2\hl2.exe:hl2
"UDP Query User{EB440361-BF93-4EB6-B42A-9B3C6FD7049B}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\team fortress 2\hl2.exe:hl2
"TCP Query User{2319439D-BC52-4F1E-8F77-BD9374A299A1}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\counter-strike source\hl2.exe:hl2
"UDP Query User{F0A8CDEF-076F-43C5-AA33-343C2E20A864}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\counter-strike source\hl2.exe:hl2
"TCP Query User{907B319A-6687-4AE0-8196-E2CE10BD93A4}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\day of defeat source\hl2.exe:hl2
"UDP Query User{E2C4858F-7FA3-44D8-831A-C9ECFCBABDD5}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\day of defeat source\hl2.exe:hl2
"TCP Query User{A1E88591-B93D-4711-9051-48D1FBA53C33}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{444D6303-17EE-4772-AA43-1968118F9FC3}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\half-life 2 deathmatch\hl2.exe:hl2
"{56CFB609-BFD7-4DB3-BFB0-246FB1CE1048}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{979DF09D-5A59-430F-9598-846B72D1527E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{644D0927-38B7-4E29-BD42-D56240C6D0AD}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{B05136DB-4067-422B-9E57-13FA0F1FDD5F}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{5071CB29-F447-4A32-89A5-5BCA1B215572}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8B1582D9-4D04-4C47-93B5-BDD71447D9EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [30.1.2009 8:49 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [30.1.2009 8:49 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [30.1.2009 8:49 51792]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [30.1.2009 7:19 80392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10.6.2009 6:33 232960]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [15.5.2009 9:59 604416]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [27.2.2009 16:21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27.2.2009 16:19 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{F4743048-02BD-43E5-8965-5AB4E81AC523}.job
- c:\windows\system32\msfeedssync.exe [2009-04-29 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 23:14
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3461717675-3802251623-180544160-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0b,2b,ad,6d,0f,22,f2,db,70,2f,47,c6,01,ff,43,8b,b5,a7,87,0c,e4,06,dd,
44,10,cf,81,78,a6,8b,7a,5d,48,f2,1f,61,3b,ef,07,79,4e,e0,2b,ac,b0,a9,62,c1,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_USERS\S-1-5-21-3461717675-3802251623-180544160-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fe,02,d5,46,95,0a,20,6c,cf,a4,c3,a8,e7,50,5a,c6,8d,53,ac,1d,b6,
05,43,f3,6a,b1,e9,14,61,9b,74,bc,b5,7d,47,65,94,aa,fe,1d,25,44,10,81,67,7b,\
"rkeysecu"=hex:38,26,28,f1,98,4e,16,2f,03,db,4a,49,d6,43,ab,9a
.
Celkový čas: 2009-07-17 23:15
ComboFix-quarantined-files.txt 2009-07-17 21:15

Před spuštěním: Volných bajtů: 551 285 108 736
Po spuštění: Volných bajtů: 551 258 333 184

Příspěvekod **jaro3** » 18 črc 2009 07:27

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\programdata\nvModes.dat
c:\windows\system32\SETE968.tmp
c:\windows\system32\SETE907.tmp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\AppSetup.exe
Vlož sem pak odkaz výsledku.

