Nedávno jsem byl na vcelku dost velké lan párty a tam nějaké viry zabily 2 PC tak se ptám jestli něco nemám i u sebe??
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:26, on 25.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] "C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [UFDtoGOLaunch] C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0937853578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0937802765
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\windows\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--
End of file - 13799 bytes
Preventivní kontrola po lan party Vyřešeno
Preventivní kontrola po lan party
Nebylo by moudré pobízet ďábla k pokloně.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivní kontrola po lan party
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.
C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
****************************************************************************************************************************************
Máš tam MbAM, aktualizuj ho, spusť a dej mi sem výsledný log.
"Fix checked"):
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.
C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
****************************************************************************************************************************************
Máš tam MbAM, aktualizuj ho, spusť a dej mi sem výsledný log.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Preventivní kontrola po lan party
To UFDtoGOLaunch.exe je program od A-data na moji flashku
Výsledek testu UFDtoGOLaunch.exe
MbAm:
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2498
Windows 5.1.2600 Service Pack 3
25.7.2009 15:03:25
mbam-log-2009-07-25 (15-03-19).txt
Typ skenu: Rychlý sken
Objektu skenováno: 106734
Uplynulý cas: 9 minute(s), 46 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\XML2u (Spyware.OnlineGames) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Documents and Settings\Mous\Data aplikací\Microsoft\profile.dat (Malware.Trace) -> No action taken.
Výsledek testu UFDtoGOLaunch.exe
MbAm:
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2498
Windows 5.1.2600 Service Pack 3
25.7.2009 15:03:25
mbam-log-2009-07-25 (15-03-19).txt
Typ skenu: Rychlý sken
Objektu skenováno: 106734
Uplynulý cas: 9 minute(s), 46 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\XML2u (Spyware.OnlineGames) -> No action taken.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Documents and Settings\Mous\Data aplikací\Microsoft\profile.dat (Malware.Trace) -> No action taken.
Nebylo by moudré pobízet ďábla k pokloně.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivní kontrola po lan party
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Preventivní kontrola po lan party
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2498
Windows 5.1.2600 Service Pack 3
25.7.2009 15:06:08
mbam-log-2009-07-25 (15-06-08).txt
Typ skenu: Rychlý sken
Objektu skenováno: 106734
Uplynulý cas: 9 minute(s), 46 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\XML2u (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Documents and Settings\Mous\Data aplikací\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.
Verze databáze: 2498
Windows 5.1.2600 Service Pack 3
25.7.2009 15:06:08
mbam-log-2009-07-25 (15-06-08).txt
Typ skenu: Rychlý sken
Objektu skenováno: 106734
Uplynulý cas: 9 minute(s), 46 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\XML2u (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Documents and Settings\Mous\Data aplikací\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.
Nebylo by moudré pobízet ďábla k pokloně.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivní kontrola po lan party
Fajn, ještě ComboFix
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Preventivní kontrola po lan party
ComboFix 09-07-24.01 - Mous 25.07.2009 15:19.8.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1481 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2484000404-2799110318-1504964810-1001
c:\windows\clofghls.dll
c:\windows\Installer\17c4d6.msi
c:\windows\Installer\1fab4b3.msi
c:\windows\system32\BReWErS.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-25 do 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 10:20 . 2009-07-25 10:20 -------- d-----w- C:\VideoSec
2009-07-20 22:31 . 2009-07-20 22:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-20 18:18 . 2009-07-21 19:33 -------- d-----w- c:\program files\Trine
2009-07-20 16:09 . 2009-07-20 16:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 16:08 . 2006-10-12 08:40 716800 ----a-w- c:\windows\SysInternals Bluescreen.scr
2009-07-19 17:57 . 2009-07-19 17:58 -------- d-----w- c:\program files\TmNationsForever
2009-07-19 17:51 . 2009-07-19 17:51 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-18 16:57 . 2009-07-18 16:57 -------- d-----w- c:\program files\softendo.com
2009-07-16 07:55 . 2009-07-16 07:56 -------- d-----w- c:\documents and settings\Mous\.borland
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Borland
2009-07-15 08:33 . 2009-07-15 08:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 07:22 . 2009-07-15 07:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-15 07:22 . 2009-07-15 07:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-14 07:41 . 2009-07-15 07:21 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-11 14:41 . 2009-07-11 14:41 -------- d-----w- c:\program files\Lavalys
2009-07-11 09:50 . 2009-07-11 20:00 -------- d-sh--w- C:\Boot
2009-07-04 10:22 . 2009-07-12 17:39 -------- d-----w- c:\windows\system32\oodag
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\program files\OO Software
2009-06-29 15:22 . 2009-07-16 20:33 -------- d-----w- c:\program files\Gish
2009-06-29 12:58 . 2009-07-16 20:00 -------- d-----w- c:\program files\Bridge Building Game
2009-06-29 03:19 . 2009-06-29 03:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-28 16:27 . 2009-06-28 16:27 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-----w- c:\program files\TrueCrypt
2009-06-28 16:14 . 2009-07-16 20:01 -------- d-----w- c:\program files\Hurrican
2009-06-28 15:22 . 2008-04-26 14:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-06-28 15:19 . 2009-07-23 16:30 -------- d-----w- c:\program files\Samurize
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 13:31 . 2008-08-27 17:46 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-07-25 12:58 . 2009-04-06 18:49 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-25 12:58 . 2009-04-06 18:49 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-25 12:46 . 2009-01-06 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 12:26 . 2007-06-04 11:12 -------- d-----w- c:\program files\ESET
2009-07-22 20:26 . 2009-04-24 17:16 -------- d-----w- c:\program files\Pando Networks
2009-07-22 20:00 . 2007-10-19 17:52 -------- d-----w- c:\program files\ElcomSoft
2009-07-21 19:58 . 2007-09-10 15:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 19:33 . 2005-02-27 19:02 -------- d-----w- c:\program files\Steam
2009-07-18 15:33 . 2008-06-07 10:14 -------- d-----w- c:\program files\Warcraft III
2009-07-18 11:29 . 2007-12-12 18:36 -------- d-----w- c:\program files\Ubisoft
