Tak sem tu zas O2 tu asi něco dělali a nešel net. Jo a ten Spyware Terminátor sem měl nainstalovanej ten jel.
ComboFix 09-01-21.01 - Roman 2009-01-22 10:28:36.7 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1222 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Roman\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\System32\drivers\sp_rsdrv2.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinClamAVShield
c:\program files\WinClamAVShield\ClamAVServer.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SP_RSDRV2
-------\Service_sp_rsdrv2
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-22 do 2009-01-22 )))))))))))))))))))))))))))))))
.
2009-01-22 09:29 . 2009-01-22 09:29 <DIR> d-------- c:\programdata\SweetIM
2009-01-22 09:29 . 2009-01-22 09:29 <DIR> d-------- c:\program files\SweetIM
2009-01-21 23:16 . 2009-01-21 23:16 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-21 23:16 . 2009-01-21 23:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 23:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-21 23:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-21 14:44 . 2009-01-21 14:44 2,997,872 --a------ c:\windows\System32\drivers\appdrv01.sys
2009-01-21 14:44 . 2009-01-21 14:44 316,816 --a------ c:\windows\System32\appdrvrem01.exe
2009-01-21 13:47 . 2009-01-21 15:31 204,344,926 --a------ c:\windows\MEMORY.DMP
2009-01-21 13:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-21 13:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-21 13:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-21 13:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-21 13:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-21 13:19 . 2009-01-01 14:06 8,192 --a------ c:\windows\System32\drivers\FStarForce.sys
2009-01-21 10:07 . 2000-02-25 12:43 302,592 --a------ c:\windows\mauninst.exe
2009-01-20 17:09 . 2009-01-20 17:09 <DIR> d-------- c:\program files\Crawler
2009-01-18 10:19 . 2009-01-18 10:19 <DIR> d-------- c:\program files\Google
2009-01-17 17:51 . 2009-01-17 17:51 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-17 17:51 . 2009-01-17 17:51 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-17 17:51 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-17 17:51 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-17 12:08 . 2009-01-17 12:08 <DIR> d-------- c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:13 . 2009-01-17 11:13 <DIR> d-------- c:\windows\Java
2009-01-17 11:13 . 2009-01-17 11:13 <DIR> d-------- c:\program files\PC Wizard 2008
2009-01-17 11:13 . 2007-09-15 16:11 27,136 --a------ c:\windows\System32\PCWizard.cpl
2009-01-14 18:41 . 2009-01-14 18:41 <DIR> d-------- c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 18:41 . 2009-01-18 11:07 <DIR> d-------- c:\program files\FlashGet
2009-01-14 03:14 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:25 <DIR> d-------- c:\program files\AxBx
2009-01-12 12:39 . 2009-01-12 12:39 <DIR> d-------- c:\program files\OEZ
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Common Files\BioWare
2009-01-08 06:34 . 2009-01-13 17:37 <DIR> d-------- c:\users\Roman\AppData\Roaming\FSW2
2009-01-07 15:32 . 2009-01-07 15:32 <DIR> d-------- c:\programdata\MumboJumbo
2009-01-07 15:28 . 2009-01-07 15:28 <DIR> d-------- c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 14:05 . 2009-01-07 14:05 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-01-07 14:04 . 2009-01-07 14:04 <DIR> d-------- c:\windows\My Tribe
2009-01-07 14:02 . 2009-01-07 14:02 <DIR> d-------- c:\windows\Mortimer Beckett and the Time Paradox
2009-01-07 14:01 . 2009-01-07 14:01 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\windows\Jungle Quest
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 13:48 . 2009-01-07 13:48 <DIR> d-------- c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 13:47 . 2009-01-07 13:47 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2009-01-07 13:21 . 2009-01-07 13:21 <DIR> d-------- c:\windows\Herods Lost Tomb
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\programdata\PlayFirst
2009-01-07 12:39 . 2009-01-07 12:39 <DIR> d-------- c:\windows\Fitness Dash
2009-01-07 12:24 . 2009-01-07 12:32 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 11:53 . 2009-01-07 11:53 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2009-01-07 11:41 . 2009-01-07 11:41 <DIR> d-------- c:\programdata\Playrix Entertainment
2009-01-07 11:39 . 2009-01-07 11:39 <DIR> d-------- c:\windows\4 Elements
2009-01-07 09:27 . 2009-01-07 09:27 <DIR> d-------- c:\users\Roman\AppData\Roaming\XRay Engine
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\GHISLER
2008-12-28 16:20 . 2008-12-28 16:22 <DIR> d-------- C:\totalcmd
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\UC.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\RAR.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\LHA.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\ARJ.PIF
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\windows\vbSkinner
2008-12-27 19:46 . 2008-12-27 19:49 <DIR> d-------- c:\program files\PFConfig
2008-12-25 14:22 . 2009-01-03 09:50 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-24 16:09 . 2009-01-11 17:49 <DIR> d-------- c:\users\Roman\AppData\Roaming\Vso
2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\VSO
2008-12-24 15:18 . 2008-12-24 16:12 <DIR> d-------- c:\program files\KillProcess
2008-12-24 13:16 . 2009-01-19 20:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-24 09:24 . 2009-01-13 18:02 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-23 14:51 . 2008-12-23 14:51 <DIR> d-------- c:\users\Roman\AppData\Roaming\qUninst
2008-12-23 14:51 . 2008-12-24 15:13 <DIR> d-------- c:\program files\Quick Uninstaller
2008-12-23 14:51 . 2006-10-13 14:30 198,144 --a------ c:\windows\System32\quApplet.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-22 07:50 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 14:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-21 12:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 07:42 --------- d-----w c:\program files\Windows Mail
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-14 07:51 --------- d-----w c:\programdata\Ubisoft
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
2008-12-01 16:11 --------- d-----w c:\programdata\LangSoft
2008-12-01 15:49 --------- d-----w c:\program files\ABC Transdict
2008-12-01 12:59 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-30 09:32 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-30 09:32 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2008-11-30 09:32 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2008-11-30 09:32 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-30 07:30 --------- d-----w c:\users\Roman\AppData\Roaming\DAEMON Tools
2008-11-29 22:39 --------- d-----w c:\program files\ZipItFree
2008-11-29 19:26 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-29 09:28 15,261,184 ----a-w c:\users\Roman\jre-6u10-windows-x64.exe
2008-11-24 17:51 --------- d-----w c:\program files\Yahoo!
