Zdravím, mám takový problém: Zapnu PC, ukáže se úvodní obrazovka, načte plocha a všechny programy co se spouštějí (vidím to vedle hodin, postupně to naskakuje), a pak když někam kliknu tak se nic nestane, prostě pc zamrzne (myší normálně jezdím po obrazovce ale když kliknu např. na Start nebo na ikonu na ploše nic se neděje). Musím PC natvrdo vypnout, mačkat F5 a vybrat "Poslední známá funkční konfigurace" a pak PC jede normálně.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:19:51, on 19.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.10:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1089685453
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 7066 bytes
EDIT
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4449
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19.8.2010 15:33:10
mbam-log-2010-08-19 (15-33-10).txt
Typ skenu: Rychlý sken
Skenované objekty: 146693
Uplynulý čas: 5 minuta(y), 35 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Prosím o kontrolu logu
Prosím o kontrolu logu
Notebook: Acer Extensa 5230E
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Problém může být i v HW...
Používáš proxy:
Internet Settings,ProxyServer = 192.168.1.10:3128 ?
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
připoj vše do USB.
Vypni rez. ochranu antiviru.
Stáhni si USBFix
Ukonči všechny procesy , okna a prohlížeče a spusť program.
Klikni na Deletion. Nech program pracovat a program vytvoří log (C:\UsbFix.txt)
Vlož sem prosím celý jeho obsah.
Malwarebytes' Anti-Malware--dej rychlý sken a vlož sem z něj log.
Používáš proxy:
Internet Settings,ProxyServer = 192.168.1.10:3128 ?
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1089685453
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
připoj vše do USB.
Vypni rez. ochranu antiviru.
Stáhni si USBFix
Ukonči všechny procesy , okna a prohlížeče a spusť program.
Klikni na Deletion. Nech program pracovat a program vytvoří log (C:\UsbFix.txt)
Vlož sem prosím celý jeho obsah.
Malwarebytes' Anti-Malware--dej rychlý sken a vlož sem z něj log.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Internet Settings,ProxyServer = 192.168.1.10:3128 nepoužívám.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4449
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19.8.2010 15:33:10
mbam-log-2010-08-19 (15-33-10).txt
Typ skenu: Rychlý sken
Skenované objekty: 146693
Uplynulý čas: 5 minuta(y), 35 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4449
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19.8.2010 15:33:10
mbam-log-2010-08-19 (15-33-10).txt
Typ skenu: Rychlý sken
Skenované objekty: 146693
Uplynulý čas: 5 minuta(y), 35 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Notebook: Acer Extensa 5230E
Re: Prosím o kontrolu logu
############################## | UsbFix 7.020 | [Deletion]
User: Admin (Administrator) # SJ-9F908BE9D907 [ ]
Updated 12/08/10 by El Desaparecido / C_XX
Started at 15:45:57 | 19/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: AMD Athlon(tm) 64 Processor 3500+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: ESET NOD32 Antivirus 4.2 4.2 [(!) Disabled | Updated]
Firewall: Sunbelt Kerio Personal Firewall 4.3.268 T [Enabled]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 50 Gb (2 Mb free - 4%) [SYSTEM] # NTFS
D:\ -> Fixed drive # 183 Gb (71 Mb free - 39%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Fixed drive # 298 Gb (86 Mb free - 29%) [HDD ZALOHA] # NTFS
I:\ -> Removable drive # 7 Gb (5 Mb free - 63%) [] # FAT32
J:\ -> Removable drive # 8 Gb (8 Mb free - 100%) [FLASHKA1] # FAT32
User: Admin (Administrator) # SJ-9F908BE9D907 [ ]
Updated 12/08/10 by El Desaparecido / C_XX
Started at 15:45:57 | 19/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: AMD Athlon(tm) 64 Processor 3500+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: ESET NOD32 Antivirus 4.2 4.2 [(!) Disabled | Updated]
Firewall: Sunbelt Kerio Personal Firewall 4.3.268 T [Enabled]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 50 Gb (2 Mb free - 4%) [SYSTEM] # NTFS
D:\ -> Fixed drive # 183 Gb (71 Mb free - 39%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> Fixed drive # 298 Gb (86 Mb free - 29%) [HDD ZALOHA] # NTFS
I:\ -> Removable drive # 7 Gb (5 Mb free - 63%) [] # FAT32
J:\ -> Removable drive # 8 Gb (8 Mb free - 100%) [FLASHKA1] # FAT32
Notebook: Acer Extensa 5230E
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 10-08-18.03 - Admin 19.08.2010 16:18:57.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Data aplikací\BITS
c:\documents and settings\Admin\Data aplikací\BITS\BITS.ini
c:\windows\regedit.com
c:\windows\system32\systeminfo.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-19 do 2010-08-19 )))))))))))))))))))))))))))))))
.
