prosím o kontrolu logu, pc pořád spouští nějaký ikonky Vyřešeno

[clr.]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:17, on 10.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\přemek\Data aplikací\xmllogon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\přemek\Bluebirds\BlueBirds.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\GamePark2\gpcl.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\přemek\Dokumenty\Stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15788
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [jusched] C:\Documents and Settings\přemek\Data aplikací\xmllogon.exe
O4 - HKLM\..\Run: [\certfont.exe] C:\Documents and Settings\All Users\certfont.exe
O4 - HKLM\..\Run: [\xmllogon.exe] C:\Documents and Settings\přemek\Data aplikací\xmllogon.exe
O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\přemek\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [jusched] C:\Documents and Settings\přemek\Data aplikací\xmllogon.exe
O4 - HKCU\..\Run: [\certfont.exe] C:\Documents and Settings\All Users\certfont.exe
O4 - HKCU\..\Run: [\xmllogon.exe] C:\Documents and Settings\přemek\Data aplikací\xmllogon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CurseClientStartup.ccip (User 'SYSTEM')
O4 - S-1-5-18 Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: CurseClientStartup.ccip (User 'Default user')
O4 - .DEFAULT Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (User 'Default user')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8177 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[clr.]

fcMalwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10.12.2011 23:46:52
mbam-log-2011-12-10 (23-46-52).txt

Typ: Rychlá kontrola
Kontrolované objekty: 169956
Uplynulý čas: 2 minut, 32 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[bledulka]

Ahoj,

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[clr.]

ComboFix 11-12-10.01 - přemek 10.12.2011 23:57:08.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2686 [GMT 1:00]
Spuštěný z: c:\documents and settings\p°emek\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\certfont.exe
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 22:43 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 21:50 . 2011-12-10 21:54 -------- d-----w- c:\program files\UltraGet Video Downloader
2011-12-10 21:45 . 2011-12-10 21:45 63488 ----a-w- c:\documents and settings\přemek\Data aplikací\xmllogon.exe
2011-12-01 01:59 . 2011-12-01 01:59 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-11-26 10:38 . 2011-12-10 22:50 -------- d-----w- c:\program files\Steam
2011-11-26 10:33 . 2011-11-26 10:33 -------- d-----w- c:\documents and settings\přemek\Local Settings\Data aplikací\Skyrim
2011-11-26 10:08 . 2011-11-26 10:56 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-23 18:39 . 2011-11-23 18:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:50 . 2010-06-04 19:18 16608 ----a-w- c:\windows\gdrv.sys
2011-12-08 19:46 . 2010-06-04 20:16 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-08 19:45 . 2010-06-05 09:27 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-08 19:45 . 2010-06-04 20:16 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-08 19:45 . 2010-06-04 20:16 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-28 18:01 . 2010-06-29 05:18 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-06-05 15:47 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-02-24 17:44 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-06-05 15:47 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-06-05 15:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-06-05 15:47 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-06-05 15:47 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-06-05 15:47 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-06-05 15:47 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-06-05 15:47 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-17 15:30 . 2010-12-26 11:27 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-10 14:22 . 2010-06-04 19:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-17 13:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 14:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 14:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 12:25 . 2011-05-10 14:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\přemek\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-14 2969496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-26 1242448]