2009-07-18 11:28 . 2007-06-03 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 18:23 . 2007-11-25 19:02 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 18:23 . 2007-11-25 19:01 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-07-15 17:05 . 2007-08-30 18:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-13 11:36 . 2009-01-06 14:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-06 14:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 06:59 . 2007-06-30 10:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 17:09 . 2009-05-14 11:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-11 14:49 . 2009-06-01 16:20 -------- d-----w- c:\program files\Garena
2009-07-11 09:18 . 2009-04-15 20:13 -------- d-----w- c:\program files\BestGameEver
2009-07-10 17:35 . 2001-10-25 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-07-10 17:35 . 2001-10-25 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-07-06 10:52 . 2007-06-30 09:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-05 19:06 . 2007-10-20 15:24 -------- d-----w- c:\program files\Free Download Manager
2009-07-04 09:04 . 2009-04-06 18:49 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-04 09:04 . 2009-04-06 18:49 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-01 18:09 . 2008-04-21 12:24 -------- d-----w- c:\program files\Kopie - WoW
2009-06-28 15:22 . 2008-04-04 15:31 -------- d-----w- c:\program files\Stardock
2009-06-28 15:19 . 2007-06-06 12:31 -------- d-----w- c:\program files\iTunes
2009-06-17 13:59 . 2009-06-17 13:58 -------- d-----w- c:\program files\Microsoft
2009-06-17 13:59 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live
2009-06-17 13:57 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-17 13:51 . 2009-06-17 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 13:05 . 2009-06-13 13:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-13 13:05 . 2008-11-12 14:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 13:00 . 2009-06-13 13:00 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-13 12:48 . 2008-11-12 14:01 -------- d-----w- c:\program files\Nokia
2009-06-13 09:29 . 2007-06-04 12:33 -------- d-----w- c:\program files\Activision
2009-06-11 14:30 . 2008-03-23 15:53 -------- d-----w- c:\program files\ICQ6 cz
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 17:24 . 2008-06-22 18:56 106200 -c--a-w- c:\windows\War3Unin.dat
2009-05-30 19:45 . 2007-06-30 10:01 -------- d-----w- c:\program files\Alcohol Soft
2009-05-29 17:59 . 2008-01-09 18:29 -------- d-----w- c:\program files\Guild Wars
2009-05-13 05:05 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 15:54 . 2007-07-11 08:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-03-27 08:03 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2007-12-05 00:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2007-06-28 22:43 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2007-06-03 17:53 457248 -c--a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2005-02-23 23:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2005-02-23 23:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2005-02-23 23:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-26 22:42 . 2007-08-04 09:23 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-06-24 14:12 . 2008-09-08 15:08 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
"Google Update"="c:\documents and settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-23 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"UFDtoGOLaunch"="c:\documents and settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe" [2008-11-13 172032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-4-7 2010624]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-8-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-4-4 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 06:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ProxyShell\\ProxyShell Hide IP\\proxyshell.exe"=
"c:\\Documents and Settings\\Mous\\cgq.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57927:TCP"= 57927:TCP:Pando Media Booster
"57927:UDP"= 57927:UDP:Pando Media Booster
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6.4.2009 20:49 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6.4.2009 20:49 25160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24.10.2008 20:51 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.1.2009 16:08 211216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.1.2009 16:08 19096]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [3.9.2008 14:59 25088]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 18:52 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Mous\LOCALS~1\Temp\QEM23.tmp --> c:\docume~1\Mous\LOCALS~1\Temp\QEM23.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.6.2009 14:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.6.2009 14:49 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 15:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Mous\LOCALS~1\Temp\QEM23.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4EA62B2D878693E4F513F19ADFD2E508F3D636C5ED10C9A0A48B9895A3DE6CF0D97D6E5F7E5274E72A3F061E5B6E85864C11F9FA5DF3DF0B049111A265FA88F427C7B47417E385D627F1EEF3F00EA1F2AFAD8217EFE8D2ACD76A06D9CB4E9BCDDCAF1DA9B5B0860E7431371FB414357E29B063020CDEF4AE4937B2272C746E36E415AC9240215E805EB84AF640D5DC6F05D3927A19B83DC9474E384D617CF37EEF894A16A39115B174F8F9292F9DDB9FD303EB8F854D454F833898624A6B3E0B70FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555A24F91909D8D9D9F55DBFCAC951FE42D02B1AD1AFD43171DFB65D01FA0CCAD344FA4D31613F6F199FB1B356857157F5375E7B513424611D1F8184D3C3A46259133C2F1DAC344E84A3224356DE0CE00A92BD2253EB9D00E278F840C3E99941D5DF15B7665BCE6C879B74F0931EC3AC23DA118ADA36C69200C1BB707DB35F7FD8464073D4002F6EDB583DD95AFAB66B7DC0B4057CD59B7EB2D2A238953F752C03797BEF77789AEC5D140730EE7C00863994FB6FB4E6F0A2A02811CB2E3BEA7F36DCAE02B1DBFEE55644816FC5BC5745ECD084CCA37944FA840185C76D35CA2B95DF4302E4703B734C5AF33409145A9559283374621A21EC86499801D6B959149863BD22F10A5328B163C97899540460847458D452865AD8030660B43F526E56B28FCD3301470279CB565795E73A990C98F03CBF26A1E5D58A690E0D6C5BBB600C749A102751D083A4CD96E1A416A6D045227D3CD0C822C6C8F604B9B2E76BB77AFE40DD1DADA66CAC2FA71E793DE6BB23A5069A836BABEEFF750F7AB09EE55D9EC49CD1AEBCDF74A485FE34B0655386637D1B42A91645FA82F12F8EFB12E03C0CE227DABD60A1A48CECE0819B69329C3FBB1424D51117A6CC987C12A8A31EC59EC4F9CAB4E9E4AE70CC7057C4851358180AA0260A543A02C20C72E6DF66BDBE71EE60B138787ABDFFAFB66F1E0B979EDFE2B4987C9F786E7CD20F8225F433C4181B090AEBB39057B584F1C4CAC6D35E7F655CFB776980634330FC583B090235076A8D71E2999419AA75DF8B05880CBE3ABFEB1BC6D081BBAF5C799A05DA34493A3806DD811066F30ADF3B598987B46E9A3B470B5701BE6B97B33DBDD56BCF91C729BC5A439C9434476926B51A3D94F972BB36F93471AAF81716BDCF49893C2120E13B69FEB2B12714EEF9AFEB20BB79BCF6F7820BF43DB76C8BF4C6D9D50BF2EE8B3F9BA75E0D6E5C9F428150573723C668CB5F2A6477994B3B4402B6613B63F397CAEB9A793B267BB4058DDDEEB984F05673AFCD2CABA662C81B160F8EB932875A4D6375AE5654B4022D9F7053F65C1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
- - - - - - - > 'explorer.exe'(852)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2009-07-25 15:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-25 13:38
Před spuštěním: 7 459 287 040
Po spuštění: 8 028 762 112
406 --- E O F --- 2009-07-20 22:32
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1481 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2484000404-2799110318-1504964810-1001