2008-11-24 17:51 --------- d-----w c:\program files\CCleaner
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 19:14 --------- d-----w c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 12:59 --------- d-----w c:\program files\Trend Micro
2008-11-23 07:17 --------- d-----w c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-18 06:02 901,120 ----a-w c:\windows\TMUninst.exe
2008-11-16 02:49 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2009-01-21_21.07.32.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-22 08:29:50 10,134 ----a-r c:\windows\Installer\{266C7330-C0F4-49E5-8F20-A56F9F822875}\ARPPRODUCTICON.exe
+ 2009-01-22 08:29:45 10,134 ----a-r c:\windows\Installer\{73DD6B69-02CB-4DA8-A0E0-FC56EE13EB18}\ARPPRODUCTICON.exe
- 2009-01-21 14:31:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-22 09:31:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-21 14:31:42 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-22 09:31:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-21 14:32:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-22 09:31:45 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-22 09:31:45 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-21 14:33:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-22 09:32:28 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-22 09:32:28 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-21 19:47:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-22 08:12:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-21 20:18:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012120090122\index.dat
+ 2009-01-22 08:12:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012220090123\index.dat
- 2009-01-21 19:47:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-22 08:12:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-21 19:47:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-22 08:12:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-21 14:33:56 8,970 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1194267248-1010412562-4272569831-1000_UserData.bin
+ 2009-01-22 09:33:11 8,970 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1194267248-1010412562-4272569831-1000_UserData.bin
- 2009-01-21 14:33:55 72,020 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-22 09:33:11 72,286 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-20 13:02:55 49,150 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-22 08:34:31 50,058 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccf97bc6-be4d-11dd-96dc-001e8c8faa7a}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-22 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-22 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 10:34:06
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5160)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Celkový čas: 2009-01-22 10:35:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-01-22 09:35:05
ComboFix2.txt 2009-01-21 20:08:22
Před spuštěním: Volných bajtů: 164 346 994 688
Po spuštění: Volných bajtů: 164,288,184,320
406 --- E O F --- 2009-01-16 21:28:25
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe
--
End of file - 9599 bytes
Kontrola logu Vyřešeno
Re: Kontrola logu
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
To AVG bych potom reinstaloval.
Application Driver Auto Removal Service --pokud jsi toto sám neinstaloval , udělej toto:
START-spustit-napiš=cmd.exe-dej OK- v dosovém okně vlož myší toto:
sc stop appdrvrem01
sc delete appdrvrem01
exit
Ještě script v CF:
Znovu log z CF a HJT a mělo by to být vše.
//edit:
Odinstaluj též toto:
ICQToolBar
DAEMON Tools Toolbar
Application Driver Auto Removal Service --pokud jsi toto sám neinstaloval , udělej toto:
START-spustit-napiš=cmd.exe-dej OK- v dosovém okně vlož myší toto:
sc stop appdrvrem01
sc delete appdrvrem01
exit
Ještě script v CF:
Kód: Vybrat vše
KillAll::
Driver::
appdrv01
appdrvrem01
File::
C:\Windows\system32\Drivers\appdrv01.sys
C:\WINDOWS\system32\appdrvrem01.exeZnovu log z CF a HJT a mělo by to být vše.
//edit:
Odinstaluj též toto:
ICQToolBar
DAEMON Tools Toolbar
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
mistře ten combofix po tem skriptu furt vyhledává a nechce nic vyhodit píše to max 20 minut a měl sem to tam hodinu tak co teď
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Zkus toto:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Pak stáhni znovu, místo spustit , přetáhni znovu ten script.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Pak stáhni znovu, místo spustit , přetáhni znovu ten script.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Tak Combofix stále nic a skoušel sem reinstalovat to AVG podle toho návodu a to taky nějak nejde
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Měl jsi udělat combofix po odinstalování AVG.
Restartuj PC a drž klávesu F8 a vyber stav nouze.Po náběhu jdi přes START-spustit a zadej combofix.exe .Potvrď a proveď scan , vytvořený log bude zde: C:\Combofix.txt .
Potom restartuj do normálního režimu a proveď script.Vlož sem potom log z CF , nebo oba.
Restartuj PC a drž klávesu F8 a vyber stav nouze.Po náběhu jdi přes START-spustit a zadej combofix.exe .Potvrď a proveď scan , vytvořený log bude zde: C:\Combofix.txt .
Potom restartuj do normálního režimu a proveď script.Vlož sem potom log z CF , nebo oba.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
ComboFix 09-01-21.04 - Roman 2009-01-23 8:35:29.8 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1665 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 07:28 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-22 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 21:57 --------- d-----w c:\program files\AGEIA Technologies
2009-01-22 20:24 --------- d-----w c:\program files\CCleaner
2009-01-22 20:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-22 20:10 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-22 20:10 --------- d-----w c:\program files\Windows Mail
2009-01-22 20:10 --------- d-----w c:\program files\Windows Journal
2009-01-22 20:10 --------- d-----w c:\program files\Windows Defender
2009-01-22 20:10 --------- d-----w c:\program files\Windows Collaboration
2009-01-22 20:10 --------- d-----w c:\program files\Windows Calendar
2009-01-22 20:09 --------- d-----w c:\users\Roman\AppData\Roaming\Vso
2009-01-22 14:32 --------- d-----w c:\program files\Sweet Games
2009-01-22 14:31 --------- d---a-w c:\programdata\TEMP
2009-01-22 14:28 --------- d-----w c:\program files\Oberon Media
2009-01-22 13:49 --------- d-----w c:\programdata\Ubisoft
2009-01-22 13:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:48 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2009-01-22 13:48 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2009-01-22 13:48 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-22 13:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-22 08:29 --------- d-----w c:\programdata\SweetIM
2009-01-22 08:29 --------- d-----w c:\program files\SweetIM
2009-01-21 22:17 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-21 22:16 --------- d-----w c:\programdata\Malwarebytes
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 13:44 316,816 ----a-w c:\windows\System32\appdrvrem01.exe
2009-01-21 13:44 2,997,872 ----a-w c:\windows\system32\drivers\appdrv01.sys
2009-01-20 16:09 --------- d-----w c:\program files\Crawler
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-18 10:07 --------- d-----w c:\program files\FlashGet
2009-01-18 09:19 --------- d-----w c:\program files\Google
2009-01-17 16:51 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2009-01-17 16:51 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-01-17 11:08 --------- d-----w c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 11:07 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:07 --------- d-----w c:\programdata\TuneUp Software
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 17:41 --------- d-----w c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 19:25 --------- d-----w c:\program files\AxBx
2009-01-13 17:02 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-13 16:37 --------- d-----w c:\users\Roman\AppData\Roaming\FSW2
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 19:25 --------- d-----w c:\program files\Common Files\BioWare
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-07 14:32 --------- d-----w c:\programdata\MumboJumbo
2009-01-07 14:28 --------- d-----w c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 12:53 --------- d-----w c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 12:48 --------- d-----w c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 12:22 --------- d-----w c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:22 --------- d-----w c:\programdata\PlayFirst
2009-01-07 11:32 --------- d-----w c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 10:41 --------- d-----w c:\programdata\Playrix Entertainment
2009-01-07 08:27 --------- d-----w c:\users\Roman\AppData\Roaming\XRay Engine
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-01 13:06 8,192 ----a-w c:\windows\system32\drivers\FStarForce.sys