2010-08-19 13:45 . 2010-08-19 13:45 -------- d-----w- C:\UsbFix
2010-08-16 10:19 . 2010-08-16 10:19 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-08-15 20:52 . 2010-08-15 20:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 20:51 . 2010-08-15 20:51 -------- d-----w- c:\documents and settings\Admin\SystemRequirementsLab
2010-08-06 17:38 . 2010-08-06 18:42 -------- d-----w- c:\program files\IObit
2010-08-06 10:10 . 2010-08-06 10:10 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-08-06 10:04 . 2010-08-06 10:04 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2010-08-06 10:02 . 2010-08-06 10:02 -------- dc-h--w- c:\windows\ie8
2010-08-05 10:55 . 2010-08-05 10:57 9241809 ----a-w- c:\windows\REGBK00.ZIP
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\rundll16.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo1_.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo_1.exe
2010-08-05 10:51 . 2010-08-05 10:51 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-05 10:51 . 2010-08-05 10:51 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-05 10:51 . 2010-08-05 10:51 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-05 10:51 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-08-05 10:51 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-08-05 10:51 . 2010-08-05 10:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-31 10:49 . 2010-08-06 16:47 -------- d-----w- c:\program files\AMR Player
2010-07-31 09:54 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-31 09:54 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-07-31 09:54 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-07-31 09:54 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-31 09:54 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-31 09:53 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2010-07-31 09:53 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-31 09:53 . 2010-07-31 09:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-31 09:31 . 2010-07-31 09:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\program files\Pidgin
2010-07-23 17:54 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-07-23 17:54 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-23 17:54 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-23 17:54 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-23 17:38 . 2010-07-23 17:38 -------- d-----w- c:\program files\BlazeVideo
2010-07-23 17:38 . 2010-07-23 17:38 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-07-23 17:38 . 2010-07-23 17:38 356 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-07-22 11:12 . 2010-07-22 11:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-22 11:12 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-22 11:12 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-07-20 18:17 . 2010-08-06 16:48 -------- d-----w- c:\program files\ExSW Kontakty
2010-07-20 15:07 . 2010-07-20 15:34 127685 ----a-w- c:\windows\hpoins11.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 22:14 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-16 23:15 . 2010-07-13 10:59 -------- d-----w- c:\program files\PokerStars
2010-08-16 10:22 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-08-06 10:53 . 2010-07-19 18:29 249856 ------w- c:\windows\Setup1.exe
2010-08-06 10:52 . 2010-07-19 18:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-31 09:52 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-07-26 08:56 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-22 11:12 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 18:29 . 2010-07-19 18:29 -------- d-----w- c:\program files\Date Cracker 2000
2010-07-17 16:24 . 2010-06-17 15:55 -------- d-----w- c:\program files\Fraps
2010-07-17 10:51 . 2010-07-17 10:51 -------- d-----w- c:\program files\Total Uninstall 5
2010-07-17 08:17 . 2010-06-06 10:55 8112 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-17 07:52 . 2010-07-17 07:52 -------- d-----w- c:\program files\Ubisoft
2010-07-17 07:52 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 12:13 . 2010-07-16 12:13 7168 ----a-w- c:\windows\system32\drivers\ute5nte5.sys
2010-07-16 06:59 . 2010-07-15 15:58 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-07-15 17:20 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-07-15 17:06 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-07-15 16:45 . 2010-07-12 10:38 -------- d-----w- c:\program files\Futuremark
2010-07-15 16:42 . 2010-07-15 16:23 -------- d-----w- c:\program files\VS Revo Group
2010-07-15 16:41 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-07-12 10:41 . 2010-07-12 10:41 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-12 10:41 . 2010-07-12 10:41 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-12 09:25 . 2010-07-12 09:24 -------- d-----w- c:\program files\ICQ7.2
2010-07-10 08:57 . 2010-07-10 08:57 117 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-07-09 07:57 . 2010-07-09 07:56 -------- d-----w- c:\program files\DivX
2010-07-09 07:57 . 2010-07-09 07:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-08 15:04 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-07-08 15:00 . 2010-06-27 08:29 -------- d-----w- c:\program files\AntiTwin
2010-07-08 14:59 . 2010-07-08 12:29 -------- d-----r- c:\program files\Skype