c:\windows\clofghls.dll
c:\windows\Installer\17c4d6.msi
c:\windows\Installer\1fab4b3.msi
c:\windows\system32\BReWErS.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-25 do 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 10:20 . 2009-07-25 10:20 -------- d-----w- C:\VideoSec
2009-07-20 22:31 . 2009-07-20 22:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-20 18:18 . 2009-07-21 19:33 -------- d-----w- c:\program files\Trine
2009-07-20 16:09 . 2009-07-20 16:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 16:08 . 2006-10-12 08:40 716800 ----a-w- c:\windows\SysInternals Bluescreen.scr
2009-07-19 17:57 . 2009-07-19 17:58 -------- d-----w- c:\program files\TmNationsForever
2009-07-19 17:51 . 2009-07-19 17:51 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-18 16:57 . 2009-07-18 16:57 -------- d-----w- c:\program files\softendo.com
2009-07-16 07:55 . 2009-07-16 07:56 -------- d-----w- c:\documents and settings\Mous\.borland
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Borland
2009-07-15 08:33 . 2009-07-15 08:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 07:22 . 2009-07-15 07:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-15 07:22 . 2009-07-15 07:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-14 07:41 . 2009-07-15 07:21 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-11 14:41 . 2009-07-11 14:41 -------- d-----w- c:\program files\Lavalys
2009-07-11 09:50 . 2009-07-11 20:00 -------- d-sh--w- C:\Boot
2009-07-04 10:22 . 2009-07-12 17:39 -------- d-----w- c:\windows\system32\oodag
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\program files\OO Software
2009-06-29 15:22 . 2009-07-16 20:33 -------- d-----w- c:\program files\Gish
2009-06-29 12:58 . 2009-07-16 20:00 -------- d-----w- c:\program files\Bridge Building Game
2009-06-29 03:19 . 2009-06-29 03:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-28 16:27 . 2009-06-28 16:27 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-----w- c:\program files\TrueCrypt
2009-06-28 16:14 . 2009-07-16 20:01 -------- d-----w- c:\program files\Hurrican
2009-06-28 15:22 . 2008-04-26 14:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-06-28 15:19 . 2009-07-23 16:30 -------- d-----w- c:\program files\Samurize
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 13:31 . 2008-08-27 17:46 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-07-25 12:58 . 2009-04-06 18:49 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-25 12:58 . 2009-04-06 18:49 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-25 12:46 . 2009-01-06 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 12:26 . 2007-06-04 11:12 -------- d-----w- c:\program files\ESET
2009-07-22 20:26 . 2009-04-24 17:16 -------- d-----w- c:\program files\Pando Networks
2009-07-22 20:00 . 2007-10-19 17:52 -------- d-----w- c:\program files\ElcomSoft
2009-07-21 19:58 . 2007-09-10 15:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 19:33 . 2005-02-27 19:02 -------- d-----w- c:\program files\Steam
2009-07-18 15:33 . 2008-06-07 10:14 -------- d-----w- c:\program files\Warcraft III
2009-07-18 11:29 . 2007-12-12 18:36 -------- d-----w- c:\program files\Ubisoft
2009-07-18 11:28 . 2007-06-03 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 18:23 . 2007-11-25 19:02 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 18:23 . 2007-11-25 19:01 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-07-15 17:05 . 2007-08-30 18:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-13 11:36 . 2009-01-06 14:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-06 14:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 06:59 . 2007-06-30 10:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 17:09 . 2009-05-14 11:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-11 14:49 . 2009-06-01 16:20 -------- d-----w- c:\program files\Garena
2009-07-11 09:18 . 2009-04-15 20:13 -------- d-----w- c:\program files\BestGameEver
2009-07-10 17:35 . 2001-10-25 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-07-10 17:35 . 2001-10-25 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-07-06 10:52 . 2007-06-30 09:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-05 19:06 . 2007-10-20 15:24 -------- d-----w- c:\program files\Free Download Manager
2009-07-04 09:04 . 2009-04-06 18:49 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-04 09:04 . 2009-04-06 18:49 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-01 18:09 . 2008-04-21 12:24 -------- d-----w- c:\program files\Kopie - WoW
2009-06-28 15:22 . 2008-04-04 15:31 -------- d-----w- c:\program files\Stardock
2009-06-28 15:19 . 2007-06-06 12:31 -------- d-----w- c:\program files\iTunes
2009-06-17 13:59 . 2009-06-17 13:58 -------- d-----w- c:\program files\Microsoft
2009-06-17 13:59 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live
2009-06-17 13:57 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-17 13:51 . 2009-06-17 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 13:05 . 2009-06-13 13:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-13 13:05 . 2008-11-12 14:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 13:00 . 2009-06-13 13:00 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-13 12:48 . 2008-11-12 14:01 -------- d-----w- c:\program files\Nokia
2009-06-13 09:29 . 2007-06-04 12:33 -------- d-----w- c:\program files\Activision
2009-06-11 14:30 . 2008-03-23 15:53 -------- d-----w- c:\program files\ICQ6 cz
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 17:24 . 2008-06-22 18:56 106200 -c--a-w- c:\windows\War3Unin.dat
2009-05-30 19:45 . 2007-06-30 10:01 -------- d-----w- c:\program files\Alcohol Soft
2009-05-29 17:59 . 2008-01-09 18:29 -------- d-----w- c:\program files\Guild Wars
2009-05-13 05:05 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 15:54 . 2007-07-11 08:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-03-27 08:03 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2007-12-05 00:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2007-06-28 22:43 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2007-06-03 17:53 457248 -c--a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2005-02-23 23:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2005-02-23 23:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2005-02-23 23:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-26 22:42 . 2007-08-04 09:23 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-06-24 14:12 . 2008-09-08 15:08 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
"Google Update"="c:\documents and settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-23 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"UFDtoGOLaunch"="c:\documents and settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe" [2008-11-13 172032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-4-7 2010624]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-8-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-4-4 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 06:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ProxyShell\\ProxyShell Hide IP\\proxyshell.exe"=
"c:\\Documents and Settings\\Mous\\cgq.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57927:TCP"= 57927:TCP:Pando Media Booster