2008-12-28 15:20 --------- d-----w c:\users\Roman\AppData\Roaming\GHISLER
2008-12-27 18:49 --------- d-----w c:\program files\PFConfig
2008-12-24 15:12 --------- d-----w c:\program files\KillProcess
2008-12-24 15:09 --------- d-----w c:\program files\VSO
2008-12-24 14:13 --------- d-----w c:\program files\Quick Uninstaller
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-23 13:51 --------- d-----w c:\users\Roman\AppData\Roaming\qUninst
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{08906F4D-596F-42B3-8B38-5FF58CDD5375}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51B0D4F0-87D4-42D0-82C8-DFCF2249EAEF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0BCE0129-FAA7-422B-A581-8D18634DB44F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{86640EB6-4827-469C-AB4E-470D1C2E988D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D2803575-BC44-43C1-8BE5-1DE5FBC65C48}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{32A3441D-D125-42C3-BB0C-4F5028CCEA5B}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{DAA4F613-6DFB-4EDE-9746-340AA45AFA7E}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{C3288715-62BE-473D-9728-68CD8F770510}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
S1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
S1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-23 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 08:39:24
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(532)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-23 8:40:18
ComboFix-quarantined-files.txt 2009-01-23 07:40:07
Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 190,205,337,600
290 --- E O F --- 2009-01-22 20:16:58
ComboFix 09-01-21.04 - Roman 2009-01-23 8:35:29.8 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1665 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 07:28 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-22 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 21:57 --------- d-----w c:\program files\AGEIA Technologies
2009-01-22 20:24 --------- d-----w c:\program files\CCleaner
2009-01-22 20:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-22 20:10 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-22 20:10 --------- d-----w c:\program files\Windows Mail
2009-01-22 20:10 --------- d-----w c:\program files\Windows Journal
2009-01-22 20:10 --------- d-----w c:\program files\Windows Defender
2009-01-22 20:10 --------- d-----w c:\program files\Windows Collaboration
2009-01-22 20:10 --------- d-----w c:\program files\Windows Calendar
2009-01-22 20:09 --------- d-----w c:\users\Roman\AppData\Roaming\Vso
2009-01-22 14:32 --------- d-----w c:\program files\Sweet Games
2009-01-22 14:31 --------- d---a-w c:\programdata\TEMP
2009-01-22 14:28 --------- d-----w c:\program files\Oberon Media
2009-01-22 13:49 --------- d-----w c:\programdata\Ubisoft
2009-01-22 13:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:48 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2009-01-22 13:48 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2009-01-22 13:48 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-22 13:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-22 08:29 --------- d-----w c:\programdata\SweetIM
2009-01-22 08:29 --------- d-----w c:\program files\SweetIM
2009-01-21 22:17 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-21 22:16 --------- d-----w c:\programdata\Malwarebytes
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 13:44 316,816 ----a-w c:\windows\System32\appdrvrem01.exe
2009-01-21 13:44 2,997,872 ----a-w c:\windows\system32\drivers\appdrv01.sys
2009-01-20 16:09 --------- d-----w c:\program files\Crawler
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-18 10:07 --------- d-----w c:\program files\FlashGet
2009-01-18 09:19 --------- d-----w c:\program files\Google
2009-01-17 16:51 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2009-01-17 16:51 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-01-17 11:08 --------- d-----w c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 11:07 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:07 --------- d-----w c:\programdata\TuneUp Software
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 17:41 --------- d-----w c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 19:25 --------- d-----w c:\program files\AxBx
2009-01-13 17:02 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-13 16:37 --------- d-----w c:\users\Roman\AppData\Roaming\FSW2
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 19:25 --------- d-----w c:\program files\Common Files\BioWare
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-07 14:32 --------- d-----w c:\programdata\MumboJumbo
2009-01-07 14:28 --------- d-----w c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 12:53 --------- d-----w c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 12:48 --------- d-----w c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 12:22 --------- d-----w c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:22 --------- d-----w c:\programdata\PlayFirst
2009-01-07 11:32 --------- d-----w c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 10:41 --------- d-----w c:\programdata\Playrix Entertainment
2009-01-07 08:27 --------- d-----w c:\users\Roman\AppData\Roaming\XRay Engine
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-01 13:06 8,192 ----a-w c:\windows\system32\drivers\FStarForce.sys
2008-12-28 15:20 --------- d-----w c:\users\Roman\AppData\Roaming\GHISLER
2008-12-27 18:49 --------- d-----w c:\program files\PFConfig
2008-12-24 15:12 --------- d-----w c:\program files\KillProcess
2008-12-24 15:09 --------- d-----w c:\program files\VSO
2008-12-24 14:13 --------- d-----w c:\program files\Quick Uninstaller
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-23 13:51 --------- d-----w c:\users\Roman\AppData\Roaming\qUninst
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{08906F4D-596F-42B3-8B38-5FF58CDD5375}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51B0D4F0-87D4-42D0-82C8-DFCF2249EAEF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0BCE0129-FAA7-422B-A581-8D18634DB44F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{86640EB6-4827-469C-AB4E-470D1C2E988D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D2803575-BC44-43C1-8BE5-1DE5FBC65C48}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{32A3441D-D125-42C3-BB0C-4F5028CCEA5B}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{DAA4F613-6DFB-4EDE-9746-340AA45AFA7E}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{C3288715-62BE-473D-9728-68CD8F770510}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
S1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
S1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-23 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 08:39:24
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(532)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-23 8:40:18
ComboFix-quarantined-files.txt 2009-01-23 07:40:07
Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 190,205,337,600
290 --- E O F --- 2009-01-22 20:16:58
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1665 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 07:28 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-22 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 21:57 --------- d-----w c:\program files\AGEIA Technologies
2009-01-22 20:24 --------- d-----w c:\program files\CCleaner
2009-01-22 20:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-22 20:10 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-22 20:10 --------- d-----w c:\program files\Windows Mail
2009-01-22 20:10 --------- d-----w c:\program files\Windows Journal
2009-01-22 20:10 --------- d-----w c:\program files\Windows Defender
2009-01-22 20:10 --------- d-----w c:\program files\Windows Collaboration
2009-01-22 20:10 --------- d-----w c:\program files\Windows Calendar
2009-01-22 20:09 --------- d-----w c:\users\Roman\AppData\Roaming\Vso
2009-01-22 14:32 --------- d-----w c:\program files\Sweet Games
2009-01-22 14:31 --------- d---a-w c:\programdata\TEMP
2009-01-22 14:28 --------- d-----w c:\program files\Oberon Media
2009-01-22 13:49 --------- d-----w c:\programdata\Ubisoft
2009-01-22 13:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:48 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2009-01-22 13:48 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2009-01-22 13:48 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-22 13:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-22 08:29 --------- d-----w c:\programdata\SweetIM
2009-01-22 08:29 --------- d-----w c:\program files\SweetIM
2009-01-21 22:17 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-21 22:16 --------- d-----w c:\programdata\Malwarebytes
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 13:44 316,816 ----a-w c:\windows\System32\appdrvrem01.exe
2009-01-21 13:44 2,997,872 ----a-w c:\windows\system32\drivers\appdrv01.sys
2009-01-20 16:09 --------- d-----w c:\program files\Crawler
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-18 10:07 --------- d-----w c:\program files\FlashGet
2009-01-18 09:19 --------- d-----w c:\program files\Google