Marek Lučin · Příspěvekod **Marek Lučin** » 18 črc 2009 08:04

ComboFix 09-07-14.08 - Marek Lučin 18.07.2009 8:00.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2238 [GMT 2:00]
Spuštěný z: c:\users\Marek Lučin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marek Lučin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\nvModes.dat"
"c:\windows\system32\SETE907.tmp"
"c:\windows\system32\SETE968.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\nvModes.dat
c:\windows\system32\SETE907.tmp
c:\windows\system32\SETE968.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-18 do 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-17 21:05 . 2009-07-17 21:05 -------- d-----w- C:\ERDNT
2009-07-17 21:05 . 2009-07-17 21:05 -------- d-----w- c:\windows\ERUNT
2009-07-17 21:05 . 2009-07-17 21:05 -------- d-----w- C:\!FixIEDef
2009-07-17 16:31 . 2009-07-17 16:31 -------- d-----w- c:\program files\iPod
2009-07-17 16:31 . 2009-07-17 16:31 -------- d-----w- c:\program files\iTunes
2009-07-17 16:29 . 2009-07-17 16:29 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 16:22 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 16:22 . 2009-07-17 16:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 16:22 . 2009-07-17 16:22 -------- d-----w- c:\programdata\Malwarebytes
2009-07-17 16:22 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 08:01 . 2009-07-17 08:01 -------- d-----w- c:\program files\Trend Micro
2009-07-15 06:55 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:55 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 06:55 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:55 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:55 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-04 20:41 . 2009-05-18 12:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2009-07-04 20:36 . 2009-07-04 20:41 56725552 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Sound Blaster X-Fi series driver 2.18.0013__\SBXF_PCDRV_LB_2_18_0013.exe
2009-07-01 07:59 . 2009-07-01 07:59 -------- d-----w- c:\windows\system32\eu-ES
2009-07-01 07:59 . 2009-07-01 07:59 -------- d-----w- c:\windows\system32\ca-ES
2009-07-01 07:59 . 2009-07-01 07:59 -------- d-----w- c:\windows\system32\vi-VN
2009-07-01 07:55 . 2009-07-01 07:55 -------- d-----w- c:\windows\system32\EventProviders
2009-07-01 07:53 . 2009-04-11 06:33 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 05:57 . 2008-01-21 06:46 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-07-18 05:57 . 2008-01-21 06:46 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-07-18 05:53 . 2009-01-30 05:45 -------- d-----w- c:\programdata\NVIDIA
2009-07-18 05:53 . 2009-01-30 05:18 16608 ----a-w- c:\windows\gdrv.sys
2009-07-17 16:31 . 2009-01-30 06:53 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 21:09 . 2009-01-30 07:47 -------- d-----w- c:\program files\Steam
2009-07-15 06:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-04 20:42 . 2009-01-30 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 20:42 . 2009-01-30 05:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-04 20:42 . 2009-01-30 05:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-01 17:06 . 2009-03-23 09:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-01 17:06 . 2009-03-23 09:02 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-01 07:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-01 07:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-01 07:56 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-29 17:25 . 2009-01-30 07:52 -------- d-----w- c:\program files\Common Files\Steam
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 06:34 . 2009-06-10 06:34 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-06-10 06:34 . 2009-06-10 06:34 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-06-10 06:34 . 2009-06-10 06:34 4028960 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:34 . 2009-06-10 06:34 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:34 . 2009-06-10 06:34 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-06-10 06:34 . 2009-06-10 06:34 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-06-10 06:34 . 2009-06-10 06:34 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-06-10 06:34 . 2009-06-10 06:34 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:34 . 2009-06-10 06:34 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-06-10 06:34 . 2009-06-10 06:34 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-06-10 06:34 . 2009-06-10 06:34 13785632 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-10 04:03 . 