"57927:UDP"= 57927:UDP:Pando Media Booster
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6.4.2009 20:49 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6.4.2009 20:49 25160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24.10.2008 20:51 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.1.2009 16:08 211216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.1.2009 16:08 19096]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [3.9.2008 14:59 25088]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 18:52 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Mous\LOCALS~1\Temp\QEM23.tmp --> c:\docume~1\Mous\LOCALS~1\Temp\QEM23.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.6.2009 14:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.6.2009 14:49 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:52]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 15:30
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Mous\LOCALS~1\Temp\QEM23.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4EA62B2D878693E4F513F19ADFD2E508F3D636C5ED10C9A0A48B9895A3DE6CF0D97D6E5F7E5274E72A3F061E5B6E85864C11F9FA5DF3DF0B049111A265FA88F427C7B47417E385D627F1EEF3F00EA1F2AFAD8217EFE8D2ACD76A06D9CB4E9BCDDCAF1DA9B5B0860E7431371FB414357E29B063020CDEF4AE4937B2272C746E36E415AC9240215E805EB84AF640D5DC6F05D3927A19B83DC9474E384D617CF37EEF894A16A39115B174F8F9292F9DDB9FD303EB8F854D454F833898624A6B3E0B70FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555A24F91909D8D9D9F55DBFCAC951FE42D02B1AD1AFD43171DFB65D01FA0CCAD344FA4D31613F6F199FB1B356857157F5375E7B513424611D1F8184D3C3A46259133C2F1DAC344E84A3224356DE0CE00A92BD2253EB9D00E278F840C3E99941D5DF15B7665BCE6C879B74F0931EC3AC23DA118ADA36C69200C1BB707DB35F7FD8464073D4002F6EDB583DD95AFAB66B7DC0B4057CD59B7EB2D2A238953F752C03797BEF77789AEC5D140730EE7C00863994FB6FB4E6F0A2A02811CB2E3BEA7F36DCAE02B1DBFEE55644816FC5BC5745ECD084CCA37944FA840185C76D35CA2B95DF4302E4703B734C5AF33409145A9559283374621A21EC86499801D6B959149863BD22F10A5328B163C97899540460847458D452865AD8030660B43F526E56B28FCD3301470279CB565795E73A990C98F03CBF26A1E5D58A690E0D6C5BBB600C749A102751D083A4CD96E1A416A6D045227D3CD0C822C6C8F604B9B2E76BB77AFE40DD1DADA66CAC2FA71E793DE6BB23A5069A836BABEEFF750F7AB09EE55D9EC49CD1AEBCDF74A485FE34B0655386637D1B42A91645FA82F12F8EFB12E03C0CE227DABD60A1A48CECE0819B69329C3FBB1424D51117A6CC987C12A8A31EC59EC4F9CAB4E9E4AE70CC7057C4851358180AA0260A543A02C20C72E6DF66BDBE71EE60B138787ABDFFAFB66F1E0B979EDFE2B4987C9F786E7CD20F8225F433C4181B090AEBB39057B584F1C4CAC6D35E7F655CFB776980634330FC583B090235076A8D71E2999419AA75DF8B05880CBE3ABFEB1BC6D081BBAF5C799A05DA34493A3806DD811066F30ADF3B598987B46E9A3B470B5701BE6B97B33DBDD56BCF91C729BC5A439C9434476926B51A3D94F972BB36F93471AAF81716BDCF49893C2120E13B69FEB2B12714EEF9AFEB20BB79BCF6F7820BF43DB76C8BF4C6D9D50BF2EE8B3F9BA75E0D6E5C9F428150573723C668CB5F2A6477994B3B4402B6613B63F397CAEB9A793B267BB4058DDDEEB984F05673AFCD2CABA662C81B160F8EB932875A4D6375AE5654B4022D9F7053F65C1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
- - - - - - - > 'explorer.exe'(852)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2009-07-25 15:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-25 13:38
Před spuštěním: 7 459 287 040
Po spuštění: 8 028 762 112
406 --- E O F --- 2009-07-20 22:32
Nebylo by moudré pobízet ďábla k pokloně.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivní kontrola po lan party
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\system32\d3d9caps.dat
c:\windows\system32\GameMon.des
C:\WINDOWS\system32\GameMon.des.exe
Folder::
c:\program files\DAEMON Tools Toolbar
c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625
DirLook::
C:\Boot
Driver::
GarenaPEngine;GarenaPEngine
GarenaPEngine
nProtect GameGuard Service (npggsvc)
npggsvc
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\system32\d3d9caps.dat
c:\windows\system32\GameMon.des
C:\WINDOWS\system32\GameMon.des.exe
Folder::
c:\program files\DAEMON Tools Toolbar
c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625
DirLook::
C:\Boot
Driver::
GarenaPEngine;GarenaPEngine
GarenaPEngine
nProtect GameGuard Service (npggsvc)
npggsvc
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Preventivní kontrola po lan party
Jsem to spustil vložil ten script a po otočení to napsalo že to vypisuje log a vypisoval se asi 1 hodinu tak jsem to natvrdo otočil a v logu bylo pouze:
ComboFix 09-07-24.01 - Mous 25.07.2009 17:37:40.9.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1483 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Mous\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Mous\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\GameMon.des"
"C:\WINDOWS\system32\GameMon.des.exe"
.
ComboFix 09-07-24.01 - Mous 25.07.2009 17:37:40.9.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1483 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Mous\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Mous\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\GameMon.des"
"C:\WINDOWS\system32\GameMon.des.exe"
.
Nebylo by moudré pobízet ďábla k pokloně.
Re: Preventivní kontrola po lan party
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:46, on 25.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\explorer.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\windows\system32\msiexec.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [UFDtoGOLaunch] C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0937853578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0937802765
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\windows\system32\CF808.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\windows\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--
End of file - 13952 bytes
Scan saved at 18:46:46, on 25.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\explorer.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\windows\system32\msiexec.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:9000/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [UFDtoGOLaunch] C:\Documents and Settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0937853578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0937802765
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\windows\system32\CF808.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\windows\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--
End of file - 13952 bytes
Nebylo by moudré pobízet ďábla k pokloně.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Preventivní kontrola po lan party
Čim víc toho odstraňuje, tím déle to trvá. Třeba ten Gamon, je Spyware, asi ho neodstranil, máš tam Trojana:c:\$recycle.bin , neodstranil ho.....
Musíš to prostě nechat dojít. Doufej, že ti nic tím vypnutím natvrdo nepoškodil.
Odinstaluj starý ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Stáhni si T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš, vol podle návodu co ti napíše.
Stáhni si podle návodu nahoře nový ComboFix, ulož ho na Plochu a přetáhni přes něj ten CFScript.
Musíš to prostě nechat dojít. Doufej, že ti nic tím vypnutím natvrdo nepoškodil.
Odinstaluj starý ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Stáhni si T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš, vol podle návodu co ti napíše.