2009-01-17 16:51 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2009-01-17 16:51 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-01-17 11:08 --------- d-----w c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 11:07 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:07 --------- d-----w c:\programdata\TuneUp Software
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 17:41 --------- d-----w c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 19:25 --------- d-----w c:\program files\AxBx
2009-01-13 17:02 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-13 16:37 --------- d-----w c:\users\Roman\AppData\Roaming\FSW2
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 19:25 --------- d-----w c:\program files\Common Files\BioWare
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-07 14:32 --------- d-----w c:\programdata\MumboJumbo
2009-01-07 14:28 --------- d-----w c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 12:53 --------- d-----w c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 12:48 --------- d-----w c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 12:22 --------- d-----w c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:22 --------- d-----w c:\programdata\PlayFirst
2009-01-07 11:32 --------- d-----w c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 10:41 --------- d-----w c:\programdata\Playrix Entertainment
2009-01-07 08:27 --------- d-----w c:\users\Roman\AppData\Roaming\XRay Engine
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-01 13:06 8,192 ----a-w c:\windows\system32\drivers\FStarForce.sys
2008-12-28 15:20 --------- d-----w c:\users\Roman\AppData\Roaming\GHISLER
2008-12-27 18:49 --------- d-----w c:\program files\PFConfig
2008-12-24 15:12 --------- d-----w c:\program files\KillProcess
2008-12-24 15:09 --------- d-----w c:\program files\VSO
2008-12-24 14:13 --------- d-----w c:\program files\Quick Uninstaller
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-23 13:51 --------- d-----w c:\users\Roman\AppData\Roaming\qUninst
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{08906F4D-596F-42B3-8B38-5FF58CDD5375}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51B0D4F0-87D4-42D0-82C8-DFCF2249EAEF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0BCE0129-FAA7-422B-A581-8D18634DB44F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{86640EB6-4827-469C-AB4E-470D1C2E988D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D2803575-BC44-43C1-8BE5-1DE5FBC65C48}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{32A3441D-D125-42C3-BB0C-4F5028CCEA5B}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{DAA4F613-6DFB-4EDE-9746-340AA45AFA7E}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{C3288715-62BE-473D-9728-68CD8F770510}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
S1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
S1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-23 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 08:39:24
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(532)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-23 8:40:18
ComboFix-quarantined-files.txt 2009-01-23 07:40:07
Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 190,205,337,600
290 --- E O F --- 2009-01-22 20:16:58
ComboFix 09-01-21.04 - Roman 2009-01-23 8:35:29.8 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1665 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 07:28 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-22 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 21:57 --------- d-----w c:\program files\AGEIA Technologies
2009-01-22 20:24 --------- d-----w c:\program files\CCleaner
2009-01-22 20:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-22 20:10 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-22 20:10 --------- d-----w c:\program files\Windows Mail
2009-01-22 20:10 --------- d-----w c:\program files\Windows Journal
2009-01-22 20:10 --------- d-----w c:\program files\Windows Defender
2009-01-22 20:10 --------- d-----w c:\program files\Windows Collaboration
2009-01-22 20:10 --------- d-----w c:\program files\Windows Calendar
2009-01-22 20:09 --------- d-----w c:\users\Roman\AppData\Roaming\Vso
2009-01-22 14:32 --------- d-----w c:\program files\Sweet Games
2009-01-22 14:31 --------- d---a-w c:\programdata\TEMP
2009-01-22 14:28 --------- d-----w c:\program files\Oberon Media
2009-01-22 13:49 --------- d-----w c:\programdata\Ubisoft
2009-01-22 13:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:48 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2009-01-22 13:48 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2009-01-22 13:48 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-22 13:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-22 08:29 --------- d-----w c:\programdata\SweetIM
2009-01-22 08:29 --------- d-----w c:\program files\SweetIM
2009-01-21 22:17 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-21 22:16 --------- d-----w c:\programdata\Malwarebytes
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 13:44 316,816 ----a-w c:\windows\System32\appdrvrem01.exe
2009-01-21 13:44 2,997,872 ----a-w c:\windows\system32\drivers\appdrv01.sys
2009-01-20 16:09 --------- d-----w c:\program files\Crawler
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-18 10:07 --------- d-----w c:\program files\FlashGet
2009-01-18 09:19 --------- d-----w c:\program files\Google
2009-01-17 16:51 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2009-01-17 16:51 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-01-17 11:08 --------- d-----w c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 11:07 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-17 11:07 --------- d-----w c:\programdata\TuneUp Software
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-14 17:41 --------- d-----w c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 19:25 --------- d-----w c:\program files\AxBx
2009-01-13 17:02 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-13 16:37 --------- d-----w c:\users\Roman\AppData\Roaming\FSW2
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 19:25 --------- d-----w c:\program files\Common Files\BioWare
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-07 14:32 --------- d-----w c:\programdata\MumboJumbo
2009-01-07 14:28 --------- d-----w c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 12:53 --------- d-----w c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 12:48 --------- d-----w c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 12:22 --------- d-----w c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:22 --------- d-----w c:\programdata\PlayFirst
2009-01-07 11:32 --------- d-----w c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 10:41 --------- d-----w c:\programdata\Playrix Entertainment
2009-01-07 08:27 --------- d-----w c:\users\Roman\AppData\Roaming\XRay Engine
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-01 13:06 8,192 ----a-w c:\windows\system32\drivers\FStarForce.sys
2008-12-28 15:20 --------- d-----w c:\users\Roman\AppData\Roaming\GHISLER
2008-12-27 18:49 --------- d-----w c:\program files\PFConfig
2008-12-24 15:12 --------- d-----w c:\program files\KillProcess
2008-12-24 15:09 --------- d-----w c:\program files\VSO
2008-12-24 14:13 --------- d-----w c:\program files\Quick Uninstaller
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-23 13:51 --------- d-----w c:\users\Roman\AppData\Roaming\qUninst
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{08906F4D-596F-42B3-8B38-5FF58CDD5375}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51B0D4F0-87D4-42D0-82C8-DFCF2249EAEF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0BCE0129-FAA7-422B-A581-8D18634DB44F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{86640EB6-4827-469C-AB4E-470D1C2E988D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D2803575-BC44-43C1-8BE5-1DE5FBC65C48}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{32A3441D-D125-42C3-BB0C-4F5028CCEA5B}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{DAA4F613-6DFB-4EDE-9746-340AA45AFA7E}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{C3288715-62BE-473D-9728-68CD8F770510}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
S1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2009-01-21 2997872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
S1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-23 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 08:39:24
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(532)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-23 8:40:18
ComboFix-quarantined-files.txt 2009-01-23 07:40:07
Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 190,205,337,600
290 --- E O F --- 2009-01-22 20:16:58
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
Re: Kontrola logu
Nějak se mě to překleplo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe
--
End of file - 9599 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe
--
End of file - 9599 bytes
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Nějak se to nedaří ten script..a AVG je stále zapnuto.
Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:
po restartu novy log z avengeru, stejne tak si zopakuj Combofix,
Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:
Kód: Vybrat vše
Files to delete:
C:\Windows\system32\Drivers\appdrv01.sys
C:\WINDOWS\system32\appdrvrem01.exe
Drivers to delete:
appdrv01
appdrvrem01
po restartu novy log z avengeru, stejne tak si zopakuj Combofix,
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\Drivers\appdrv01.sys" deleted successfully.
File "C:\WINDOWS\system32\appdrvrem01.exe" deleted successfully.
Driver "appdrv01" deleted successfully.
Driver "appdrvrem01" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
ComboFix 09-01-21.04 - Roman 2009-01-23 9:41:35.8 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1184 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-22 21:24 . 2009-01-22 21:24 <DIR> d-------- c:\program files\CCleaner
2009-01-22 21:11 . 2009-01-22 21:11 653,756 --a------ c:\windows\System32\perfh019.dat
2009-01-22 21:11 . 2009-01-22 21:09 332,666 --a------ c:\windows\System32\perfi019.dat
2009-01-22 21:11 . 2009-01-22 21:11 130,252 --a------ c:\windows\System32\perfc019.dat
2009-01-22 21:11 . 2009-01-22 21:09 38,684 --a------ c:\windows\System32\perfd019.dat
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\System32\ru
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\System32\drivers\ru-RU
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\System32\0419
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\ru-RU
2009-01-22 15:28 . 2009-01-22 15:31 <DIR> d-a------ c:\programdata\TEMP
2009-01-22 15:28 . 2009-01-22 15:32 <DIR> d-------- c:\program files\Sweet Games
2009-01-22 15:28 . 2009-01-22 15:28 <DIR> d-------- c:\program files\Oberon Media
2009-01-22 09:29 . 2009-01-22 09:29 <DIR> d-------- c:\programdata\SweetIM
2009-01-22 09:29 . 2009-01-22 09:29 <DIR> d-------- c:\program files\SweetIM
2009-01-21 23:16 . 2009-01-21 23:16 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-21 23:16 . 2009-01-21 23:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 23:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-21 23:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-21 15:04 . 2009-01-22 22:57 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-21 13:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-21 13:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-21 13:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-21 13:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-21 13:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-21 13:19 . 2009-01-01 14:06 8,192 --a------ c:\windows\System32\drivers\FStarForce.sys
2009-01-21 10:07 . 2000-02-25 12:43 302,592 --a------ c:\windows\mauninst.exe
2009-01-20 17:09 . 2009-01-20 17:09 <DIR> d-------- c:\program files\Crawler
2009-01-18 10:19 . 2009-01-18 10:19 <DIR> d-------- c:\program files\Google
2009-01-17 17:51 . 2009-01-17 17:51 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-17 17:51 . 2009-01-17 17:51 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-17 17:51 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-17 17:51 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-17 12:08 . 2009-01-17 12:08 <DIR> d-------- c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-14 18:41 . 2009-01-14 18:41 <DIR> d-------- c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 18:41 . 2009-01-18 11:07 <DIR> d-------- c:\program files\FlashGet
2009-01-14 03:14 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:25 <DIR> d-------- c:\program files\AxBx
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Common Files\BioWare
2009-01-08 06:34 . 2009-01-13 17:37 <DIR> d-------- c:\users\Roman\AppData\Roaming\FSW2
2009-01-07 15:32 . 2009-01-07 15:32 <DIR> d-------- c:\programdata\MumboJumbo
2009-01-07 15:28 . 2009-01-07 15:28 <DIR> d-------- c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 14:05 . 2009-01-07 14:05 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-01-07 14:04 . 2009-01-07 14:04 <DIR> d-------- c:\windows\My Tribe
2009-01-07 14:02 . 2009-01-07 14:02 <DIR> d-------- c:\windows\Mortimer Beckett and the Time Paradox
2009-01-07 14:01 . 2009-01-07 14:01 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\windows\Jungle Quest
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 13:48 . 2009-01-07 13:48 <DIR> d-------- c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 13:47 . 2009-01-07 13:47 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2009-01-07 13:21 . 2009-01-07 13:21 <DIR> d-------- c:\windows\Herods Lost Tomb
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\programdata\PlayFirst
2009-01-07 12:39 . 2009-01-07 12:39 <DIR> d-------- c:\windows\Fitness Dash
2009-01-07 12:24 . 2009-01-07 12:32 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 11:53 . 2009-01-07 11:53 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2009-01-07 11:41 . 2009-01-07 11:41 <DIR> d-------- c:\programdata\Playrix Entertainment
2009-01-07 11:39 . 2009-01-07 11:39 <DIR> d-------- c:\windows\4 Elements
2009-01-07 09:27 . 2009-01-07 09:27 <DIR> d-------- c:\users\Roman\AppData\Roaming\XRay Engine
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\GHISLER
2008-12-28 16:20 . 2008-12-28 16:22 <DIR> d-------- C:\totalcmd
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\UC.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\RAR.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\LHA.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\ARJ.PIF
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\windows\vbSkinner
2008-12-27 19:46 . 2008-12-27 19:49 <DIR> d-------- c:\program files\PFConfig
2008-12-25 14:22 . 2009-01-03 09:50 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-24 16:09 . 2009-01-22 21:09 <DIR> d-------- c:\users\Roman\AppData\Roaming\Vso
2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\VSO
2008-12-24 15:18 . 2008-12-24 16:12 <DIR> d-------- c:\program files\KillProcess
2008-12-24 13:16 . 2009-01-19 20:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-24 09:24 . 2009-01-13 18:02 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-23 14:51 . 2008-12-23 14:51 <DIR> d-------- c:\users\Roman\AppData\Roaming\qUninst
2008-12-23 14:51 . 2008-12-24 15:13 <DIR> d-------- c:\program files\Quick Uninstaller
2008-12-23 14:51 . 2006-10-13 14:30 198,144 --a------ c:\windows\System32\quApplet.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 07:28 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-22 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 20:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-22 20:10 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-22 20:10 --------- d-----w c:\program files\Windows Mail
2009-01-22 20:10 --------- d-----w c:\program files\Windows Journal
2009-01-22 20:10 --------- d-----w c:\program files\Windows Defender
2009-01-22 20:10 --------- d-----w c:\program files\Windows Collaboration
2009-01-22 20:10 --------- d-----w c:\program files\Windows Calendar
2009-01-22 13:49 --------- d-----w c:\programdata\Ubisoft
2009-01-22 13:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:48 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2009-01-22 13:48 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2009-01-22 13:48 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-22 13:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
2008-12-01 16:11 --------- d-----w c:\programdata\LangSoft
2008-12-01 15:49 --------- d-----w c:\program files\ABC Transdict
2008-12-01 12:59 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-30 07:30 --------- d-----w c:\users\Roman\AppData\Roaming\DAEMON Tools
2008-11-29 22:39 --------- d-----w c:\program files\ZipItFree
2008-11-29 19:26 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-29 09:28 15,261,184 ----a-w c:\users\Roman\jre-6u10-windows-x64.exe
2008-11-24 17:51 --------- d-----w c:\program files\Yahoo!