"jusched"="c:\documents and settings\přemek\Data aplikací\xmllogon.exe" [2011-12-10 63488]
"\xmllogon.exe"="c:\documents and settings\přemek\Data aplikací\xmllogon.exe" [2011-12-10 63488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"\xmllogon.exe"="c:\documents and settings\přemek\Data aplikací\xmllogon.exe" [2011-12-10 63488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2011-8-15 409088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^přemek^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58540:TCP"= 58540:TCP:Pando Media Booster
"58540:UDP"= 58540:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6919:TCP"= 6919:TCP:League of Legends Launcher
"6919:UDP"= 6919:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6935:TCP"= 6935:TCP:League of Legends Launcher
"6935:UDP"= 6935:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"6890:TCP"= 6890:TCP:League of Legends Launcher
"6890:UDP"= 6890:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"6973:TCP"= 6973:TCP:League of Legends Launcher
"6973:UDP"= 6973:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6885:TCP"= 6885:TCP:League of Legends Launcher
"6885:UDP"= 6885:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27.11.2010 14:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27.11.2010 14:34 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.6.2010 7:20 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.2.2011 18:44 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.6.2010 16:47 314456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.6.2010 16:47 20568]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4.6.2010 20:18 68136]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [12.1.2011 16:06 1670016]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7.10.2010 16:36 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [12.1.2011 16:04 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [12.1.2011 16:15 79360]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7.10.2010 16:36 136176]
S3 KMWDFilterV1;KMWDFilterV1;c:\windows\system32\drivers\RPGMOUSEV1.sys [13.8.2010 19:52 18432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.9.2006 22:21 34896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15788
mStart Page = hxxp://home.sweetim.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\přemek\Data aplikací\Mozilla\Firefox\Profiles\ov648w5v.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=15788
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.1&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-\certfont.exe - c:\documents and settings\All Users\certfont.exe
HKLM-Run-\certfont.exe - c:\documents and settings\All Users\certfont.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 00:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-1214440339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f6,bc,1b,0e,b3,af,a4,68,62,d8,a8,c0,93,1b,c5,32,a7,0e,b7,73,dd,
94,f2,12,cf,15,1a,e1,de,39,31,bd,ed,01,2c,f9,22,d1,4c,80,ab,07,4e,4d,92,51,\
"rkeysecu"=hex:cf,f3,4c,22,6a,e9,5b,65,99,b3,2e,96,45,2f,7f,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-12-11 00:10:46
ComboFix-quarantined-files.txt 2011-12-10 23:10
.
Před spuštěním: Volných bajtů: 368 074 280 960
Po spuštění: Volných bajtů: 368 054 571 008
.
- - End Of File - - 19CEED9AD5DB4CEE8999F6FBF3892BE5