2009-06-10 04:03 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 04:03 . 2009-06-10 04:03 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-06-10 04:03 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 04:03 . 2009-06-10 04:03 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 04:03 . 2009-06-10 04:03 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2009-06-10 04:03 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-06-10 04:03 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 04:03 . 2009-01-15 07:19 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-01-15 07:19 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-05 16:44 . 2009-06-05 16:44 -------- d-----w- c:\program files\QuickTime
2009-06-04 14:39 . 2009-01-30 05:37 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-04 00:48 . 2009-06-04 00:48 15384 ----a-w- c:\windows\system32\drivers\pfmodnt.sys
2009-06-04 00:48 . 2009-06-04 00:48 1177624 ----a-w- c:\windows\system32\drivers\ha20x2k.sys
2009-06-04 00:48 . 2009-06-04 00:48 95768 ----a-w- c:\windows\system32\drivers\emupia2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 158744 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 14360 ----a-w- c:\windows\system32\drivers\ctprxy2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 130072 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 347080 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 526232 ----a-w- c:\windows\system32\drivers\ctaud2k.sys
2009-06-04 00:47 . 2009-06-04 00:47 511000 ----a-w- c:\windows\system32\drivers\ctac32k.sys
2009-06-04 00:46 . 2009-06-04 00:46 1324056 ----a-w- c:\windows\system32\drivers\CTEXFIFX.sys
2009-06-04 00:46 . 2009-06-04 00:46 72728 ----a-w- c:\windows\system32\drivers\CTHWIUT.sys
2009-06-04 00:46 . 2009-06-04 00:46 171032 ----a-w- c:\windows\system32\drivers\CT20XUT.sys
2009-06-03 22:59 . 2007-10-25 13:59 11776 ----a-w- c:\windows\INRES.DLL
2009-06-03 22:59 . 2008-10-07 22:44 181248 ----a-w- c:\windows\system32\ctdvinst.dll
2009-06-03 22:59 . 2007-10-25 13:59 86016 ----a-w- c:\windows\system32\ctcoinst.dll
2009-06-03 22:57 . 2009-06-03 22:57 60928 ----a-w- c:\windows\system32\a3d.dll
2009-06-03 22:56 . 2009-06-03 22:56 48640 ----a-w- c:\windows\system32\ac3api.dll
2009-06-03 22:55 . 2009-06-03 22:55 41472 ----a-w- c:\windows\system32\CTxfiBtn.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\system32\CtxfiRes.dll
2009-06-03 22:55 . 2009-06-03 22:55 2560 ----a-w- c:\windows\CTXFIRES.DLL
2009-06-03 22:55 . 2009-06-03 22:55 39424 ----a-w- c:\windows\system32\CTxfiSpk.dll
2009-06-03 22:55 . 2009-06-03 22:55 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2009-06-03 22:50 . 2009-06-03 22:50 47104 ----a-w- c:\windows\system32\CTxfiReg.exe
2009-06-03 22:50 . 2009-06-03 22:50 15360 ----a-w- c:\windows\system32\Ct20xspi.dll
2009-06-03 22:49 . 2009-06-03 22:49 1213440 ----a-w- c:\windows\system32\CTxfispi.exe
2009-06-03 22:40 . 2009-06-03 22:40 114688 ----a-w- c:\windows\system32\ctemupia.dll
2009-06-03 22:37 . 2009-06-03 22:37 193024 ----a-w- c:\windows\system32\ct_oal.dll
2009-06-03 22:37 . 2009-06-03 22:37 50688 ----a-w- c:\windows\system32\ctasio.dll
2009-06-03 22:37 . 2008-10-07 22:27 53248 ----a-w- c:\windows\system32\ctdproxy.dll
2009-06-03 22:36 . 2009-06-03 22:36 74752 ----a-w- c:\windows\system32\ctosuser.dll
2009-06-03 22:36 . 2009-06-03 22:36 10240 ----a-w- c:\windows\system32\sfman32.dll
2009-06-03 22:36 . 2009-06-03 22:36 108544 ----a-w- c:\windows\system32\sfms32.dll
2009-06-03 22:36 . 2009-06-03 22:36 16384 ----a-w- c:\windows\system32\regplib.exe
2009-06-03 22:36 . 2009-06-03 22:36 68608 ----a-w- c:\windows\system32\piaproxy.dll
2009-06-03 22:33 . 2009-06-03 22:33 7680 ----a-w- c:\windows\system32\enlocstr.exe
2009-06-03 22:32 . 2009-06-03 22:32 12800 ----a-w- c:\windows\system32\killapps.exe
2009-06-03 22:31 . 2009-06-03 22:31 36864 ----a-w- c:\windows\system32\devreg.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-17_21.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-18 05:55 35638 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-07-17 20:53 35638 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-18 05:55 60814 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-30 05:15 . 2009-07-17 20:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-30 05:15 . 2009-07-18 05:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-30 05:15 . 2009-07-17 20:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-30 05:15 . 2009-07-18 05:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-30 05:15 . 2009-07-18 05:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-30 05:15 . 2009-07-17 20:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-30 05:16 . 2009-07-18 05:55 8448 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3461717675-3802251623-180544160-1000_UserData.bin