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 19:14 --------- d-----w c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 12:59 --------- d-----w c:\program files\Trend Micro
2008-11-23 07:17 --------- d-----w c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-18 06:02 901,120 ----a-w c:\windows\TMUninst.exe
2008-11-16 02:49 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{08906F4D-596F-42B3-8B38-5FF58CDD5375}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51B0D4F0-87D4-42D0-82C8-DFCF2249EAEF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0BCE0129-FAA7-422B-A581-8D18634DB44F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{86640EB6-4827-469C-AB4E-470D1C2E988D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D2803575-BC44-43C1-8BE5-1DE5FBC65C48}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{32A3441D-D125-42C3-BB0C-4F5028CCEA5B}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{DAA4F613-6DFB-4EDE-9746-340AA45AFA7E}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{C3288715-62BE-473D-9728-68CD8F770510}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-23 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 09:44:00
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5788)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-23 9:44:54
ComboFix-quarantined-files.txt 2009-01-23 08:44:50
ComboFix2.txt 2009-01-23 07:40:18
Před spuštěním: Volných bajtů: 190 067 380 224
Po spuštění: Volných bajtů: 190,032,732,160
349 --- E O F --- 2009-01-22 20:16:58
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Windows\system32\Drivers\appdrv01.sys" deleted successfully.
File "C:\WINDOWS\system32\appdrvrem01.exe" deleted successfully.
Driver "appdrv01" deleted successfully.
Driver "appdrvrem01" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
ComboFix 09-01-21.04 - Roman 2009-01-23 9:41:35.8 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1029.18.2047.1184 [GMT 1:00]
Spuštěný z: c:\users\Roman\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-23 do 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-22 21:24 . 2009-01-22 21:24 <DIR> d-------- c:\program files\CCleaner
2009-01-22 21:11 . 2009-01-22 21:11 653,756 --a------ c:\windows\System32\perfh019.dat
2009-01-22 21:11 . 2009-01-22 21:09 332,666 --a------ c:\windows\System32\perfi019.dat
2009-01-22 21:11 . 2009-01-22 21:11 130,252 --a------ c:\windows\System32\perfc019.dat
2009-01-22 21:11 . 2009-01-22 21:09 38,684 --a------ c:\windows\System32\perfd019.dat
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\System32\ru
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\System32\drivers\ru-RU
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\System32\0419
2009-01-22 21:10 . 2009-01-22 21:10 <DIR> d-------- c:\windows\ru-RU
2009-01-22 15:28 . 2009-01-22 15:31 <DIR> d-a------ c:\programdata\TEMP
2009-01-22 15:28 . 2009-01-22 15:32 <DIR> d-------- c:\program files\Sweet Games
2009-01-22 15:28 . 2009-01-22 15:28 <DIR> d-------- c:\program files\Oberon Media
2009-01-22 09:29 . 2009-01-22 09:29 <DIR> d-------- c:\programdata\SweetIM
2009-01-22 09:29 . 2009-01-22 09:29 <DIR> d-------- c:\program files\SweetIM
2009-01-21 23:16 . 2009-01-21 23:16 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-21 23:16 . 2009-01-21 23:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 23:16 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-21 23:16 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-21 15:04 . 2009-01-21 15:04 <DIR> d-------- c:\windows\System32\AGEIA
2009-01-21 15:04 . 2009-01-22 22:57 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-21 13:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-01-21 13:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-01-21 13:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-01-21 13:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-01-21 13:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-01-21 13:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-01-21 13:19 . 2009-01-01 14:06 8,192 --a------ c:\windows\System32\drivers\FStarForce.sys
2009-01-21 10:07 . 2000-02-25 12:43 302,592 --a------ c:\windows\mauninst.exe
2009-01-20 17:09 . 2009-01-20 17:09 <DIR> d-------- c:\program files\Crawler
2009-01-18 10:19 . 2009-01-18 10:19 <DIR> d-------- c:\program files\Google
2009-01-17 17:51 . 2009-01-17 17:51 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-17 17:51 . 2009-01-17 17:51 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-17 17:51 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-17 17:51 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-17 12:08 . 2009-01-17 12:08 <DIR> d-------- c:\users\Roman\AppData\Roaming\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-17 12:07 . 2009-01-17 12:07 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-14 18:41 . 2009-01-14 18:41 <DIR> d-------- c:\users\Roman\AppData\Roaming\FlashGet
2009-01-14 18:41 . 2009-01-18 11:07 <DIR> d-------- c:\program files\FlashGet
2009-01-14 03:14 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:25 <DIR> d-------- c:\program files\AxBx
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- c:\program files\Common Files\BioWare
2009-01-08 06:34 . 2009-01-13 17:37 <DIR> d-------- c:\users\Roman\AppData\Roaming\FSW2
2009-01-07 15:32 . 2009-01-07 15:32 <DIR> d-------- c:\programdata\MumboJumbo
2009-01-07 15:28 . 2009-01-07 15:28 <DIR> d-------- c:\users\Roman\AppData\Roaming\SpinTop Games
2009-01-07 14:05 . 2009-01-07 14:05 <DIR> d-------- c:\windows\Mystery P I The New York Fortune
2009-01-07 14:04 . 2009-01-07 14:04 <DIR> d-------- c:\windows\My Tribe
2009-01-07 14:02 . 2009-01-07 14:02 <DIR> d-------- c:\windows\Mortimer Beckett and the Time Paradox
2009-01-07 14:01 . 2009-01-07 14:01 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\windows\Jungle Quest
2009-01-07 13:53 . 2009-01-07 13:53 <DIR> d-------- c:\users\Roman\AppData\Roaming\Friday's games
2009-01-07 13:48 . 2009-01-07 13:48 <DIR> d-------- c:\users\Roman\AppData\Roaming\Home Sweet Home Christmas
2009-01-07 13:47 . 2009-01-07 13:47 <DIR> d-------- c:\windows\Home Sweet Home Christmas Edition
2009-01-07 13:21 . 2009-01-07 13:21 <DIR> d-------- c:\windows\Herods Lost Tomb