2010-07-08 12:30 . 2010-07-08 12:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-08 12:29 . 2010-07-08 12:29 -------- d-----w- c:\program files\Common Files\Skype
2010-07-07 13:47 . 2010-07-07 07:00 -------- d-----w- c:\program files\CesarFTP
2010-07-06 09:10 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-30 15:34 . 2010-06-30 15:34 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-06-30 15:34 . 2010-06-30 15:23 -------- d-----w- c:\program files\UltraISO
2010-06-27 08:31 . 2010-06-27 08:31 -------- d-----w- c:\program files\jwDuplFiles
2010-06-27 08:13 . 2010-06-27 08:13 -------- d-----w- c:\program files\totalcmd
2010-06-24 15:56 . 2010-06-24 15:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-24 15:56 . 2010-06-24 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-20 18:18 . 2010-06-17 17:48 -------- d-----w- c:\program files\Picasa2
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 12:48 136176 ----atw- c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-07-12 09:24 133368 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [23.7.2010 19:38 94336]
S3 ute5nte5;AVZ Kernel Driver;c:\windows\system32\drivers\ute5nte5.sys [16.7.2010 14:13 7168]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 17:56 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-08-19 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-08-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-06 12:11]
2010-08-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-08-06 09:08]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-06 16:08]
2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{06DF0319-2166-42DB-A142-47A58534ABE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 192.168.1.10:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????3??
IE: ????3??????
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 16:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-19 16:29:21
ComboFix-quarantined-files.txt 2010-08-19 14:29
Před spuštěním: 1 906 622 464
Po spuštění: 1 872 445 440
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=E9ZVFR
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 480532B46B6B669B9DE8B3CCE6EE4A68
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Data aplikací\BITS
c:\documents and settings\Admin\Data aplikací\BITS\BITS.ini
c:\windows\regedit.com
c:\windows\system32\systeminfo.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-19 do 2010-08-19 )))))))))))))))))))))))))))))))
.
2010-08-19 13:45 . 2010-08-19 13:45 -------- d-----w- C:\UsbFix
2010-08-16 10:19 . 2010-08-16 10:19 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-08-15 20:52 . 2010-08-15 20:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 20:51 . 2010-08-15 20:51 -------- d-----w- c:\documents and settings\Admin\SystemRequirementsLab
2010-08-06 17:38 . 2010-08-06 18:42 -------- d-----w- c:\program files\IObit
2010-08-06 10:10 . 2010-08-06 10:10 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-08-06 10:04 . 2010-08-06 10:04 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2010-08-06 10:02 . 2010-08-06 10:02 -------- dc-h--w- c:\windows\ie8
2010-08-05 10:55 . 2010-08-05 10:57 9241809 ----a-w- c:\windows\REGBK00.ZIP
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\rundll16.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo1_.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo_1.exe
2010-08-05 10:51 . 2010-08-05 10:51 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-05 10:51 . 2010-08-05 10:51 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-05 10:51 . 2010-08-05 10:51 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-05 10:51 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-08-05 10:51 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-08-05 10:51 . 2010-08-05 10:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-31 10:49 . 2010-08-06 16:47 -------- d-----w- c:\program files\AMR Player
2010-07-31 09:54 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-31 09:54 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-07-31 09:54 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-07-31 09:54 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-31 09:54 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-31 09:53 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2010-07-31 09:53 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-31 09:53 . 2010-07-31 09:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-31 09:31 . 2010-07-31 09:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\program files\Pidgin
2010-07-23 17:54 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-07-23 17:54 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-23 17:54 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-23 17:54 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-23 17:38 . 2010-07-23 17:38 -------- d-----w- c:\program files\BlazeVideo
2010-07-23 17:38 . 2010-07-23 17:38 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-07-23 17:38 . 2010-07-23 17:38 356 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-07-22 11:12 . 2010-07-22 11:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-22 11:12 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-22 11:12 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-07-20 18:17 . 2010-08-06 16:48 -------- d-----w- c:\program files\ExSW Kontakty