- 2009-07-17 20:51 . 2009-07-17 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-18 05:53 . 2009-07-18 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-18 05:57 586980 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-17 20:56 586980 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-18 05:57 101052 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-17 20:56 101052 c:\windows\System32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-10-25 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2009-06-03 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,fc,e5,62,22,fa,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D45FD965-254E-432E-B533-02EA04422797}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F9882C47-28E4-4D20-A6BB-81A7ECC0A8D4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{869E4A88-FBE5-4C48-88F1-724DADA44E40}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\team fortress 2\hl2.exe:hl2
"UDP Query User{EB440361-BF93-4EB6-B42A-9B3C6FD7049B}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\team fortress 2\hl2.exe:hl2
"TCP Query User{2319439D-BC52-4F1E-8F77-BD9374A299A1}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\counter-strike source\hl2.exe:hl2
"UDP Query User{F0A8CDEF-076F-43C5-AA33-343C2E20A864}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\counter-strike source\hl2.exe:hl2
"TCP Query User{907B319A-6687-4AE0-8196-E2CE10BD93A4}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\day of defeat source\hl2.exe:hl2
"UDP Query User{E2C4858F-7FA3-44D8-831A-C9ECFCBABDD5}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\day of defeat source\hl2.exe:hl2
"TCP Query User{A1E88591-B93D-4711-9051-48D1FBA53C33}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\l2u1c7i8n\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{444D6303-17EE-4772-AA43-1968118F9FC3}c:\\program files\\steam\\steamapps\\l2u1c7i8n\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\l2u1c7i8n\half-life 2 deathmatch\hl2.exe:hl2
"{56CFB609-BFD7-4DB3-BFB0-246FB1CE1048}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{979DF09D-5A59-430F-9598-846B72D1527E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{644D0927-38B7-4E29-BD42-D56240C6D0AD}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{B05136DB-4067-422B-9E57-13FA0F1FDD5F}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{5071CB29-F447-4A32-89A5-5BCA1B215572}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8B1582D9-4D04-4C47-93B5-BDD71447D9EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [30.1.2009 8:49 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [30.1.2009 8:49 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [30.1.2009 8:49 51792]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [30.1.2009 7:19 80392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10.6.2009 6:33 232960]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [15.5.2009 9:59 604416]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [27.2.2009 16:21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27.2.2009 16:19 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [4.6.2009 2:46 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [4.6.2009 2:46 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [4.6.2009 2:46 72728]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{F4743048-02BD-43E5-8965-5AB4E81AC523}.job
- c:\windows\system32\msfeedssync.exe [2009-04-29 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 08:02
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3461717675-3802251623-180544160-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:0b,2b,ad,6d,0f,22,f2,db,70,2f,47,c6,01,ff,43,8b,b5,a7,87,0c,e4,06,dd,
44,10,cf,81,78,a6,8b,7a,5d,48,f2,1f,61,3b,ef,07,79,4e,e0,2b,ac,b0,a9,62,c1,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_USERS\S-1-5-21-3461717675-3802251623-180544160-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fe,02,d5,46,95,0a,20,6c,cf,a4,c3,a8,e7,50,5a,c6,8d,53,ac,1d,b6,
05,43,f3,6a,b1,e9,14,61,9b,74,bc,b5,7d,47,65,94,aa,fe,1d,25,44,10,81,67,7b,\
"rkeysecu"=hex:38,26,28,f1,98,4e,16,2f,03,db,4a,49,d6,43,ab,9a
.
Celkový čas: 2009-07-18 8:03
ComboFix-quarantined-files.txt 2009-07-18 06:03

Před spuštěním: Volných bajtů: 551 959 732 224
Po spuštění: Volných bajtů: 551 933 636 608

Aktualne.cz - kontrola logu

Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Re: Aktualne.cz - kontrola logu

Kdo je online