[clr.]

Mam za to že počítač je ještě pomalejší při startu ( načítaní windows, plochy ). Při startu také nefunguje ani zvuk

[bledulka]

Otestuj na www.virustotal.com
c:\documents and settings\přemek\Data aplikací\xmllogon.exe

Jdu spát, ráno mrknu.

[clr.]

http://www.virustotal.com/file-scan/rep ... 1323543455

[Žbeky]

Odkazuješ se na test vdownloadersetup.exe a ne xmllogon.exe

[clr.]

ta havět' co tu mam se jmenuje xmllogon.exe, po testování to převezme název vdownloadersetup.exe

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\documents and settings\přemek\Data aplikací\xmllogon.exe

Folder::
c:\documents and settings\All Users\Data aplikací\McAfee

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jusched"=-
"\xmllogon.exe"=-
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\xmllogon.exe"=-

DDS::
uStart Page = hxxp://eu.ask.com/?l=dis&o=15788
mStart Page = hxxp://home.sweetim.com

Firefox::
FF - ProfilePath - c:\documents and settings\přemek\Data aplikací\Mozilla\Firefox\Profiles\ov648w5v.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=15788
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.1&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[clr.]

ComboFix 11-12-10.01 - přemek 11.12.2011 12:49:37.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2503 [GMT 1:00]
Spuštěný z: c:\documents and settings\p°emek\Dokumenty\Sta×enÚ soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\p°emek\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\certfont.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-11 do 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 09:30 . 2011-12-11 09:30 -------- d-----w- c:\windows\system32\xlive
2011-12-11 09:30 . 2011-12-11 09:31 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-12-11 09:28 . 2011-12-11 09:29 -------- d-----w- c:\windows\LastGood
2011-12-11 09:26 . 2011-12-11 09:26 -------- d-----w- c:\program files\Zuxxez
2011-12-10 22:43 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 21:50 . 2011-12-10 21:54 -------- d-----w- c:\program files\UltraGet Video Downloader
2011-12-10 21:45 . 2011-12-10 21:45 63488 ----a-w- c:\documents and settings\přemek\Data aplikací\xmllogon.exe
2011-12-01 01:59 . 2011-12-01 01:59 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-11-26 10:38 . 2011-12-11 07:41 -------- d-----w- c:\program files\Steam
2011-11-26 10:33 . 2011-11-26 10:33 -------- d-----w- c:\documents and settings\přemek\Local Settings\Data aplikací\Skyrim
2011-11-26 10:08 . 2011-11-26 10:56 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-23 18:39 . 2011-11-23 18:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 07:41 . 2010-06-04 19:18 16608 ----a-w- c:\windows\gdrv.sys
2011-12-08 19:46 . 2010-06-04 20:16 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-08 19:45 . 2010-06-05 09:27 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-08 19:45 . 2010-06-04 20:16 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-08 19:45 . 2010-06-04 20:16 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-28 18:01 . 2010-06-29 05:18 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-06-05 15:47 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-02-24 17:44 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-06-05 15:47 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-06-05 15:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-06-05 15:47 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-06-05 15:47 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-06-05 15:47 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-06-05 15:47 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-06-05 15:47 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-17 15:30 . 