2010-07-20 15:07 . 2010-07-20 15:34 127685 ----a-w- c:\windows\hpoins11.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 22:14 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-16 23:15 . 2010-07-13 10:59 -------- d-----w- c:\program files\PokerStars
2010-08-16 10:22 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-08-06 10:53 . 2010-07-19 18:29 249856 ------w- c:\windows\Setup1.exe
2010-08-06 10:52 . 2010-07-19 18:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-31 09:52 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-07-26 08:56 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-22 11:12 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-19 18:29 . 2010-07-19 18:29 -------- d-----w- c:\program files\Date Cracker 2000
2010-07-17 16:24 . 2010-06-17 15:55 -------- d-----w- c:\program files\Fraps
2010-07-17 10:51 . 2010-07-17 10:51 -------- d-----w- c:\program files\Total Uninstall 5
2010-07-17 08:17 . 2010-06-06 10:55 8112 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-17 07:52 . 2010-07-17 07:52 -------- d-----w- c:\program files\Ubisoft
2010-07-17 07:52 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 12:13 . 2010-07-16 12:13 7168 ----a-w- c:\windows\system32\drivers\ute5nte5.sys
2010-07-16 06:59 . 2010-07-15 15:58 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-07-15 17:20 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-07-15 17:06 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-07-15 16:45 . 2010-07-12 10:38 -------- d-----w- c:\program files\Futuremark
2010-07-15 16:42 . 2010-07-15 16:23 -------- d-----w- c:\program files\VS Revo Group
2010-07-15 16:41 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-07-12 10:41 . 2010-07-12 10:41 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-12 10:41 . 2010-07-12 10:41 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-12 09:25 . 2010-07-12 09:24 -------- d-----w- c:\program files\ICQ7.2
2010-07-10 08:57 . 2010-07-10 08:57 117 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-07-09 07:57 . 2010-07-09 07:56 -------- d-----w- c:\program files\DivX
2010-07-09 07:57 . 2010-07-09 07:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-08 15:04 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-07-08 15:00 . 2010-06-27 08:29 -------- d-----w- c:\program files\AntiTwin
2010-07-08 14:59 . 2010-07-08 12:29 -------- d-----r- c:\program files\Skype
2010-07-08 12:30 . 2010-07-08 12:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-08 12:29 . 2010-07-08 12:29 -------- d-----w- c:\program files\Common Files\Skype
2010-07-07 13:47 . 2010-07-07 07:00 -------- d-----w- c:\program files\CesarFTP
2010-07-06 09:10 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-30 15:34 . 2010-06-30 15:34 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-06-30 15:34 . 2010-06-30 15:23 -------- d-----w- c:\program files\UltraISO
2010-06-27 08:31 . 2010-06-27 08:31 -------- d-----w- c:\program files\jwDuplFiles
2010-06-27 08:13 . 2010-06-27 08:13 -------- d-----w- c:\program files\totalcmd
2010-06-24 15:56 . 2010-06-24 15:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-24 15:56 . 2010-06-24 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-20 18:18 . 2010-06-17 17:48 -------- d-----w- c:\program files\Picasa2
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 12:48 136176 ----atw- c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-07-12 09:24 133368 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [23.7.2010 19:38 94336]
S3 ute5nte5;AVZ Kernel Driver;c:\windows\system32\drivers\ute5nte5.sys [16.7.2010 14:13 7168]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 17:56 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-08-19 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-08-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-06 12:11]
2010-08-07 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-08-06 09:08]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-06 16:08]
2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{06DF0319-2166-42DB-A142-47A58534ABE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 192.168.1.10:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????3??
IE: ????3??????
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 16:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-19 16:29:21
ComboFix-quarantined-files.txt 2010-08-19 14:29
Před spuštěním: 1 906 622 464
Po spuštění: 1 872 445 440
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=E9ZVFR
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 480532B46B6B669B9DE8B3CCE6EE4A68
Notebook: Acer Extensa 5230E
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\drivers\IT9135BDA.sys
c:\windows\system32\drivers\ute5nte5.sys
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Toto otestuj na Virustotal
c:\windows\system32\drivers\IT9135BDA.sys
c:\windows\system32\drivers\ute5nte5.sys
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Pokud tam máš AVZ , odinstaluj-smaž.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\REGBK00.ZIP
c:\windows\VDLL.DLL
c:\windows\system32\drivers\ute5nte5.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat
Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
Driver::
ute5nte5
DDS::
uInternet Settings,ProxyServer = 192.168.1.10:3128
uInternet Settings,ProxyOverride = <local>
IE: ????3??