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\users\Roman\AppData\Roaming\PlayFirst
2009-01-07 12:48 . 2009-01-07 13:22 <DIR> d-------- c:\programdata\PlayFirst
2009-01-07 12:39 . 2009-01-07 12:39 <DIR> d-------- c:\windows\Fitness Dash
2009-01-07 12:24 . 2009-01-07 12:32 <DIR> d-------- c:\users\Roman\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2009-01-07 11:53 . 2009-01-07 11:53 <DIR> d-------- c:\windows\Ancient Quest of Saqqarah
2009-01-07 11:41 . 2009-01-07 11:41 <DIR> d-------- c:\programdata\Playrix Entertainment
2009-01-07 11:39 . 2009-01-07 11:39 <DIR> d-------- c:\windows\4 Elements
2009-01-07 09:27 . 2009-01-07 09:27 <DIR> d-------- c:\users\Roman\AppData\Roaming\XRay Engine
2008-12-28 16:20 . 2008-12-28 16:20 <DIR> d-------- c:\users\Roman\AppData\Roaming\GHISLER
2008-12-28 16:20 . 2008-12-28 16:22 <DIR> d-------- C:\totalcmd
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\UC.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\RAR.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\LHA.PIF
2008-12-28 16:20 . 2007-09-05 07:02 545 --a------ c:\windows\ARJ.PIF
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\windows\vbSkinner
2008-12-27 19:46 . 2008-12-27 19:49 <DIR> d-------- c:\program files\PFConfig
2008-12-25 14:22 . 2009-01-03 09:50 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-24 16:09 . 2009-01-22 21:09 <DIR> d-------- c:\users\Roman\AppData\Roaming\Vso
2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\VSO
2008-12-24 15:18 . 2008-12-24 16:12 <DIR> d-------- c:\program files\KillProcess
2008-12-24 13:16 . 2009-01-19 20:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-24 09:24 . 2009-01-13 18:02 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-23 14:51 . 2008-12-23 14:51 <DIR> d-------- c:\users\Roman\AppData\Roaming\qUninst
2008-12-23 14:51 . 2008-12-24 15:13 <DIR> d-------- c:\program files\Quick Uninstaller
2008-12-23 14:51 . 2006-10-13 14:30 198,144 --a------ c:\windows\System32\quApplet.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 07:28 --------- d-----w c:\users\Roman\AppData\Roaming\uTorrent
2009-01-22 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 20:10 --------- d-----w c:\program files\Windows Sidebar
2009-01-22 20:10 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-22 20:10 --------- d-----w c:\program files\Windows Mail
2009-01-22 20:10 --------- d-----w c:\program files\Windows Journal
2009-01-22 20:10 --------- d-----w c:\program files\Windows Defender
2009-01-22 20:10 --------- d-----w c:\program files\Windows Collaboration
2009-01-22 20:10 --------- d-----w c:\program files\Windows Calendar
2009-01-22 13:49 --------- d-----w c:\programdata\Ubisoft
2009-01-22 13:48 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-22 13:48 22,328 ----a-w c:\users\Roman\AppData\Roaming\PnkBstrK.sys
2009-01-22 13:48 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2009-01-22 13:48 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-22 13:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 09:18 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-21 15:30 --------- d-----w c:\program files\Common Files\Adobe
2009-01-19 07:08 --------- d-----w c:\users\Roman\AppData\Roaming\Disney Interactive Studios
2009-01-18 11:30 --------- d-----w c:\users\Roman\AppData\Roaming\Azureus
2009-01-16 07:32 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-15 09:12 --------- d-----w c:\programdata\Electronic Arts
2009-01-12 08:34 4,310 ----a-w c:\windows\System32\ealregsnapshot1.reg
2009-01-09 19:25 --------- d-----w c:\programdata\Media Center Programs
2009-01-09 13:53 --------- d-----w c:\users\Roman\AppData\Roaming\vghd
2009-01-09 13:33 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-09 13:33 --------- d-----w c:\programdata\avg8
2009-01-09 13:32 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-09 13:32 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-06 20:53 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-06 20:53 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-23 14:02 --------- d-----w c:\programdata\NVIDIA
2008-12-18 10:50 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-18 10:50 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-18 10:39 --------- d-----w c:\programdata\Creative Labs
2008-12-18 10:39 --------- d-----w c:\programdata\Creative
2008-12-18 10:39 --------- d-----w c:\program files\Common Files\Creative Labs Shared
2008-12-18 10:38 --------- d--h--w c:\program files\Creative Installation Information
2008-12-18 10:34 --------- d-----w c:\program files\Creative
2008-12-15 19:30 --------- d-----w c:\program files\WallpaperSS
2008-12-15 19:24 --------- d-----w c:\users\Roman\AppData\Roaming\WallpaperSS
2008-12-15 15:50 --------- d-----w c:\program files\IconConverter
2008-12-15 15:38 --------- d-----w c:\users\Roman\AppData\Roaming\aicon
2008-12-14 18:10 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-14 08:33 --------- d-----w c:\program files\VID_0E8F&PID_0012
2008-12-13 10:07 0 ------w c:\users\Roman\jre-6u10-windows-i586-p.exe
2008-12-13 09:59 0 ----a-w c:\users\Roman\jre-6u10-windows-i586-p.exe.bak2
2008-12-13 09:50 --------- d-----w c:\program files\Java
2008-12-13 09:04 --------- d-----w c:\users\Roman\AppData\Roaming\Gearbox Software
2008-12-07 17:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 17:21 --------- d-----w c:\program files\ASUS
2008-12-04 18:07 --------- d-----w c:\program files\OpenAL
2008-12-02 19:43 --------- d-----w c:\program files\LG Soft India
2008-12-01 16:26 --------- d-----w c:\program files\Verdict Free
2008-12-01 16:19 --------- d-----w c:\users\Roman\AppData\Roaming\LangSoft
2008-12-01 16:11 --------- d-----w c:\programdata\LangSoft
2008-12-01 15:49 --------- d-----w c:\program files\ABC Transdict
2008-12-01 12:59 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-30 07:30 --------- d-----w c:\users\Roman\AppData\Roaming\DAEMON Tools
2008-11-29 22:39 --------- d-----w c:\program files\ZipItFree
2008-11-29 19:26 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-29 09:28 15,261,184 ----a-w c:\users\Roman\jre-6u10-windows-x64.exe
2008-11-24 17:51 --------- d-----w c:\program files\Yahoo!
2008-11-24 16:43 --------- d-----w c:\program files\Logitech
2008-11-23 19:14 --------- d-----w c:\users\Roman\AppData\Roaming\Malwarebytes
2008-11-23 12:59 --------- d-----w c:\program files\Trend Micro
2008-11-23 07:17 --------- d-----w c:\users\Roman\AppData\Roaming\Codemasters
2008-11-23 07:12 --------- d-----w c:\users\Roman\AppData\Roaming\InstallShield
2008-11-18 06:02 901,120 ----a-w c:\windows\TMUninst.exe
2008-11-16 02:49 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-12 12:45 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-09-20 17:28 174 --sha-w c:\program files\desktop.ini
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 12:04 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-09 1601304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-01-19 61440]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2007-10-25 c:\windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 c:\windows\System32\Ctxfihlp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-12-02 1126400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-09-19 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7C9FB0D5-47AE-4840-B459-46F2999BE88D}d:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{2A993F01-05B2-4B5B-BC31-40CDC2FC22BB}d:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:d:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{6D8B17CA-DE75-4C7F-866B-ADCEA5072B26}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= UDP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"UDP Query User{16B0A3EB-1FF3-4496-832C-928CAC8A938E}d:\\program files\\ubisoft\\shaun white snowboarding\\shaunwhitesnowboardinggame.exe"= TCP:d:\program files\ubisoft\shaun white snowboarding\shaunwhitesnowboardinggame.exe:ShaunWhiteSnowboardingGame
"{C1CD6B42-7285-4238-A7B0-89289B28D3B3}"= UDP:62966:utorrent
"TCP Query User{C1183000-2ADB-4E0E-AAB0-30F14C9FB941}c:\\program files 2\\utorrent\\utorrent.exe"= UDP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"UDP Query User{8CA04D8A-EA3A-4FB1-A424-45C0FAA3073B}c:\\program files 2\\utorrent\\utorrent.exe"= TCP:c:\program files 2\utorrent\utorrent.exe:µTorrent
"TCP Query User{1671CDED-525B-4514-8A2D-023CC2253C64}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{789ED569-5D1A-421D-923F-AEEC4C34346C}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{26DAA173-67A4-49FD-B3B1-005C482D97EC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3B29F452-D018-459D-8D49-5686FC6C1178}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CA30F773-ADA5-4599-9FC9-3224661C5F27}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= UDP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"UDP Query User{2301DF39-9E95-48D4-9E16-26DA9D548232}d:\\program files\\midway home entertainment\\blacksite area 51\\binaries\\blacksite.exe"= TCP:d:\program files\midway home entertainment\blacksite area 51\binaries\blacksite.exe:Blacksite
"{967CAAA6-EEFF-497C-85A1-9F61C017F1A4}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{B90641A3-BFF6-419B-B3D1-1C427DE04302}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{7BE615A3-5A9E-4C0B-939E-746507AFB429}"= UDP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{C17D58AB-AB9D-4538-AEB8-2F1174EBEAD6}"= TCP:d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{096C8429-0BC0-448F-93C2-574E42DE8CE2}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= UDP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"UDP Query User{029932B5-9FDB-436F-ADE3-7839FBA37B32}d:\\program files\\thq\\fsw ten hammers\\fsw2.exe"= TCP:d:\program files\thq\fsw ten hammers\fsw2.exe:"Full Spectrum Warrrior 2: Ten Hammers" Game
"{F5AF897B-7531-4688-AF05-14758D7B2DFA}"= UDP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{571869D7-A500-4287-9EC6-9DE90060120B}"= TCP:d:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{21C040D1-B371-43BE-8465-6D206A583C37}"= UDP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{B04FC301-2297-4B67-88BB-24EEDE4E9475}"= TCP:d:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{E1856817-D46D-4C26-A1FF-2EBE48F4730C}d:\\program files\\legendary\\binaries\\legendary.exe"= UDP:d:\program files\legendary\binaries\legendary.exe:Legendary
"UDP Query User{8087719F-F4E8-447B-B887-EFB98718D0FF}d:\\program files\\legendary\\binaries\\legendary.exe"= TCP:d:\program files\legendary\binaries\legendary.exe:Legendary
"{5612B105-CA94-4ADD-A58E-AFB4DB9D3247}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{7A937189-3BE5-4613-AC39-BF6EC08FD151}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{08906F4D-596F-42B3-8B38-5FF58CDD5375}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51B0D4F0-87D4-42D0-82C8-DFCF2249EAEF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0BCE0129-FAA7-422B-A581-8D18634DB44F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{86640EB6-4827-469C-AB4E-470D1C2E988D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D2803575-BC44-43C1-8BE5-1DE5FBC65C48}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{32A3441D-D125-42C3-BB0C-4F5028CCEA5B}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{DAA4F613-6DFB-4EDE-9746-340AA45AFA7E}"= UDP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{C3288715-62BE-473D-9728-68CD8F770510}"= TCP:d:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Windows NT Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-09-19 12552]
R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);c:\windows\System32\drivers\pe3aq6eb.sys [2008-04-03 69248]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);c:\windows\System32\drivers\ps7aq6eb.sys [2008-04-03 68744]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-19 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-10-24 107272]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-09-21 72192]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2008-09-17 48128]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [2008-09-19 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [2008-09-19 9856]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-17 603904]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-18 79360]
S3 FStarForce;FStarForce;c:\windows\System32\drivers\FStarForce.sys [2009-01-21 8192]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-12-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-12-02 13312]
S4 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);c:\windows\system32\pr2aq6eb.exe svc --> c:\windows\system32\pr2aq6eb.exe svc [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba6b6f6-8684-11dd-81d4-001e8c8faa7a}]
\shell\AutoRun\command - F:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'
2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
2009-01-23 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 09:44:00
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5788)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
.
Celkový čas: 2009-01-23 9:44:54
ComboFix-quarantined-files.txt 2009-01-23 08:44:50
ComboFix2.txt 2009-01-23 07:40:18
Před spuštěním: Volných bajtů: 190 067 380 224
Po spuštění: Volných bajtů: 190,032,732,160
349 --- E O F --- 2009-01-22 20:16:58
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
O.K., pro příště je tady něco o AVG:
Jak dočasně deaktivovat AVG
http://www.grisoft.cz/faq.num-1064#faq_1064
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Vlož sem ještě nový log z HJT.
Jak dočasně deaktivovat AVG
http://www.grisoft.cz/faq.num-1064#faq_1064
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Vlož sem ještě nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Fakt sem to měl takhle vyplí to AVG akorát ten Avg Firewall sem tam nikde nenašel ale ikona hlásila že je AVG vyplí tak nevím co se dělo už si připadám jak mimoň. Jo a na ikonách zástupců složek se mě objevily místo těch šipek nějaky čtverečky .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe
--
End of file - 9599 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:00, on 23.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows NT Service] Patcher.exe
O4 - HKLM\..\RunServices: [Windows NT Service] Patcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [BitComet] "C:\Program Files 2\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files 2\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe
--
End of file - 9599 bytes
CPU:Intel Core i5-4670
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
GPU: MSI N680GTX-PM2D2GD5
MB: MSI Z87-G45 GAMING - Intel Z87
RAM: Crucial Balistix Tactical 4 X 4GB 1600MHz CL8 BLT2C
Zdroj: Corsair AX850
SSD: Kingston HyperX 3K - 240GB
HDD: WD RED 1TB
OS: Windows 10 Home 64bit
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 75 hostů