2010-12-26 11:27 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-10-10 14:22 . 2010-06-04 19:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-17 13:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 14:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 14:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 12:25 . 2011-05-10 14:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-10_23.07.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-11 07:42 . 2011-12-11 07:42 16384 c:\windows\Temp\Perflib_Perfdata_ab0.dat
+ 2010-04-27 13:45 . 2010-04-27 13:45 72856 c:\windows\system32\xliveinstallhost.exe
+ 2001-10-25 14:00 . 2011-12-11 07:46 68510 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2011-12-10 22:54 68510 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2011-12-11 07:46 79202 c:\windows\system32\perfc005.dat
- 2001-10-25 14:00 . 2011-12-10 22:54 79202 c:\windows\system32\perfc005.dat
+ 2011-12-11 09:28 . 2005-12-05 17:07 61136 c:\windows\LastGood\system32\xinput9_1_0.dll
+ 2011-12-11 09:28 . 2007-04-04 17:53 81768 c:\windows\LastGood\system32\xinput1_3.dll
+ 2011-12-11 09:28 . 2006-07-28 08:30 62744 c:\windows\LastGood\system32\xinput1_2.dll
+ 2011-12-11 09:28 . 2006-03-31 11:39 62672 c:\windows\LastGood\system32\xinput1_1.dll
+ 2011-12-11 09:29 . 2010-06-02 03:55 74072 c:\windows\LastGood\system32\XAPOFX1_5.dll
+ 2011-12-11 09:29 . 2010-02-04 09:01 74072 c:\windows\LastGood\system32\XAPOFX1_4.dll
+ 2011-12-11 09:29 . 2009-09-04 16:44 69464 c:\windows\LastGood\system32\XAPOFX1_3.dll
+ 2011-12-11 09:29 . 2008-10-27 09:04 70992 c:\windows\LastGood\system32\XAPOFX1_2.dll
+ 2011-12-11 09:29 . 2008-07-31 09:41 68616 c:\windows\LastGood\system32\XAPOFX1_1.dll
+ 2011-12-11 09:29 . 2008-05-30 13:17 65032 c:\windows\LastGood\system32\XAPOFX1_0.dll
+ 2011-12-11 09:29 . 2010-02-04 09:01 22360 c:\windows\LastGood\system32\X3DAudio1_7.dll
+ 2011-12-11 09:29 . 2009-03-16 13:18 22360 c:\windows\LastGood\system32\X3DAudio1_6.dll
+ 2011-12-11 09:29 . 2008-10-27 09:04 23376 c:\windows\LastGood\system32\X3DAudio1_5.dll
+ 2011-12-11 09:29 . 2008-05-30 13:17 25608 c:\windows\LastGood\system32\X3DAudio1_4.dll
+ 2011-12-11 09:29 . 2008-03-05 15:00 25608 c:\windows\LastGood\system32\X3DAudio1_3.dll
+ 2011-12-11 09:29 . 2007-10-22 02:37 17928 c:\windows\LastGood\system32\x3daudio1_2.dll
+ 2011-12-11 09:28 . 2007-03-05 11:42 15128 c:\windows\LastGood\system32\x3daudio1_1.dll
+ 2011-12-11 09:28 . 2006-02-03 07:41 14032 c:\windows\LastGood\system32\x3daudio1_0.dll
+ 2011-12-11 09:31 . 2011-12-11 09:31 83136 c:\windows\Installer\{F97E3841-CA9D-4964-9D64-26066241D26F}\GameForWindowsLiveDash.exe
- 2011-11-26 10:21 . 2011-11-26 10:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-04-27 13:45 . 2010-04-27 13:45 187544 c:\windows\system32\xliveinstall.dll
+ 2010-04-02 16:17 . 2010-04-02 16:17 140952 c:\windows\system32\xlive\sqmapi.dll
+ 2001-10-25 14:00 . 2011-12-11 07:46 434106 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-12-10 22:54 434106 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2011-12-10 22:54 430908 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2011-12-11 07:46 430908 c:\windows\system32\perfh005.dat
+ 2011-12-11 09:29 . 2010-06-02 03:55 527192 c:\windows\LastGood\system32\XAudio2_7.dll
+ 2011-12-11 09:29 . 2010-02-04 09:01 528216 c:\windows\LastGood\system32\XAudio2_6.dll
+ 2011-12-11 09:29 . 2009-09-04 16:44 515416 c:\windows\LastGood\system32\XAudio2_5.dll
+ 2011-12-11 09:29 . 2009-03-16 13:18 517448 c:\windows\LastGood\system32\XAudio2_4.dll
+ 2011-12-11 09:29 . 2008-10-27 09:04 514384 c:\windows\LastGood\system32\XAudio2_3.dll
+ 2011-12-11 09:29 . 2008-07-31 09:40 509448 c:\windows\LastGood\system32\XAudio2_2.dll
+ 2011-12-11 09:29 . 2008-05-30 13:19 507400 c:\windows\LastGood\system32\XAudio2_1.dll
+ 2011-12-11 09:29 . 2008-03-05 15:03 479752 c:\windows\LastGood\system32\XAudio2_0.dll
+ 2011-12-11 09:29 . 2010-06-02 03:55 239960 c:\windows\LastGood\system32\xactengine3_7.dll
+ 2011-12-11 09:29 . 2010-02-04 09:01 238936 c:\windows\LastGood\system32\xactengine3_6.dll
+ 2011-12-11 09:29 . 2009-09-04 16:44 238936 c:\windows\LastGood\system32\xactengine3_5.dll
+ 2011-12-11 09:29 . 2009-03-16 13:18 235352 c:\windows\LastGood\system32\xactengine3_4.dll
+ 2011-12-11 09:29 . 2008-10-27 09:04 235856 c:\windows\LastGood\system32\xactengine3_3.dll
+ 2011-12-11 09:29 . 2008-07-31 09:41 238088 c:\windows\LastGood\system32\xactengine3_2.dll
+ 2011-12-11 09:29 . 2008-05-30 13:18 238088 c:\windows\LastGood\system32\xactengine3_1.dll
+ 2011-12-11 09:29 . 2008-03-05 15:03 238088 c:\windows\LastGood\system32\xactengine3_0.dll
+ 2011-12-11 09:29 . 2007-07-19 23:57 267112 c:\windows\LastGood\system32\xactengine2_9.dll
+ 2011-12-11 09:29 . 2007-06-20 19:46 266088 c:\windows\LastGood\system32\xactengine2_8.dll
+ 2011-12-11 09:28 . 2007-04-04 17:55 261480 c:\windows\LastGood\system32\xactengine2_7.dll
+ 2011-12-11 09:28 . 2007-01-24 14:27 255848 c:\windows\LastGood\system32\xactengine2_6.dll
+ 2011-12-11 09:28 . 2006-12-08 11:02 251672 c:\windows\LastGood\system32\xactengine2_5.dll
+ 2011-12-11 09:28 . 2006-09-28 15:05 237848 c:\windows\LastGood\system32\xactengine2_4.dll
+ 2011-12-11 09:28 . 2006-07-28 08:30 236824 c:\windows\LastGood\system32\xactengine2_3.dll
+ 2011-12-11 09:28 . 2006-05-31 06:24 230168 c:\windows\LastGood\system32\xactengine2_2.dll
+ 2011-12-11 09:29 . 2007-10-22 02:39 267272 c:\windows\LastGood\system32\xactengine2_10.dll
+ 2011-12-11 09:28 . 2006-03-31 11:39 229584 c:\windows\LastGood\system32\xactengine2_1.dll
+ 2011-12-11 09:28 . 2006-02-03 07:42 230096 c:\windows\LastGood\system32\xactengine2_0.dll
+ 2011-12-11 09:29 . 2010-05-26 10:41 248672 c:\windows\LastGood\system32\d3dx11_43.dll
+ 2011-12-11 09:29 . 2009-09-04 16:29 235344 c:\windows\LastGood\system32\d3dx11_42.dll
+ 2011-12-11 09:29 . 2010-05-26 10:41 470880 c:\windows\LastGood\system32\d3dx10_43.dll
+ 2011-12-11 09:29 . 2009-09-04 16:29 453456 c:\windows\LastGood\system32\d3dx10_42.dll
+ 2011-12-11 09:29 . 2009-03-09 14:27 453456 c:\windows\LastGood\system32\d3dx10_41.dll
+ 2011-12-11 09:29 . 2008-10-15 05:22 452440 c:\windows\LastGood\system32\d3dx10_40.dll
+ 2011-12-11 09:29 . 2008-07-12 07:18 467984 c:\windows\LastGood\system32\d3dx10_39.dll
+ 2011-12-11 09:29 . 2008-05-30 13:11 467984 c:\windows\LastGood\system32\d3dx10_38.dll
+ 2011-12-11 09:29 . 2008-02-05 22:07 462864 c:\windows\LastGood\system32\d3dx10_37.dll
+ 2011-12-11 09:29 . 2007-10-02 08:56 444776 c:\windows\LastGood\system32\d3dx10_36.dll
+ 2011-12-11 09:29 . 2007-07-19 17:14 444776 c:\windows\LastGood\system32\d3dx10_35.dll
+ 2011-12-11 09:29 . 2007-05-16 15:45 443752 c:\windows\LastGood\system32\d3dx10_34.dll
+ 2011-12-11 09:28 . 2007-03-15 15:57 443752 c:\windows\LastGood\system32\d3dx10_33.dll
+ 2011-12-11 09:31 . 2011-12-11 09:31 836608 c:\windows\Installer\63ca8b.msi
+ 2011-12-11 09:30 . 2011-12-11 09:30 847872 c:\windows\Installer\63ca86.msi
+ 2011-12-11 09:28 . 2011-12-11 09:28 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-08-27 14:41 . 2007-08-27 14:41 1089440 c:\windows\system32\msidcrl40.dll
+ 2011-12-11 09:29 . 2010-05-26 10:41 1998168 c:\windows\LastGood\system32\D3DX9_43.dll
+ 2011-12-11 09:29 . 2009-09-04 16:29 1892184 c:\windows\LastGood\system32\D3DX9_42.dll
+ 2011-12-11 09:29 . 2009-03-09 14:27 4178264 c:\windows\LastGood\system32\D3DX9_41.dll
+ 2011-12-11 09:29 . 2008-10-15 05:22 4379984 c:\windows\LastGood\system32\D3DX9_40.dll
+ 2011-12-11 09:29 . 2008-07-12 07:18 3851784 c:\windows\LastGood\system32\D3DX9_39.dll
+ 2011-12-11 09:29 . 2008-05-30 13:11 3850760 c:\windows\LastGood\system32\D3DX9_38.dll
+ 2011-12-11 09:29 . 2008-03-05 14:56 3786760 c:\windows\LastGood\system32\D3DX9_37.dll
+ 2011-12-11 09:29 . 2007-10-12 14:14 3734536 c:\windows\LastGood\system32\d3dx9_36.dll
+ 2011-12-11 09:29 . 2007-07-19 17:14 3727720 c:\windows\LastGood\system32\d3dx9_35.dll
+ 2011-12-11 09:29 . 2007-05-16 15:45 3497832 c:\windows\LastGood\system32\d3dx9_34.dll
+ 2011-12-11 09:28 . 2007-03-12 15:42 3495784 c:\windows\LastGood\system32\d3dx9_33.dll
+ 2011-12-11 09:28 . 2006-11-29 12:06 3426072 c:\windows\LastGood\system32\d3dx9_32.dll
+ 2011-12-11 09:28 . 2006-09-28 15:05 2414360 c:\windows\LastGood\system32\d3dx9_31.dll
+ 2011-12-11 09:28 . 2006-03-31 11:40 2388176 c:\windows\LastGood\system32\d3dx9_30.dll
+ 2011-12-11 09:28 . 2006-02-03 07:43 2332368 c:\windows\LastGood\system32\d3dx9_29.dll
+ 2011-12-11 09:28 . 2005-12-05 17:09 2323664 c:\windows\LastGood\system32\d3dx9_28.dll
+ 2011-12-11 09:28 . 2005-07-22 18:59 2319568 c:\windows\LastGood\system32\d3dx9_27.dll
+ 2011-12-11 09:28 . 2005-05-26 14:34 2297552 c:\windows\LastGood\system32\d3dx9_26.dll
+ 2011-12-11 09:28 . 2005-03-18 16:19 2337488 c:\windows\LastGood\system32\d3dx9_25.dll
+ 2011-12-11 09:28 . 2005-02-05 18:45 2222800 c:\windows\LastGood\system32\d3dx9_24.dll
+ 2011-12-11 09:29 . 2010-05-26 10:41 1868128 c:\windows\LastGood\system32\d3dcsx_43.dll
+ 2011-12-11 09:29 . 2009-09-04 16:29 5501792 c:\windows\LastGood\system32\d3dcsx_42.dll
+ 2011-12-11 09:29 . 2010-05-26 10:41 2106216 c:\windows\LastGood\system32\D3DCompiler_43.dll
+ 2011-12-11 09:29 . 2009-09-04 16:29 1974616 c:\windows\LastGood\system32\D3DCompiler_42.dll
+ 2011-12-11 09:29 . 2009-03-09 14:27 1846632 c:\windows\LastGood\system32\D3DCompiler_41.dll
+ 2011-12-11 09:29 . 2008-10-15 05:22 2036576 c:\windows\LastGood\system32\D3DCompiler_40.dll
+ 2011-12-11 09:29 . 2008-07-12 07:18 1493528 c:\windows\LastGood\system32\D3DCompiler_39.dll
+ 2011-12-11 09:29 . 2008-05-30 13:11 1491992 c:\windows\LastGood\system32\D3DCompiler_38.dll
+ 2011-12-11 09:29 . 2008-03-05 14:56 1420824 c:\windows\LastGood\system32\D3DCompiler_37.dll
+ 2011-12-11 09:29 . 2007-10-12 14:14 1374232 c:\windows\LastGood\system32\D3DCompiler_36.dll
+ 2011-12-11 09:29 . 2007-07-19 17:14 1358192 c:\windows\LastGood\system32\D3DCompiler_35.dll
+ 2011-12-11 09:29 . 2007-05-16 15:45 1124720 c:\windows\LastGood\system32\D3DCompiler_34.dll
+ 2011-12-11 09:28 . 2007-03-12 15:42 1123696 c:\windows\LastGood\system32\D3DCompiler_33.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-11-26 10:21 . 2011-11-26 10:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-12-11 09:28 . 2011-12-11 09:28 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-04-02 16:17 . 2010-04-02 16:17 13642904 c:\windows\system32\xlivefnt.dll
+ 2010-04-02 16:17 . 2010-04-02 16:17 15426200 c:\windows\system32\xlive.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\přemek\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-09-14 2969496]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-26 1242448]
"jusched"="c:\documents and settings\přemek\Data aplikací\xmllogon.exe" [2011-12-10 63488]
"\xmllogon.exe"="c:\documents and settings\přemek\Data aplikací\xmllogon.exe" [2011-12-10 63488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"\xmllogon.exe"="c:\documents and settings\přemek\Data aplikací\xmllogon.exe" [2011-12-10 63488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2011-8-15 409088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\
CurseClientStartup.ccip [2010-10-26 0]
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-12-1 3509144]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^přemek^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\přemek\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Zuxxez\\Battle vs. Chess\\battlevschess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58540:TCP"= 58540:TCP:Pando Media Booster
"58540:UDP"= 58540:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6919:TCP"= 6919:TCP:League of Legends Launcher
"6919:UDP"= 6919:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6935:TCP"= 6935:TCP:League of Legends Launcher
"6935:UDP"= 6935:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"6890:TCP"= 6890:TCP:League of Legends Launcher
"6890:UDP"= 6890:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6909:TCP"= 6909:TCP:League of Legends Launcher
"6909:UDP"= 6909:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"6973:TCP"= 6973:TCP:League of Legends Launcher
"6973:UDP"= 6973:UDP:League of Legends Launcher
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6905:TCP"= 6905:TCP:League of Legends Launcher
"6905:UDP"= 6905:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6996:TCP"= 6996:TCP:League of Legends Launcher
"6996:UDP"= 6996:UDP:League of Legends Launcher
"6885:TCP"= 6885:TCP:League of Legends Launcher
"6885:UDP"= 6885:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27.11.2010 14:34 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27.11.2010 14:34 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.6.2010 7:20 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.2.2011 18:44 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.6.2010 16:47 314456]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7.1.2010 23:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.6.2010 16:47 20568]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4.6.2010 20:18 68136]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [12.1.2011 16:06 1670016]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7.10.2010 16:36 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [12.1.2011 16:04 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [12.1.2011 16:15 79360]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7.10.2010 16:36 136176]
S3 KMWDFilterV1;KMWDFilterV1;c:\windows\system32\drivers\RPGMOUSEV1.sys [13.8.2010 19:52 18432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.9.2006 22:21 34896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15788
mStart Page = hxxp://home.sweetim.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\přemek\Data aplikací\Mozilla\Firefox\Profiles\ov648w5v.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=15788
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.1.1&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-\certfont.exe - c:\documents and settings\All Users\certfont.exe
HKLM-Run-\certfont.exe - c:\documents and settings\All Users\certfont.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-1214440339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f6,bc,1b,0e,b3,af,a4,68,62,d8,a8,c0,93,1b,c5,32,a7,0e,b7,73,dd,
94,f2,12,cf,15,1a,e1,de,39,31,bd,ed,01,2c,f9,22,d1,4c,80,ab,07,4e,4d,92,51,\
"rkeysecu"=hex:cf,f3,4c,22,6a,e9,5b,65,99,b3,2e,96,45,2f,7f,9a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-12-11 13:04:25
ComboFix-quarantined-files.txt 2011-12-11 12:04
ComboFix2.txt 2011-12-10 23:10
.
Před spuštěním: Volných bajtů: 364 374 290 432
Po spuštění: Volných bajtů: 365 425 487 872
.
- - End Of File - - 26901C2A2564786DE40BF60D9B96BD03