Stáhni si podle návodu nahoře nový ComboFix, ulož ho na Plochu a přetáhni přes něj ten CFScript.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Preventivní kontrola po lan party
Vůbec se PC nerastartoval a vyplivlo to na mne:
ComboFix 09-07-24.01 - Mous 25.07.2009 19:16.10.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1512 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mous\Plocha\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\GameMon.des"
"c:\windows\system32\GameMon.des.exe"
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-25 do 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 16:41 . 2009-07-25 16:41 -------- d-----w- c:\windows\LastGood
2009-07-25 15:34 . 2009-07-25 15:34 -------- d-----w- c:\windows\35C03C043F1F42C2A989A757EE691F65.TMP
2009-07-25 15:33 . 2007-10-25 13:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2009-07-25 15:33 . 2008-05-22 18:50 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-25 15:33 . 2008-05-22 18:50 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-07-25 15:33 . 2008-05-22 18:50 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-07-25 15:33 . 2008-05-22 18:50 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-25 15:33 . 2008-05-22 18:50 174952 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-25 15:32 . 2009-07-25 15:32 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-25 14:58 . 2009-07-25 14:58 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-07-25 14:57 . 2009-07-25 15:33 -------- d-----w- c:\program files\McAfee
2009-07-25 14:22 . 2009-07-25 14:22 -------- d-----w- c:\program files\Total Uninstall 5
2009-07-25 10:20 . 2009-07-25 10:20 -------- d-----w- C:\VideoSec
2009-07-20 22:31 . 2009-07-20 22:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-20 18:18 . 2009-07-21 19:33 -------- d-----w- c:\program files\Trine
2009-07-20 16:09 . 2009-07-20 16:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 16:08 . 2006-10-12 08:40 716800 ----a-w- c:\windows\SysInternals Bluescreen.scr
2009-07-19 17:57 . 2009-07-19 17:58 -------- d-----w- c:\program files\TmNationsForever
2009-07-19 17:51 . 2009-07-19 17:51 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-18 16:57 . 2009-07-18 16:57 -------- d-----w- c:\program files\softendo.com
2009-07-16 07:55 . 2009-07-16 07:56 -------- d-----w- c:\documents and settings\Mous\.borland
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Borland
2009-07-15 08:33 . 2009-07-15 08:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 07:22 . 2009-07-15 07:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-14 07:41 . 2009-07-15 07:21 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-11 14:41 . 2009-07-11 14:41 -------- d-----w- c:\program files\Lavalys
2009-07-11 09:50 . 2009-07-11 20:00 -------- d-sh--w- C:\Boot
2009-07-04 10:22 . 2009-07-12 17:39 -------- d-----w- c:\windows\system32\oodag
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\program files\OO Software
2009-06-29 15:22 . 2009-07-16 20:33 -------- d-----w- c:\program files\Gish
2009-06-29 12:58 . 2009-07-16 20:00 -------- d-----w- c:\program files\Bridge Building Game
2009-06-29 03:19 . 2009-06-29 03:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-28 16:27 . 2009-06-28 16:27 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-----w- c:\program files\TrueCrypt
2009-06-28 16:14 . 2009-07-16 20:01 -------- d-----w- c:\program files\Hurrican
2009-06-28 15:22 . 2008-04-26 14:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-06-28 15:19 . 2009-07-23 16:30 -------- d-----w- c:\program files\Samurize
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 16:42 . 2007-06-04 11:12 -------- d-----w- c:\program files\ESET
2009-07-25 16:29 . 2008-08-27 17:46 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-07-25 14:30 . 2007-10-19 17:52 -------- d-----w- c:\program files\ElcomSoft
2009-07-25 14:25 . 2007-06-03 17:54 -------- d-----w- c:\program files\ASUS
2009-07-25 14:25 . 2007-06-03 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 12:58 . 2009-04-06 18:49 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-25 12:58 . 2009-04-06 18:49 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-25 12:46 . 2009-01-06 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 20:26 . 2009-04-24 17:16 -------- d-----w- c:\program files\Pando Networks
2009-07-21 19:58 . 2007-09-10 15:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 19:33 . 2005-02-27 19:02 -------- d-----w- c:\program files\Steam
2009-07-18 15:33 . 2008-06-07 10:14 -------- d-----w- c:\program files\Warcraft III
2009-07-18 11:29 . 2007-12-12 18:36 -------- d-----w- c:\program files\Ubisoft
2009-07-16 18:23 . 2007-11-25 19:02 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 18:23 . 2007-11-25 19:01 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-07-15 17:05 . 2007-08-30 18:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-13 11:36 . 2009-01-06 14:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-06 14:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 06:59 . 2007-06-30 10:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 14:49 . 2009-06-01 16:20 -------- d-----w- c:\program files\Garena
2009-07-11 09:18 . 2009-04-15 20:13 -------- d-----w- c:\program files\BestGameEver
2009-07-10 17:35 . 2001-10-25 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-07-10 17:35 . 2001-10-25 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-07-06 10:52 . 2007-06-30 09:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-05 19:06 . 2007-10-20 15:24 -------- d-----w- c:\program files\Free Download Manager
2009-07-04 09:04 . 2009-04-06 18:49 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-04 09:04 . 2009-04-06 18:49 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-01 18:09 . 2008-04-21 12:24 -------- d-----w- c:\program files\Kopie - WoW
2009-06-28 15:22 . 2008-04-04 15:31 -------- d-----w- c:\program files\Stardock
2009-06-28 15:19 . 2007-06-06 12:31 -------- d-----w- c:\program files\iTunes
2009-06-17 13:59 . 2009-06-17 13:58 -------- d-----w- c:\program files\Microsoft
2009-06-17 13:59 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live
2009-06-17 13:57 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-17 13:51 . 2009-06-17 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 13:05 . 2009-06-13 13:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-13 13:05 . 2008-11-12 14:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 13:00 . 2009-06-13 13:00 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-13 12:48 . 2008-11-12 14:01 -------- d-----w- c:\program files\Nokia
2009-06-13 09:29 . 2007-06-04 12:33 -------- d-----w- c:\program files\Activision
2009-06-11 14:30 . 2008-03-23 15:53 -------- d-----w- c:\program files\ICQ6 cz
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 17:24 . 2008-06-22 18:56 106200 -c--a-w- c:\windows\War3Unin.dat
2009-05-30 19:45 . 2007-06-30 10:01 -------- d-----w- c:\program files\Alcohol Soft
2009-05-29 17:59 . 2008-01-09 18:29 -------- d-----w- c:\program files\Guild Wars