IE: ????3??????
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Co je to AVZ ?
ComboFix 10-08-18.04 - Admin 19.08.2010 20:59:56.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.467 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
FILE ::
"c:\windows\REGBK00.ZIP"
"c:\windows\system32\drivers\ute5nte5.sys"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\VDLL.DLL"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\REGBK00.ZIP
c:\windows\system32\drivers\ute5nte5.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UTE5NTE5
-------\Service_ute5nte5
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-19 do 2010-08-19 )))))))))))))))))))))))))))))))
.
2010-08-19 13:45 . 2010-08-19 13:45 -------- d-----w- C:\UsbFix
2010-08-16 10:19 . 2010-08-16 10:19 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-08-15 20:52 . 2010-08-15 20:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 20:51 . 2010-08-15 20:51 -------- d-----w- c:\documents and settings\Admin\SystemRequirementsLab
2010-08-06 17:38 . 2010-08-06 18:42 -------- d-----w- c:\program files\IObit
2010-08-06 10:10 . 2010-08-06 10:10 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-08-06 10:04 . 2010-08-06 10:04 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2010-08-06 10:02 . 2010-08-06 10:02 -------- dc-h--w- c:\windows\ie8
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\rundll16.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo1_.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo_1.exe
2010-08-05 10:51 . 2010-08-05 10:51 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-05 10:51 . 2010-08-05 10:51 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-05 10:51 . 2010-08-05 10:51 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-05 10:51 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-08-05 10:51 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-08-05 10:51 . 2010-08-05 10:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-31 10:49 . 2010-08-06 16:47 -------- d-----w- c:\program files\AMR Player
2010-07-31 09:54 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-31 09:54 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-07-31 09:54 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-07-31 09:54 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-31 09:54 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-31 09:53 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2010-07-31 09:53 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-31 09:53 . 2010-07-31 09:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-31 09:31 . 2010-07-31 09:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\program files\Pidgin
2010-07-23 17:54 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-07-23 17:54 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-23 17:54 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-23 17:54 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-23 17:38 . 2010-07-23 17:38 -------- d-----w- c:\program files\BlazeVideo
2010-07-23 17:38 . 2010-07-23 17:38 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-07-23 17:38 . 2010-07-23 17:38 356 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-07-22 11:12 . 2010-07-22 11:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-22 11:12 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-22 11:12 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 14:37 . 2010-08-19 14:37 -------- d-----w- c:\program files\TP-LINK
2010-08-19 14:37 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 22:14 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-16 23:15 . 2010-07-13 10:59 -------- d-----w- c:\program files\PokerStars
2010-08-16 10:22 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-08-06 16:48 . 2010-07-20 18:17 -------- d-----w- c:\program files\ExSW Kontakty
2010-08-06 10:53 . 2010-07-19 18:29 249856 ------w- c:\windows\Setup1.exe
2010-08-06 10:52 . 2010-07-19 18:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-31 09:52 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-07-26 08:56 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-22 11:12 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 15:34 . 2010-07-20 15:07 127685 ----a-w- c:\windows\hpoins11.dat
2010-07-19 18:29 . 2010-07-19 18:29 -------- d-----w- c:\program files\Date Cracker 2000
2010-07-17 16:24 . 2010-06-17 15:55 -------- d-----w- c:\program files\Fraps
2010-07-17 10:51 . 2010-07-17 10:51 -------- d-----w- c:\program files\Total Uninstall 5
2010-07-17 08:17 . 2010-06-06 10:55 8112 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-17 07:52 . 2010-07-17 07:52 -------- d-----w- c:\program files\Ubisoft
2010-07-16 06:59 . 2010-07-15 15:58 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-07-15 17:20 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-07-15 17:06 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-07-15 16:45 . 2010-07-12 10:38 -------- d-----w- c:\program files\Futuremark
2010-07-15 16:42 . 2010-07-15 16:23 -------- d-----w- c:\program files\VS Revo Group
2010-07-15 16:41 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-07-12 10:41 . 2010-07-12 10:41 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-12 10:41 . 2010-07-12 10:41 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-12 09:25 . 2010-07-12 09:24 -------- d-----w- c:\program files\ICQ7.2
2010-07-10 08:57 . 2010-07-10 08:57 117 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-07-09 07:57 . 2010-07-09 07:56 -------- d-----w- c:\program files\DivX
2010-07-09 07:57 . 2010-07-09 07:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-08 15:04 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-07-08 15:00 . 2010-06-27 08:29 -------- d-----w- c:\program files\AntiTwin
2010-07-08 14:59 . 2010-07-08 12:29 -------- d-----r- c:\program files\Skype
2010-07-08 12:29 . 2010-07-08 12:29 -------- d-----w- c:\program files\Common Files\Skype
2010-07-07 13:47 . 2010-07-07 07:00 -------- d-----w- c:\program files\CesarFTP
2010-07-06 09:10 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-30 15:34 . 2010-06-30 15:34 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-06-30 15:34 . 2010-06-30 15:23 -------- d-----w- c:\program files\UltraISO
2010-06-27 08:31 . 2010-06-27 08:31 -------- d-----w- c:\program files\jwDuplFiles
2010-06-27 08:13 . 2010-06-27 08:13 -------- d-----w- c:\program files\totalcmd
2010-06-24 15:56 . 2010-06-24 15:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-24 15:56 . 2010-06-24 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-19_14.25.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-19 19:08 . 2010-08-19 19:08 16384 c:\windows\temp\Perflib_Perfdata_5ac.dat
+ 2010-08-19 14:37 . 2009-07-27 08:47 58208 c:\windows\system32\wsimd.sys
+ 2001-10-25 14:00 . 2010-08-19 14:41 92558 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-06-16 14:02 92558 c:\windows\system32\perfc009.dat
+ 2010-08-19 14:37 . 2009-07-27 08:46 82017 c:\windows\system32\dsaNac.dll
+ 2010-08-19 14:37 . 2009-07-27 08:47 58208 c:\windows\system32\drivers\wsimd.sys
+ 2010-08-19 14:37 . 2009-07-27 08:46 73800 c:\windows\system32\athgina.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 249924 c:\windows\system32\wsimd.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 254022 c:\windows\system32\wsfwDS.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 421984 c:\windows\system32\wgapi.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 356443 c:\windows\system32\wcapiU.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 405504 c:\windows\system32\wcapi.dll
+ 2001-10-25 14:00 . 2010-08-19 14:41 500572 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-06-16 14:02 500572 c:\windows\system32\perfh009.dat
+ 2010-08-19 14:37 . 2009-07-27 08:46 262216 c:\windows\system32\IPTests.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 311390 c:\windows\system32\athcfg20U.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 127079 c:\windows\system32\athcfg20resU.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 127053 c:\windows\system32\athcfg20res.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 237568 c:\windows\system32\athcfg20.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 495700 c:\windows\system32\acs.exe
+ 2010-08-19 14:37 . 2010-08-19 14:37 156672 c:\windows\Installer\1646d6.msi
+ 2010-08-19 14:37 . 2009-07-27 08:46 1269854 c:\windows\system32\dsa.dll
+ 2010-08-19 14:37 . 2009-07-09 10:24 1668352 c:\windows\system32\drivers\athuw.sys
+ 2010-08-19 14:37 . 2009-07-09 10:24 1668352 c:\windows\system32\athuw.sys
+ 2010-08-19 14:37 . 2009-07-08 14:39 1334784 c:\windows\system32\athur.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-07-27 573544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 12:48 136176 ----atw- c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-07-12 09:24 133368 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [19.8.2010 16:37 1668352]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [23.7.2010 19:38 94336]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 17:56 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-08-19 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-08-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-06 12:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{06DF0319-2166-42DB-A142-47A58534ABE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????3??
IE: ????3??????
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 21:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-08-19 21:23:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-19 19:23
ComboFix2.txt 2010-08-19 14:29
Před spuštěním: 1 405 702 144
Po spuštění: 1 374 265 344
Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C53BF4EC6CE9047ACCB39153E13303DE
ComboFix 10-08-18.04 - Admin 19.08.2010 20:59:56.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.467 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
FILE ::
"c:\windows\REGBK00.ZIP"
"c:\windows\system32\drivers\ute5nte5.sys"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\VDLL.DLL"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\REGBK00.ZIP
c:\windows\system32\drivers\ute5nte5.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UTE5NTE5
-------\Service_ute5nte5
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-19 do 2010-08-19 )))))))))))))))))))))))))))))))
.
2010-08-19 13:45 . 2010-08-19 13:45 -------- d-----w- C:\UsbFix
2010-08-16 10:19 . 2010-08-16 10:19 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-08-15 20:52 . 2010-08-15 20:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-15 20:51 . 2010-08-15 20:51 -------- d-----w- c:\documents and settings\Admin\SystemRequirementsLab
2010-08-06 17:38 . 2010-08-06 18:42 -------- d-----w- c:\program files\IObit
2010-08-06 10:10 . 2010-08-06 10:10 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-08-06 10:04 . 2010-08-06 10:04 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2010-08-06 10:02 . 2010-08-06 10:02 -------- dc-h--w- c:\windows\ie8
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\rundll16.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo1_.exe
2010-08-05 10:55 . 2010-08-05 10:55 -------- d---a-w- c:\windows\logo_1.exe
2010-08-05 10:51 . 2010-08-05 10:51 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-05 10:51 . 2010-08-05 10:51 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-05 10:51 . 2010-08-05 10:51 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-05 10:51 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-08-05 10:51 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-08-05 10:51 . 2010-08-05 10:51 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-31 10:49 . 2010-08-06 16:47 -------- d-----w- c:\program files\AMR Player
2010-07-31 09:54 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-31 09:54 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-07-31 09:54 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-07-31 09:54 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-31 09:54 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-31 09:53 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2010-07-31 09:53 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-31 09:53 . 2010-07-31 09:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-31 09:31 . 2010-07-31 09:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-30 09:54 . 2010-07-30 09:54 -------- d-----w- c:\program files\Pidgin
2010-07-23 17:54 . 2008-04-14 05:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-07-23 17:54 . 2008-04-14 05:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-23 17:54 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-23 17:54 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-23 17:54 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-23 17:38 . 2010-07-23 17:38 -------- d-----w- c:\program files\BlazeVideo
2010-07-23 17:38 . 2010-07-23 17:38 94336 ----a-w- c:\windows\system32\drivers\IT9135BDA.sys
2010-07-23 17:38 . 2010-07-23 17:38 356 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-07-22 11:12 . 2010-07-22 11:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-22 11:12 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-07-22 11:12 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 14:37 . 2010-08-19 14:37 -------- d-----w- c:\program files\TP-LINK
2010-08-19 14:37 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 22:14 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-08-16 23:15 . 2010-07-13 10:59 -------- d-----w- c:\program files\PokerStars
2010-08-16 10:22 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-08-06 16:48 . 2010-07-20 18:17 -------- d-----w- c:\program files\ExSW Kontakty
2010-08-06 10:53 . 2010-07-19 18:29 249856 ------w- c:\windows\Setup1.exe
2010-08-06 10:52 . 2010-07-19 18:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-31 09:52 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-07-26 08:56 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-07-22 11:12 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 15:34 . 2010-07-20 15:07 127685 ----a-w- c:\windows\hpoins11.dat
2010-07-19 18:29 . 2010-07-19 18:29 -------- d-----w- c:\program files\Date Cracker 2000
2010-07-17 16:24 . 2010-06-17 15:55 -------- d-----w- c:\program files\Fraps
2010-07-17 10:51 . 2010-07-17 10:51 -------- d-----w- c:\program files\Total Uninstall 5
2010-07-17 08:17 . 2010-06-06 10:55 8112 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-17 07:52 . 2010-07-17 07:52 -------- d-----w- c:\program files\Ubisoft
2010-07-16 06:59 . 2010-07-15 15:58 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2010-07-15 17:20 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-07-15 17:06 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-07-15 16:45 . 2010-07-12 10:38 -------- d-----w- c:\program files\Futuremark
2010-07-15 16:42 . 2010-07-15 16:23 -------- d-----w- c:\program files\VS Revo Group
2010-07-15 16:41 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-07-12 10:41 . 2010-07-12 10:41 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-12 10:41 . 2010-07-12 10:41 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-12 09:25 . 2010-07-12 09:24 -------- d-----w- c:\program files\ICQ7.2
2010-07-10 08:57 . 2010-07-10 08:57 117 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-07-09 07:57 . 2010-07-09 07:56 -------- d-----w- c:\program files\DivX
2010-07-09 07:57 . 2010-07-09 07:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-08 15:04 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-07-08 15:00 . 2010-06-27 08:29 -------- d-----w- c:\program files\AntiTwin
2010-07-08 14:59 . 2010-07-08 12:29 -------- d-----r- c:\program files\Skype
2010-07-08 12:29 . 2010-07-08 12:29 -------- d-----w- c:\program files\Common Files\Skype
2010-07-07 13:47 . 2010-07-07 07:00 -------- d-----w- c:\program files\CesarFTP
2010-07-06 09:10 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-30 15:34 . 2010-06-30 15:34 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-06-30 15:34 . 2010-06-30 15:23 -------- d-----w- c:\program files\UltraISO
2010-06-27 08:31 . 2010-06-27 08:31 -------- d-----w- c:\program files\jwDuplFiles
2010-06-27 08:13 . 2010-06-27 08:13 -------- d-----w- c:\program files\totalcmd
2010-06-24 15:56 . 2010-06-24 15:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-24 15:56 . 2010-06-24 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-19_14.25.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-19 19:08 . 2010-08-19 19:08 16384 c:\windows\temp\Perflib_Perfdata_5ac.dat
+ 2010-08-19 14:37 . 2009-07-27 08:47 58208 c:\windows\system32\wsimd.sys
+ 2001-10-25 14:00 . 2010-08-19 14:41 92558 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-06-16 14:02 92558 c:\windows\system32\perfc009.dat
+ 2010-08-19 14:37 . 2009-07-27 08:46 82017 c:\windows\system32\dsaNac.dll
+ 2010-08-19 14:37 . 2009-07-27 08:47 58208 c:\windows\system32\drivers\wsimd.sys
+ 2010-08-19 14:37 . 2009-07-27 08:46 73800 c:\windows\system32\athgina.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 249924 c:\windows\system32\wsimd.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 254022 c:\windows\system32\wsfwDS.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 421984 c:\windows\system32\wgapi.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 356443 c:\windows\system32\wcapiU.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 405504 c:\windows\system32\wcapi.dll
+ 2001-10-25 14:00 . 2010-08-19 14:41 500572 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-06-16 14:02 500572 c:\windows\system32\perfh009.dat
+ 2010-08-19 14:37 . 2009-07-27 08:46 262216 c:\windows\system32\IPTests.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 311390 c:\windows\system32\athcfg20U.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 127079 c:\windows\system32\athcfg20resU.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 127053 c:\windows\system32\athcfg20res.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 237568 c:\windows\system32\athcfg20.dll
+ 2010-08-19 14:37 . 2009-07-27 08:46 495700 c:\windows\system32\acs.exe
+ 2010-08-19 14:37 . 2010-08-19 14:37 156672 c:\windows\Installer\1646d6.msi
+ 2010-08-19 14:37 . 2009-07-27 08:46 1269854 c:\windows\system32\dsa.dll
+ 2010-08-19 14:37 . 2009-07-09 10:24 1668352 c:\windows\system32\drivers\athuw.sys
+ 2010-08-19 14:37 . 2009-07-09 10:24 1668352 c:\windows\system32\athuw.sys
+ 2010-08-19 14:37 . 2009-07-08 14:39 1334784 c:\windows\system32\athur.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2009-07-27 573544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 12:48 136176 ----atw- c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-07-12 09:24 133368 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [19.8.2010 16:37 1668352]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [23.7.2010 19:38 94336]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 17:56 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-08-19 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-08-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-06 12:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{06DF0319-2166-42DB-A142-47A58534ABE9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????3??
IE: ????3??????
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 21:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-08-19 21:23:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-19 19:23
ComboFix2.txt 2010-08-19 14:29
Před spuštěním: 1 405 702 144
Po spuštění: 1 374 265 344
Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C53BF4EC6CE9047ACCB39153E13303DE
Notebook: Acer Extensa 5230E
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
AVZ----Program od Kaspersky Labs , neradil Ti ho tady někdo?
Log je OK..
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Vlož nový log z HJT + info o chování PC.
Log je OK..
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Vlož nový log z HJT + info o chování PC.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
AVZ - nevzpomínám si, že by mě ho někdo doporučoval. Jak mám zjistit jestli ho mám v PC? V Přidat nebo odebrat programy nic takového nevidím.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:21:07, on 19.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 6649 bytes
Problém přetrvává.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:21:07, on 19.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 6649 bytes
Problém přetrvává.
Notebook: Acer Extensa 5230E
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 64 hostů