2009-05-13 05:05 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 15:54 . 2007-07-11 08:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-03-27 08:03 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2007-12-05 00:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2007-06-28 22:43 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2007-06-03 17:53 457248 -c--a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2005-02-23 23:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2005-02-23 23:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2005-02-23 23:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-26 22:42 . 2007-08-04 09:23 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-06-24 14:12 . 2008-09-08 15:08 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Boot ----
2009-07-11 20:00 . 2009-07-11 20:00 0 --sha-w- c:\boot\BCD.LOG1
2009-07-11 20:00 . 2009-07-11 20:00 0 --sha-w- c:\boot\BCD.LOG2
2009-07-11 20:00 . 2009-03-20 15:21 2371360 ----a-w- c:\boot\Fonts\kor_boot.ttf
2009-07-11 20:00 . 2009-03-20 15:21 1984228 ----a-w- c:\boot\Fonts\jpn_boot.ttf
2009-07-11 20:00 . 2009-03-20 15:21 3876772 ----a-w- c:\boot\Fonts\cht_boot.ttf
2009-07-11 20:00 . 2009-03-20 15:21 3694080 ----a-w- c:\boot\Fonts\chs_boot.ttf
2009-07-11 11:29 . 2009-04-21 20:34 43600 ----a-w- c:\boot\cs-CZ\memtest.exe.mui
2009-07-11 09:50 . 2009-07-25 15:49 33792 --sha-w- c:\boot\BCD.LOG
2009-07-11 09:50 . 2009-07-25 15:49 262144 --sha-w- c:\boot\BCD
2009-07-11 09:50 . 2009-03-20 15:21 47452 ----a-w- c:\boot\Fonts\wgl4_boot.ttf
2009-07-11 09:50 . 2009-07-11 20:00 65536 --sha-w- c:\boot\BOOTSTAT.DAT
2009-07-11 09:50 . 2009-04-22 05:23 75344 ----a-w- c:\boot\zh-HK\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 70224 ----a-w- c:\boot\zh-TW\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 87120 ----a-w- c:\boot\tr-TR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 70736 ----a-w- c:\boot\zh-CN\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 87632 ----a-w- c:\boot\sv-SE\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90192 ----a-w- c:\boot\ru-RU\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 89680 ----a-w- c:\boot\pt-PT\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90192 ----a-w- c:\boot\pt-BR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\nl-NL\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\pl-PL\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 88144 ----a-w- c:\boot\nb-NO\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:24 484944 ----a-w- c:\boot\memtest.exe
2009-07-11 09:50 . 2009-04-22 05:23 77904 ----a-w- c:\boot\ko-KR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 74832 ----a-w- c:\boot\ja-JP\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\it-IT\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\hu-HU\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 93776 ----a-w- c:\boot\fr-FR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 89168 ----a-w- c:\boot\fi-FI\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90192 ----a-w- c:\boot\es-ES\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 85072 ----a-w- c:\boot\en-US\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 06:06 43584 ----a-w- c:\boot\en-US\memtest.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 94288 ----a-w- c:\boot\el-GR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 91728 ----a-w- c:\boot\de-DE\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 87632 ----a-w- c:\boot\da-DK\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 89168 ----a-w- c:\boot\cs-CZ\bootmgr.exe.mui
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
"Google Update"="c:\documents and settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-23 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"UFDtoGOLaunch"="c:\documents and settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe" [2008-11-13 172032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-22 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-4-7 2010624]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-8-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-4-4 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 06:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ProxyShell\\ProxyShell Hide IP\\proxyshell.exe"=
"c:\\Documents and Settings\\Mous\\cgq.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57927:TCP"= 57927:TCP:Pando Media Booster
"57927:UDP"= 57927:UDP:Pando Media Booster
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6.4.2009 20:49 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6.4.2009 20:49 25160]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.1.2009 16:08 211216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.1.2009 16:08 19096]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [3.9.2008 14:59 25088]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 18:52 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.6.2009 14:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.6.2009 14:49 8320]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 15:02]
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 2
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4EA62B2D878693E4F513F19ADFD2E508F3D636C5ED10C9A0A48B9895A3DE6CF0D97D6E5F7E5274E72A3F061E5B6E85864C11F9FA5DF3DF0B049111A265FA88F427C7B47417E385D627F1EEF3F00EA1F2AFAD8217EFE8D2ACD76A06D9CB4E9BCDDCAF1DA9B5B0860E7431371FB414357E29B063020CDEF4AE4937B2272C746E36E415AC9240215E805EB84AF640D5DC6F05D3927A19B83DC9474E384D617CF37EEF894A16A39115B174F8F9292F9DDB9FD303EB8F854D454F833898624A6B3E0B70FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555A24F91909D8D9D9F55DBFCAC951FE42D02B1AD1AFD43171DFB65D01FA0CCAD344FA4D31613F6F199FB1B356857157F5375E7B513424611D1F8184D3C3A46259133C2F1DAC344E84A3224356DE0CE00A92BD2253EB9D00E278F840C3E99941D5DF15B7665BCE6C879B74F0931EC3AC23DA118ADA36C69200C1BB707DB35F7FD8464073D4002F6EDB583DD95AFAB66B7DC0B4057CD59B7EB2D2A238953F752C03797BEF77789AEC5D140730EE7C00863994FB6FB4E6F0A2A02811CB2E3BEA7F36DCAE02B1DBFEE55644816FC5BC5745ECD084CCA37944FA840185C76D35CA2B95DF4302E4703B734C5AF33409145A9559283374621A21EC86499801D6B959149863BD22F10A5328B163C97899540460847458D452865AD8030660B43F526E56B28FCD3301470279CB565795E73A990C98F03CBF26A1E5D58A690E0D6C5BBB600C749A102751D083A4CD96E1A416A6D045227D3CD0C822C6C8F604B9B2E76BB77AFE40DD1DADA66CAC2FA71E793DE6BB23A5069A836BABEEFF750F7AB09EE55D9EC49CD1AEBCDF74A485FE34B0655386637D1B42A91645FA82F12F8EFB12E03C0CE227DABD60A1A48CECE0819B69329C3FBB1424D51117A6CC987C12A8A31EC59EC4F9CAB4E9E4AE70CC7057C4851358180AA0260A543A02C20C72E6DF66BDBE71EE60B138787ABDFFAFB66F1E0B979EDFE2B4987C9F786E7CD20F8225F433C4181B090AEBB39057B584F1C4CAC6D35E7F655CFB776980634330FC583B090235076A8D71E2999419AA75DF8B05880CBE3ABFEB1BC6D081BBAF5C799A05DA34493A3806DD811066F30ADF3B598987B46E9A3B470B5701BE6B97B33DBDD56BCF91C729BC5A439C9434476926B51A3D94F972BB36F93471AAF81716BDCF49893C2120E13B69FEB2B12714EEF9AFEB20BB79BCF6F7820BF43DB76C8BF4C6D9D50BF2EE8B3F9BA75E0D6E5C9F428150573723C668CB5F2A6477994B3B4402B6613B63F397CAEB9A793B267BB4058DDDEEB984F05673AFCD2CABA662C81B160F8EB932875A4D6375AE5654B4022D9F7053F65C1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
- - - - - - - > 'explorer.exe'(368)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-07-25 19:26
ComboFix-quarantined-files.txt 2009-07-25 17:26
Před spuštěním: Volných bajtů: 15 109 775 360
Po spuštění: Volných bajtů: 15 058 731 008
419 --- E O F --- 2009-07-20 22:32
ComboFix 09-07-24.01 - Mous 25.07.2009 19:16.10.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1512 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mous\Plocha\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\GameMon.des"
"c:\windows\system32\GameMon.des.exe"
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-25 do 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 16:41 . 2009-07-25 16:41 -------- d-----w- c:\windows\LastGood
2009-07-25 15:34 . 2009-07-25 15:34 -------- d-----w- c:\windows\35C03C043F1F42C2A989A757EE691F65.TMP
2009-07-25 15:33 . 2007-10-25 13:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2009-07-25 15:33 . 2008-05-22 18:50 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-25 15:33 . 2008-05-22 18:50 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-07-25 15:33 . 2008-05-22 18:50 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-07-25 15:33 . 2008-05-22 18:50 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-25 15:33 . 2008-05-22 18:50 174952 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-25 15:32 . 2009-07-25 15:32 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-25 14:58 . 2009-07-25 14:58 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-07-25 14:57 . 2009-07-25 15:33 -------- d-----w- c:\program files\McAfee
2009-07-25 14:22 . 2009-07-25 14:22 -------- d-----w- c:\program files\Total Uninstall 5
2009-07-25 10:20 . 2009-07-25 10:20 -------- d-----w- C:\VideoSec
2009-07-20 22:31 . 2009-07-20 22:31 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-20 18:18 . 2009-07-21 19:33 -------- d-----w- c:\program files\Trine
2009-07-20 16:09 . 2009-07-20 16:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 16:08 . 2006-10-12 08:40 716800 ----a-w- c:\windows\SysInternals Bluescreen.scr
2009-07-19 17:57 . 2009-07-19 17:58 -------- d-----w- c:\program files\TmNationsForever
2009-07-19 17:51 . 2009-07-19 17:51 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-18 16:57 . 2009-07-18 16:57 -------- d-----w- c:\program files\softendo.com
2009-07-16 07:55 . 2009-07-16 07:56 -------- d-----w- c:\documents and settings\Mous\.borland
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-07-16 07:41 . 2009-07-16 07:41 -------- d-----w- c:\program files\Borland
2009-07-15 08:33 . 2009-07-15 08:33 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 07:22 . 2009-07-15 07:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-14 07:41 . 2009-07-15 07:21 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-11 14:41 . 2009-07-11 14:41 -------- d-----w- c:\program files\Lavalys
2009-07-11 09:50 . 2009-07-11 20:00 -------- d-sh--w- C:\Boot
2009-07-04 10:22 . 2009-07-12 17:39 -------- d-----w- c:\windows\system32\oodag
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\program files\OO Software
2009-06-29 15:22 . 2009-07-16 20:33 -------- d-----w- c:\program files\Gish
2009-06-29 12:58 . 2009-07-16 20:00 -------- d-----w- c:\program files\Bridge Building Game
2009-06-29 03:19 . 2009-06-29 03:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-28 16:27 . 2009-06-28 16:27 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-----w- c:\program files\TrueCrypt
2009-06-28 16:14 . 2009-07-16 20:01 -------- d-----w- c:\program files\Hurrican
2009-06-28 15:22 . 2008-04-26 14:14 42672 ------w- c:\windows\system32\wbsys.dll
2009-06-28 15:19 . 2009-07-23 16:30 -------- d-----w- c:\program files\Samurize
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 16:42 . 2007-06-04 11:12 -------- d-----w- c:\program files\ESET
2009-07-25 16:29 . 2008-08-27 17:46 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-07-25 14:30 . 2007-10-19 17:52 -------- d-----w- c:\program files\ElcomSoft
2009-07-25 14:25 . 2007-06-03 17:54 -------- d-----w- c:\program files\ASUS
2009-07-25 14:25 . 2007-06-03 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 12:58 . 2009-04-06 18:49 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-25 12:58 . 2009-04-06 18:49 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-25 12:46 . 2009-01-06 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 20:26 . 2009-04-24 17:16 -------- d-----w- c:\program files\Pando Networks
2009-07-21 19:58 . 2007-09-10 15:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 19:33 . 2005-02-27 19:02 -------- d-----w- c:\program files\Steam
2009-07-18 15:33 . 2008-06-07 10:14 -------- d-----w- c:\program files\Warcraft III
2009-07-18 11:29 . 2007-12-12 18:36 -------- d-----w- c:\program files\Ubisoft
2009-07-16 18:23 . 2007-11-25 19:02 22328 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 18:23 . 2007-11-25 19:01 103736 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-07-15 17:05 . 2007-08-30 18:57 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-13 11:36 . 2009-01-06 14:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-06 14:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 06:59 . 2007-06-30 10:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-11 14:49 . 2009-06-01 16:20 -------- d-----w- c:\program files\Garena
2009-07-11 09:18 . 2009-04-15 20:13 -------- d-----w- c:\program files\BestGameEver
2009-07-10 17:35 . 2001-10-25 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-07-10 17:35 . 2001-10-25 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-07-06 10:52 . 2007-06-30 09:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-05 19:06 . 2007-10-20 15:24 -------- d-----w- c:\program files\Free Download Manager
2009-07-04 09:04 . 2009-04-06 18:49 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-04 09:04 . 2009-04-06 18:49 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-01 18:09 . 2008-04-21 12:24 -------- d-----w- c:\program files\Kopie - WoW
2009-06-28 15:22 . 2008-04-04 15:31 -------- d-----w- c:\program files\Stardock
2009-06-28 15:19 . 2007-06-06 12:31 -------- d-----w- c:\program files\iTunes
2009-06-17 13:59 . 2009-06-17 13:58 -------- d-----w- c:\program files\Microsoft
2009-06-17 13:59 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live
2009-06-17 13:57 . 2009-06-17 13:57 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-17 13:51 . 2009-06-17 13:51 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 13:05 . 2009-06-13 13:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-13 13:05 . 2008-11-12 14:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 13:00 . 2009-06-13 13:00 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-13 12:48 . 2008-11-12 14:01 -------- d-----w- c:\program files\Nokia
2009-06-13 09:29 . 2007-06-04 12:33 -------- d-----w- c:\program files\Activision
2009-06-11 14:30 . 2008-03-23 15:53 -------- d-----w- c:\program files\ICQ6 cz
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 17:24 . 2008-06-22 18:56 106200 -c--a-w- c:\windows\War3Unin.dat
2009-05-30 19:45 . 2007-06-30 10:01 -------- d-----w- c:\program files\Alcohol Soft
2009-05-29 17:59 . 2008-01-09 18:29 -------- d-----w- c:\program files\Guild Wars
2009-05-13 05:05 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 15:54 . 2007-07-11 08:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-03-27 08:03 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2007-12-05 00:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2007-06-28 22:43 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2007-06-03 17:53 457248 -c--a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2005-02-23 23:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2005-02-23 23:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2005-02-23 23:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2005-02-23 23:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-26 22:42 . 2007-08-04 09:23 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE
2009-06-24 14:12 . 2008-09-08 15:08 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Boot ----
2009-07-11 20:00 . 2009-07-11 20:00 0 --sha-w- c:\boot\BCD.LOG1
2009-07-11 20:00 . 2009-07-11 20:00 0 --sha-w- c:\boot\BCD.LOG2
2009-07-11 20:00 . 2009-03-20 15:21 2371360 ----a-w- c:\boot\Fonts\kor_boot.ttf
2009-07-11 20:00 . 2009-03-20 15:21 1984228 ----a-w- c:\boot\Fonts\jpn_boot.ttf
2009-07-11 20:00 . 2009-03-20 15:21 3876772 ----a-w- c:\boot\Fonts\cht_boot.ttf
2009-07-11 20:00 . 2009-03-20 15:21 3694080 ----a-w- c:\boot\Fonts\chs_boot.ttf
2009-07-11 11:29 . 2009-04-21 20:34 43600 ----a-w- c:\boot\cs-CZ\memtest.exe.mui
2009-07-11 09:50 . 2009-07-25 15:49 33792 --sha-w- c:\boot\BCD.LOG
2009-07-11 09:50 . 2009-07-25 15:49 262144 --sha-w- c:\boot\BCD
2009-07-11 09:50 . 2009-03-20 15:21 47452 ----a-w- c:\boot\Fonts\wgl4_boot.ttf
2009-07-11 09:50 . 2009-07-11 20:00 65536 --sha-w- c:\boot\BOOTSTAT.DAT
2009-07-11 09:50 . 2009-04-22 05:23 75344 ----a-w- c:\boot\zh-HK\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 70224 ----a-w- c:\boot\zh-TW\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 87120 ----a-w- c:\boot\tr-TR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 70736 ----a-w- c:\boot\zh-CN\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 87632 ----a-w- c:\boot\sv-SE\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90192 ----a-w- c:\boot\ru-RU\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 89680 ----a-w- c:\boot\pt-PT\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90192 ----a-w- c:\boot\pt-BR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\nl-NL\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\pl-PL\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 88144 ----a-w- c:\boot\nb-NO\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:24 484944 ----a-w- c:\boot\memtest.exe
2009-07-11 09:50 . 2009-04-22 05:23 77904 ----a-w- c:\boot\ko-KR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 74832 ----a-w- c:\boot\ja-JP\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\it-IT\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90704 ----a-w- c:\boot\hu-HU\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 93776 ----a-w- c:\boot\fr-FR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 89168 ----a-w- c:\boot\fi-FI\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 90192 ----a-w- c:\boot\es-ES\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 85072 ----a-w- c:\boot\en-US\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 06:06 43584 ----a-w- c:\boot\en-US\memtest.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 94288 ----a-w- c:\boot\el-GR\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 91728 ----a-w- c:\boot\de-DE\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 87632 ----a-w- c:\boot\da-DK\bootmgr.exe.mui
2009-07-11 09:50 . 2009-04-22 05:23 89168 ----a-w- c:\boot\cs-CZ\bootmgr.exe.mui
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 15:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
"Google Update"="c:\documents and settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-23 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"UFDtoGOLaunch"="c:\documents and settings\Mous\Data aplikací\CoSoSys\UFDtoGO\UFDtoGOLaunch.exe" [2008-11-13 172032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-04 1793808]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-22 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-4-7 2010624]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-8-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-4-4 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 06:05 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ProxyShell\\ProxyShell Hide IP\\proxyshell.exe"=
"c:\\Documents and Settings\\Mous\\cgq.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57927:TCP"= 57927:TCP:Pando Media Booster
"57927:UDP"= 57927:UDP:Pando Media Booster
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6.4.2009 20:49 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6.4.2009 20:49 25160]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6.1.2009 16:08 211216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6.1.2009 16:08 19096]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [3.9.2008 14:59 25088]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 18:52 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.6.2009 14:49 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.6.2009 14:49 8320]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 15:02]
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.type - 2
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4EA62B2D878693E4F513F19ADFD2E508F3D636C5ED10C9A0A48B9895A3DE6CF0D97D6E5F7E5274E72A3F061E5B6E85864C11F9FA5DF3DF0B049111A265FA88F427C7B47417E385D627F1EEF3F00EA1F2AFAD8217EFE8D2ACD76A06D9CB4E9BCDDCAF1DA9B5B0860E7431371FB414357E29B063020CDEF4AE4937B2272C746E36E415AC9240215E805EB84AF640D5DC6F05D3927A19B83DC9474E384D617CF37EEF894A16A39115B174F8F9292F9DDB9FD303EB8F854D454F833898624A6B3E0B70FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667A2D97226D213B555A24F91909D8D9D9F55DBFCAC951FE42D02B1AD1AFD43171DFB65D01FA0CCAD344FA4D31613F6F199FB1B356857157F5375E7B513424611D1F8184D3C3A46259133C2F1DAC344E84A3224356DE0CE00A92BD2253EB9D00E278F840C3E99941D5DF15B7665BCE6C879B74F0931EC3AC23DA118ADA36C69200C1BB707DB35F7FD8464073D4002F6EDB583DD95AFAB66B7DC0B4057CD59B7EB2D2A238953F752C03797BEF77789AEC5D140730EE7C00863994FB6FB4E6F0A2A02811CB2E3BEA7F36DCAE02B1DBFEE55644816FC5BC5745ECD084CCA37944FA840185C76D35CA2B95DF4302E4703B734C5AF33409145A9559283374621A21EC86499801D6B959149863BD22F10A5328B163C97899540460847458D452865AD8030660B43F526E56B28FCD3301470279CB565795E73A990C98F03CBF26A1E5D58A690E0D6C5BBB600C749A102751D083A4CD96E1A416A6D045227D3CD0C822C6C8F604B9B2E76BB77AFE40DD1DADA66CAC2FA71E793DE6BB23A5069A836BABEEFF750F7AB09EE55D9EC49CD1AEBCDF74A485FE34B0655386637D1B42A91645FA82F12F8EFB12E03C0CE227DABD60A1A48CECE0819B69329C3FBB1424D51117A6CC987C12A8A31EC59EC4F9CAB4E9E4AE70CC7057C4851358180AA0260A543A02C20C72E6DF66BDBE71EE60B138787ABDFFAFB66F1E0B979EDFE2B4987C9F786E7CD20F8225F433C4181B090AEBB39057B584F1C4CAC6D35E7F655CFB776980634330FC583B090235076A8D71E2999419AA75DF8B05880CBE3ABFEB1BC6D081BBAF5C799A05DA34493A3806DD811066F30ADF3B598987B46E9A3B470B5701BE6B97B33DBDD56BCF91C729BC5A439C9434476926B51A3D94F972BB36F93471AAF81716BDCF49893C2120E13B69FEB2B12714EEF9AFEB20BB79BCF6F7820BF43DB76C8BF4C6D9D50BF2EE8B3F9BA75E0D6E5C9F428150573723C668CB5F2A6477994B3B4402B6613B63F397CAEB9A793B267BB4058DDDEEB984F05673AFCD2CABA662C81B160F8EB932875A4D6375AE5654B4022D9F7053F65C1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
- - - - - - - > 'explorer.exe'(368)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-07-25 19:26
ComboFix-quarantined-files.txt 2009-07-25 17:26
Před spuštěním: Volných bajtů: 15 109 775 360
Po spuštění: Volných bajtů: 15 058 731 008
419 --- E O F --- 2009-07-20 22:32
Nebylo by moudré pobízet ďábla k pokloně.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů