kontrola hjt

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

kontrola hjt

Příspěvekod mafian » 01 úno 2012 17:05

prosím o kontrolu hrozně pomalé načítání internetu a stránek.
děkuji
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:01:10, on 1.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\uživatel\Local Settings\Temp\mwavscan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\uživatel\Dokumenty\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6185 bytes
Nahoru
Reklama
Top
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 02 úno 2012 12:48

up
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod jaro3 » 02 úno 2012 13:43

Odinstaluj:
pdfforge Toolbar
Spigot\Search Settings

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 02 úno 2012 14:54

děkuji za radu nový log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:32, on 2.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Documents and Settings\uživatel\Dokumenty\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5014 bytes

Spigot\Search Settings tohle nevím jak odinstalovat
mbAM nic nenašel.
ještě bych se zeptal když dam cmd a v něm napíšu netstat tak mi to vyjede cirka 30-50 řádek a někdy jen 14 je to ok?
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod jaro3 » 02 úno 2012 16:13

Ještě pořešíme..

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si MiniToolBox
a spusť ho.
V okně zaškrtni čtverečky:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Potom klikni na GO , po chvíli skenu se objeví log s názvem „Result“ , zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 02 úno 2012 16:54

ComboFix 12-02-02.01 - uživatel 02.02.2012 16:43:34.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2822 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-02 do 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Malwarebytes
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-02 13:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 13:44 . 2012-02-02 13:45 9502424 ----a-w- C:\mbam-setup-1.60.1.1000.exe
2012-02-02 13:44 . 2012-02-02 13:44 50688 ----a-w- C:\ATF-Cleaner.exe
2012-02-01 14:44 . 2012-02-01 14:44 -------- d---a-w- c:\windows\rundll16.exe
2012-02-01 14:44 . 2012-02-01 14:44 -------- d---a-w- c:\windows\logo1_.exe
2012-02-01 10:54 . 2012-02-01 10:54 -------- d-----w- C:\TempBK
2012-01-29 16:29 . 2012-01-29 16:29 117760 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{3FE7D2BF-DB37-429A-B47E-5DE073404A42}\IconTmpl.50919BAA_6A87_4FF2_9F31_77666E9D001A.exe
2012-01-29 16:29 . 2009-06-29 13:32 193696 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-01-29 16:27 . 2012-01-29 16:29 -------- d-----w- c:\program files\Service ADVISOR
2012-01-29 16:27 . 2012-01-29 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Service ADVISOR
2012-01-29 16:27 . 2009-11-11 10:27 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-01-29 16:27 . 2012-01-29 16:26 697444 ----a-w- c:\windows\unins001.exe
2012-01-29 16:26 . 2009-03-30 12:28 616024 ----a-w- c:\windows\system32\COMCTL32.ocx
2012-01-29 16:26 . 2009-03-30 12:28 416584 ----a-w- c:\windows\system32\COMCT332.ocx
2012-01-29 16:26 . 2009-03-30 12:28 171096 ----a-w- c:\windows\system32\COMCT232.ocx
2012-01-29 16:26 . 2008-07-29 11:41 569439 ----a-w- c:\windows\system32\JDLegacyCfgReader.dll
2012-01-29 16:26 . 2007-07-16 08:12 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2012-01-29 16:26 . 2012-01-29 16:46 -------- d-----w- c:\program files\ECULP
2012-01-29 16:26 . 2012-01-29 16:26 -------- d-----w- c:\program files\Common Files\John Deere
2012-01-29 16:25 . 2009-09-04 12:32 32839 ----a-w- c:\windows\system32\JDTrimHTML.dll
2012-01-29 16:25 . 2009-05-15 10:23 323584 ----a-w- c:\windows\system32\JDPayloadProcessor.dll
2012-01-29 16:23 . 2006-06-26 11:53 168011 ----a-w- c:\windows\system32\JDError.dll
2012-01-29 16:23 . 2006-05-22 12:51 221255 ----a-w- c:\windows\system32\JDLog.dll
2012-01-29 16:23 . 2004-02-06 08:53 208896 ----a-w- c:\windows\system32\JDNetCommSerial.dll
2012-01-29 16:21 . 2007-12-05 18:41 106768 ----a-w- c:\windows\system32\msscrpt2.ocx
2012-01-29 16:11 . 2012-01-29 16:13 -------- d-----w- c:\program files\Microsoft SQL Server
2012-01-29 14:36 . 2012-01-29 14:36 -------- d-----w- c:\program files\HD Tune
2012-01-29 12:36 . 2012-01-29 12:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\VitySoft
2012-01-27 19:43 . 2012-01-27 19:43 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-01-27 19:26 . 2012-01-27 19:26 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-01-27 19:26 . 2012-01-27 19:26 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-01-27 19:26 . 2012-01-27 19:26 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-01-27 19:26 . 2012-01-27 19:26 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-01-27 19:26 . 2012-01-27 19:26 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-01-27 19:26 . 2012-01-27 19:26 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-01-27 19:26 . 2012-01-27 19:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-01-27 19:19 . 2012-01-27 19:25 141333296 ----a-w- C:\mwav.exe
2012-01-26 17:14 . 2012-01-26 17:14 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Identities
2012-01-23 19:04 . 2012-01-23 19:04 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Registry Mechanic
2012-01-23 18:52 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-01-23 18:52 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-01-23 18:52 . 2011-12-12 13:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-01-23 18:52 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-01-23 18:52 . 2012-01-23 18:52 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-23 18:52 . 2012-01-29 15:42 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-01-23 18:44 . 2012-01-23 18:44 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Product_RM
2012-01-23 18:44 . 2012-01-23 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2012-01-23 15:40 . 2012-01-23 15:40 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:38 -------- d-----w- c:\program files\Common Files\ABBYY
2012-01-23 15:38 . 2012-01-23 15:44 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:39 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2012-01-21 16:26 . 2012-02-01 18:00 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-18 15:38 . 2012-01-18 15:38 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\VDLL.DLL
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\system32\runouce.exe
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\logo_1.exe
2012-01-15 10:50 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2012-01-15 10:50 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2012-01-15 10:24 . 2012-01-15 10:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FTWeak
2012-01-15 10:24 . 2012-01-15 10:30 -------- d-----w- c:\program files\FCleaner
2012-01-15 10:22 . 2012-01-15 10:22 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\FTweak
2012-01-13 17:45 . 2012-01-13 17:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2012-01-13 17:44 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-01-13 17:44 . 2009-03-30 12:28 660296 ----a-w- c:\windows\system32\Mscomct2.ocx
2012-01-13 17:44 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-01-13 17:44 . 2012-01-13 17:45 -------- d-----w- c:\program files\PDFCreator
2012-01-13 17:44 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-01-13 17:38 . 2012-01-13 17:42 -------- d-----w- c:\program files\WordToPDF
2012-01-13 17:08 . 2012-01-13 17:08 -------- d-----w- c:\program files\MSECache
2012-01-13 15:35 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-10 18:28 . 2012-01-10 18:28 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\SKIDROW
2012-01-10 18:28 . 2012-01-10 18:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Trine2
2012-01-10 18:24 . 2012-01-10 18:24 -------- d-----w- c:\program files\Frozenbyte
2012-01-10 16:27 . 2012-01-10 16:40 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ICQ
2012-01-10 16:21 . 2012-01-10 16:21 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-10 16:16 . 2012-01-10 16:16 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-10 16:16 . 2012-01-10 16:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-01-09 15:50 . 2012-01-09 15:50 -------- d-----w- c:\windows\system32\Mira6
2012-01-09 15:50 . 2012-01-09 15:50 -------- d-----w- c:\program files\ScanDrv6
2012-01-09 15:50 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-01-09 15:50 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-01-09 15:50 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-01-09 15:50 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-01-09 15:50 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-01-09 15:50 . 2012-01-09 15:50 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-01-09 15:50 . 2012-01-09 15:50 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-01-08 17:15 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-01-08 17:15 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2012-01-08 17:14 . 2012-01-08 17:15 -------- d-----w- c:\windows\SHELLNEW
2012-01-08 15:48 . 2012-01-08 15:48 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Ubisoft
2012-01-08 15:46 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-08 15:46 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-01-08 15:46 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-01-08 15:46 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-08 15:46 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-08 15:46 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-01-08 15:46 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-01-08 15:46 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-01-08 15:43 . 2012-01-08 15:47 -------- d-----w- c:\program files\Ubisoft
2012-01-08 15:34 . 2012-01-29 16:13 -------- d-----w- c:\program files\Microsoft.NET
2012-01-08 15:30 . 2012-01-29 14:33 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Deployment
2012-01-07 11:12 . 2012-01-07 11:12 -------- d-----w- c:\program files\CCleaner
2012-01-04 19:25 . 2012-01-04 19:25 -------- d-----w- c:\program files\Canon
2012-01-04 16:12 . 2012-01-09 16:03 -------- d-----w- C:\nafta 20011
2012-01-04 15:27 . 2012-01-04 15:27 -------- d-----w- c:\program files\MSXML 6.0
2012-01-04 14:10 . 2012-01-04 14:10 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2012-01-04 14:10 . 2012-01-04 14:10 -------- d-----w- c:\program files\Common Files\soft602
2012-01-04 14:10 . 2012-01-04 14:10 -------- d-----w- c:\program files\Software602
2012-01-04 14:03 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-04 14:03 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-01-04 14:03 . 2004-07-26 11:05 24576 ----a-w- c:\windows\system32\RSRC32.DLL
2012-01-04 14:03 . 2004-07-26 11:05 1312 ----a-w- c:\windows\system32\RSRC16.DLL
2012-01-04 11:41 . 2012-01-04 11:41 -------- d-----w- c:\program files\GRETECH
2012-01-04 09:00 . 2012-01-04 09:00 -------- d-----w- c:\program files\AMD APP
2012-01-04 08:58 . 2011-11-10 03:26 57344 ----a-w- c:\windows\system32\aticalrt.dll
2012-01-04 08:58 . 2011-11-10 03:20 7196672 ----a-w- c:\windows\system32\aticaldd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 17:34 . 2012-01-27 17:33 5731030 ----a-w- c:\windows\REGBK01.ZIP
2012-01-15 11:29 . 2012-01-15 11:28 5676757 ----a-w- c:\windows\REGBK00.ZIP
2012-01-04 15:12 . 2011-12-28 09:29 16608 ----a-w- c:\windows\gdrv.sys
2011-12-31 19:49 . 2011-12-29 10:39 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-29 11:11 . 2011-12-28 12:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-29 10:29 . 2011-12-29 10:29 166976 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-28 09:31 . 2011-12-28 09:31 319488 ----a-w- c:\windows\HideWin.exe
2011-11-28 18:01 . 2011-12-28 11:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-28 11:12 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-28 11:22 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2011-12-28 11:12 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-28 11:12 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2011-12-28 11:21 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2011-12-28 11:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-28 11:12 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-28 11:12 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-28 11:12 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-28 11:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-28 11:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-28 17:26 . 2011-12-28 11:21 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-25 21:57 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2001-10-25 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2001-10-25 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 17:06 . 2011-12-28 12:44 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-12-28 12:13 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 16:56 . 2011-12-28 12:13 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-16 14:21 . 2011-12-28 10:55 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2001-10-25 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 03:42 . 2009-01-14 07:14 7493120 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-11-10 03:34 . 2011-12-28 10:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-11-10 03:06 . 2009-01-14 05:46 19210240 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:54 . 2011-12-28 10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 02:53 . 2009-01-14 04:47 304640 ----a-w- c:\windows\system32\ati2dvag.dll
2011-11-10 02:50 . 2009-01-14 04:22 5266624 ----a-w- c:\windows\system32\ati3duag.dll
2011-11-10 02:32 . 2009-01-14 04:36 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 02:32 . 2009-01-14 04:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 02:32 . 2009-01-14 04:36 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-11-10 02:32 . 2009-01-14 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 02:31 . 2009-01-14 04:35 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2011-11-10 02:30 . 2009-01-14 04:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-10 02:30 . 2009-01-14 04:05 3303040 ----a-w- c:\windows\system32\ativvaxx.dll
2011-11-10 02:29 . 2009-01-14 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-11-10 02:23 . 2009-01-14 03:45 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-11-10 02:20 . 2009-01-14 04:53 602112 ----a-w- c:\windows\system32\atiok3x2.dll
2011-11-10 02:18 . 2009-01-14 03:44 233472 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:18 . 2009-01-14 03:44 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-11-10 02:12 . 2009-01-14 03:37 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-11-10 02:12 . 2009-01-14 03:50 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:12 . 2009-01-14 03:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-04 19:13 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2001-10-25 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2005-02-16 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 13:56 1763840 ----a-w- c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 17:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 17:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [28.12.2011 12:21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [28.12.2011 12:21 195416]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [28.12.2011 12:22 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.12.2011 12:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.12.2011 12:12 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2011 12:12 20568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [23.1.2012 19:52 793048]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [28.12.2011 12:21 127192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-01 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-23 13:06]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-GEST - (no file)
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 16:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-02-02 16:52:26
ComboFix-quarantined-files.txt 2012-02-02 15:52
.
Před spuštěním: Volných bajtů: 52 244 348 928
Po spuštění: Volných bajtů: 52 712 628 224
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A81C9AE24749F9E5F42CD453A0A89B5A
Nahoru
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 02 úno 2012 16:57

MiniToolBox by Farbar Version: 18-01-2012
Ran by uživatel (administrator) on 02-02-2012 at 16:56:42
Systém Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Připojení (Connected)
Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = Připojení k místní síti (Connected)


# ----------------------------------
#Konfigurace rozhraní protokolu IP
# ----------------------------------
pushd interface ip


# Konfigurace protokolu IP rozhraní pro "Připojení k místní síti"

set address name="Připojení k místní síti" source=dhcp
set dns name="Připojení k místní síti" source=dhcp register=PRIMARY
set wins name="Připojení k místní síti" source=dhcp


popd
# Konec konfigurace protokolu IP rozhraní




Konfigurace protokolu IP systému Windows



Název hostitele . . . . . . . . . : admin

Primární přípona DNS. . . . . . . :

Typ uzlu . . . . . . . . . . . . : neznámý

Povoleno směrování IP . . . . . . : Ne

WINS Proxy povoleno . . . . . . . : Ne



Adaptér sítě Ethernet Připojení k místní síti:



Přípona DNS podle připojení . . . :

Popis . . . . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Fyzická Adresa. . . . . . . . . . : 00-24-1D-10-0E-E8

Protokol DHCP povolen . . . . . . : Ano

Automatická konfigurace povolena : Ano

Adresa IP . . . . . . . . . . . . : 10.0.0.139

Maska podsítě . . . . . . . . . . : 255.255.255.0

Výchozí brána . . . . . . . . . . : 10.0.0.138

Server DHCP . . . . . . . . . . . : 10.0.0.138

Servery DNS . . . . . . . . . . . : 10.0.0.138

Zapůjčeno . . . . . . . . . . . . : 2. února 2012 16:46:11

Zápůjčka vyprší . . . . . . . . . : 2. února 2012 17:46:11

Server: mygateway1.ar7
Address: 10.0.0.138

N˙zev: google.com
Addresses: 173.194.70.103, 173.194.70.104, 173.194.70.105, 173.194.70.106
173.194.70.147, 173.194.70.99



Pýˇkaz PING na google.com [173.194.70.103] s d‚lkou 32 bajt…:



OdpovŘÔ od 173.194.70.103: bajty=32 źas=50ms TTL=49

OdpovŘÔ od 173.194.70.103: bajty=32 źas=51ms TTL=49



Statistika ping pro 173.194.70.103:

Pakety: Odeslan‚ = 2, Pýijat‚ = 2, Ztracen‚ = 0 (ztr ta 0%),

Pýibli§n  doba do pýijetˇ odezvy v milisekund ch:

Minimum = 50ms, Maximum = 51ms, Pr…mŘr = 50ms

Server: mygateway1.ar7
Address: 10.0.0.138

N˙zev: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pýˇkaz PING na yahoo.com [72.30.2.43] s d‚lkou 32 bajt…:



OdpovŘÔ od 72.30.2.43: bajty=32 źas=202ms TTL=50

OdpovŘÔ od 72.30.2.43: bajty=32 źas=202ms TTL=49



Statistika ping pro 72.30.2.43:

Pakety: Odeslan‚ = 2, Pýijat‚ = 2, Ztracen‚ = 0 (ztr ta 0%),

Pýibli§n  doba do pýijetˇ odezvy v milisekund ch:

Minimum = 202ms, Maximum = 202ms, Pr…mŘr = 202ms

Server: mygateway1.ar7
Address: 10.0.0.138

N˙zev: bleepingcomputer.com
Address: 208.43.87.2



Pýˇkaz PING na bleepingcomputer.com [208.43.87.2] s d‚lkou 32 bajt…:



OdpovŘÔ od 208.43.87.2: Cˇlově hostitel nenˇ dostupně.

OdpovŘÔ od 208.43.87.2: Cˇlově hostitel nenˇ dostupně.



Statistika ping pro 208.43.87.2:

Pakety: Odeslan‚ = 2, Pýijat‚ = 2, Ztracen‚ = 0 (ztr ta 0%),

Pýibli§n  doba do pýijetˇ odezvy v milisekund ch:

Minimum = 0ms, Maximum = 0ms, Pr…mŘr = 0ms



Pýˇkaz PING na 127.0.0.1 s d‚lkou 32 bajt…:



OdpovŘÔ od 127.0.0.1: bajty=32 źas < 1ms TTL=128

OdpovŘÔ od 127.0.0.1: bajty=32 źas < 1ms TTL=128



Statistika ping pro 127.0.0.1:

Pakety: Odeslan‚ = 2, Pýijat‚ = 2, Ztracen‚ = 0 (ztr ta 0%),

Pýibli§n  doba do pýijetˇ odezvy v milisekund ch:

Minimum = 0ms, Maximum = 0ms, Pr…mŘr = 0ms

===========================================================================
Seznam rozhranˇ
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 1d 10 0e e8 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Aktivnˇ smŘrov nˇ:
Cˇl v sˇti Sˇśov  maska Br na Rozhranˇ Metrika
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.139 1
10.0.0.0 255.255.255.0 10.0.0.139 10.0.0.139 20
10.0.0.139 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.139 10.0.0.139 20
81.91.82.97 255.255.255.255 10.0.0.138 10.0.0.139 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.139 10.0.0.139 20
255.255.255.255 255.255.255.255 10.0.0.139 10.0.0.139 1
Věchozˇ br na: 10.0.0.138
===========================================================================
Trval‚ trasy:
¦ dn‚
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2012 05:11:13 PM) (Source: MsiInstaller) (User: uživatel)uživatel
Description: Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because this version of the .NET Framework is incompatible with a previously installed one. For more information, see http://support.microsoft.com/support/kb ... 2/5/00.asp

Error: (01/26/2012 04:00:12 PM) (Source: .NET Runtime) (User: )
Description: Application: CZShareManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
at System.Windows.Forms.Control.Invoke(System.Delegate)
at TranferManager.NewVersionDownload.OnCheckForUpdateCompleted(System.Object, System.Deployment.Application.CheckForUpdateCompletedEventArgs)
at System.Deployment.Application.ApplicationDeployment.CheckForUpdateBindCompletedEventHandler(System.Object, System.Deployment.Application.BindCompletedEventArgs)
at System.Deployment.Application.DeploymentManager.BindAsyncCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/26/2012 03:59:59 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 czsharemanager.exe, P2 0.0.1.30, P3 4e70be6a, P4 system.windows.forms, P5 4.0.0.0, P6 4da404ee, P7 152f, P8 17, P9 clr20r30, P10 clr20r31.

Error: (01/24/2012 02:17:49 PM) (Source: Application Error) (User: )
Description: Chybující aplikace bubbleball.exe, verze 0.0.0.0, chybující modul bubbleball.exe, verze 0.0.0.0, adresa chyby 0x0000914a.
Zpracování události, specifické pro médium ([bubbleball.exe!ws!])

Error: (01/24/2012 01:39:39 PM) (Source: .NET Runtime) (User: )
Description: Application: CZShareManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
at System.Windows.Forms.Control.Invoke(System.Delegate)
at TranferManager.NewVersionDownload.OnCheckForUpdateCompleted(System.Object, System.Deployment.Application.CheckForUpdateCompletedEventArgs)
at System.Deployment.Application.ApplicationDeployment.CheckForUpdateBindCompletedEventHandler(System.Object, System.Deployment.Application.BindCompletedEventArgs)
at System.Deployment.Application.DeploymentManager.BindAsyncCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/24/2012 01:39:37 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 czsharemanager.exe, P2 0.0.1.30, P3 4e70be6a, P4 system.windows.forms, P5 4.0.0.0, P6 4da404ee, P7 152f, P8 17, P9 clr20r30, P10 clr20r31.

Error: (01/23/2012 00:42:11 PM) (Source: Application Error) (User: )
Description: Chybující aplikace bubbleball.exe, verze 0.0.0.0, chybující modul bubbleball.exe, verze 0.0.0.0, adresa chyby 0x0000914a.
Zpracování události, specifické pro médium ([bubbleball.exe!ws!])

Error: (01/17/2012 02:25:36 PM) (Source: Application Error) (User: )
Description: Chybující aplikace bubbleball.exe, verze 0.0.0.0, chybující modul bubbleball.exe, verze 0.0.0.0, adresa chyby 0x0000914a.
Zpracování události, specifické pro médium ([bubbleball.exe!ws!])

Error: (01/15/2012 03:57:57 PM) (Source: Application Hang) (User: )
Description: Chybný blok -1579213943

Error: (01/15/2012 03:57:53 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace AvastUI.exe, verze 6.0.1367.0, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.


System errors:
=============
Error: (02/02/2012 04:18:25 PM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (02/02/2012 00:00:21 PM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (02/02/2012 11:30:50 AM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (02/02/2012 09:07:35 AM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (02/01/2012 03:37:38 PM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (02/01/2012 02:55:50 PM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (02/01/2012 10:17:22 AM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (01/31/2012 10:49:00 AM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (01/30/2012 03:26:32 PM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20

Error: (01/30/2012 11:55:24 AM) (Source: Service Control Manager) (User: )
Description: Služba PAR1284 neuspěla při spuštění v důsledku následující chyby:
%%20


Microsoft Office Sessions:
=========================
Error: (01/29/2012 05:11:13 PM) (Source: MsiInstaller)(User: uživatel)uživatel
Description: Produkt: Microsoft .NET Framework 2.0 - Setup cannot continue because this version of the .NET Framework is incompatible with a previously installed one. For more information, see http://support.microsoft.com/support/kb ... 0.asp(NULL)(NULL)(NULL)

Error: (01/26/2012 04:00:12 PM) (Source: .NET Runtime)(User: )
Description: Application: CZShareManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
at System.Windows.Forms.Control.Invoke(System.Delegate)
at TranferManager.NewVersionDownload.OnCheckForUpdateCompleted(System.Object, System.Deployment.Application.CheckForUpdateCompletedEventArgs)
at System.Deployment.Application.ApplicationDeployment.CheckForUpdateBindCompletedEventHandler(System.Object, System.Deployment.Application.BindCompletedEventArgs)
at System.Deployment.Application.DeploymentManager.BindAsyncCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/26/2012 03:59:59 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3czsharemanager.exe0.0.1.304e70be6asystem.windows.forms4.0.0.04da404ee152f17system.invalidoperationexceptionNIL

Error: (01/24/2012 02:17:49 PM) (Source: Application Error)(User: )
Description: bubbleball.exe0.0.0.0bubbleball.exe0.0.0.00000914a

Error: (01/24/2012 01:39:39 PM) (Source: .NET Runtime)(User: )
Description: Application: CZShareManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
at System.Windows.Forms.Control.Invoke(System.Delegate)
at TranferManager.NewVersionDownload.OnCheckForUpdateCompleted(System.Object, System.Deployment.Application.CheckForUpdateCompletedEventArgs)
at System.Deployment.Application.ApplicationDeployment.CheckForUpdateBindCompletedEventHandler(System.Object, System.Deployment.Application.BindCompletedEventArgs)
at System.Deployment.Application.DeploymentManager.BindAsyncCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/24/2012 01:39:37 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3czsharemanager.exe0.0.1.304e70be6asystem.windows.forms4.0.0.04da404ee152f17system.invalidoperationexceptionNIL

Error: (01/23/2012 00:42:11 PM) (Source: Application Error)(User: )
Description: bubbleball.exe0.0.0.0bubbleball.exe0.0.0.00000914a

Error: (01/17/2012 02:25:36 PM) (Source: Application Error)(User: )
Description: bubbleball.exe0.0.0.0bubbleball.exe0.0.0.00000914a

Error: (01/15/2012 03:57:57 PM) (Source: Application Hang)(User: )
Description: -1579213943

Error: (01/15/2012 03:57:53 PM) (Source: Application Hang)(User: )
Description: AvastUI.exe6.0.1367.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

602XML Filler (Version: 3.14)
ABBYY FineReader 9.0 Professional Edition (Version: 9.00.724.5507)
Acronis Disk Director (Version: 11.0.2121)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) - Czech (Version: 10.1.2)
Aktualizace systému Windows Internet Explorer 8 (KB2598845) (Version: 1)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531) (Version: 1)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521) (Version: 1)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444) (Version: 1)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381) (Version: 1)
Aktualizace zabezpečení systému Windows XP (KB923789)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
ATI AVIVO Codecs (Version: 10.0.0.31121)
ATI Catalyst Control Center (Version: 2.009.0113.2221)
ATI HYDRAVISION (Version: 3.25.0006)
ATI Parental Control & Encoder (Version: 3.0)
ATI Problem Report Wizard (Version: 8.10)
avast! Internet Security (Version: 6.0.1367.0)
Browser Configuration Utility (Version: 1.0.4.9)
Canon i350
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0113.2222.40119)
Catalyst Control Center Graphics Full Existing (Version: 2009.0113.2222.40119)
Catalyst Control Center Graphics Full New (Version: 2009.0113.2222.40119)
Catalyst Control Center Graphics Light (Version: 2009.0113.2222.40119)
Catalyst Control Center Graphics Previews Common (Version: 2009.0113.2222.40119)
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2146.39010)
Catalyst Control Center HydraVision Full (Version: 2009.0113.2222.40119)
Catalyst Control Center InstallProxy (Version: 2011.1109.2146.39010)
Catalyst Control Center Localization All (Version: 2009.0113.2222.40119)
ccc-core-preinstall (Version: 2009.0113.2222.40119)
ccc-core-static (Version: 2009.0113.2222.40119)
ccc-utility (Version: 2009.0113.2222.40119)
ccc-utility (Version: 2011.1109.2146.39010)
CCC Help Czech (Version: 2009.0113.2221.40119)
CCC Help Danish (Version: 2009.0113.2221.40119)
CCC Help Dutch (Version: 2009.0113.2221.40119)
CCC Help English (Version: 2009.0113.2221.40119)
CCC Help English (Version: 2011.1109.2145.39010)
CCC Help Finnish (Version: 2009.0113.2221.40119)
CCC Help French (Version: 2009.0113.2221.40119)
CCC Help German (Version: 2009.0113.2221.40119)
CCC Help Greek (Version: 2009.0113.2221.40119)
CCC Help Hungarian (Version: 2009.0113.2221.40119)
CCC Help Chinese Standard (Version: 2009.0113.2221.40119)
CCC Help Chinese Traditional (Version: 2009.0113.2221.40119)
CCC Help Italian (Version: 2009.0113.2221.40119)
CCC Help Japanese (Version: 2009.0113.2221.40119)
CCC Help Korean (Version: 2009.0113.2221.40119)
CCC Help Norwegian (Version: 2009.0113.2221.40119)
CCC Help Polish (Version: 2009.0113.2221.40119)
CCC Help Portuguese (Version: 2009.0113.2221.40119)
CCC Help Russian (Version: 2009.0113.2221.40119)
CCC Help Spanish (Version: 2009.0113.2221.40119)
CCC Help Swedish (Version: 2009.0113.2221.40119)
CCC Help Thai (Version: 2009.0113.2221.40119)
CCC Help Turkish (Version: 2009.0113.2221.40119)
CCleaner (Version: 3.14)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Connectivity Abstraction Layer (Version: 1.3.014)
CZShare Manager (Version: 0.0.1.35)
DAEMON Tools Lite (Version: 4.45.1.0236)
ECULP 4.0
EVEREST Ultimate Edition v5.50 (Version: 5.50)
FCleaner 1.3.1.621
File Scavenger 3.2 (Version: 3.2)
GetDataBack for NTFS (Version: 4.25.000)
GOM Player (Version: 2.1.36.5083)
HD Tune 2.55
HijackThis 2.0.2 (Version: 2.0.2)
Java Auto Updater (Version: 2.1.5.3)
Java(TM) 7 Update 2 (Version: 7.0.20)
JD Common Loader (Version: 1.15.0005)
JD Field General (Version: 3.01.0001)
JD NetComm Serial (Version: 2.02.0001)
JD NetComm V2 (Version: 2.02.0008)
JD Payload Processor (Version: 3.05.0006)
JDActiveX3 3.0.1.12
JDLM 2.1
Malwarebytes Anti-Malware verze 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MiraScan 6.1(5150C) (Version: V6.1(5150C))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Nero 7 Ultra Edition (Version: 7.02.9752)
neroxml (Version: 1.0.0)
NEXIQ Readings (Version: 3.01.320)
nLite 1.4.8 (Version: 1.4.8)
NVIDIA PhysX (Version: 9.10.0513)
Opera 11.61 (Version: 11.61.1250)
PC Tools Registry Mechanic 11.0 (Version: 11.0)
PDFCreator (Version: 1.2.3)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5694)
Sada Compatibility Pack pro systém Office 2007 (Version: 12.0.6514.5001)
Seemage Players (Version: 4.2.0.1180)
Skins (Version: 2009.0113.2222.40119)
Traktor 2 (Version: 1.0)
Trine 2
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VMR Client Install (Version: 1.00.0000)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031517)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3326.42 MB
Available physical RAM: 2684.06 MB
Total Pagefile: 5209.73 MB
Available Pagefile: 4721.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:68.36 GB) (Free:49.13 GB) NTFS
2 Drive d: () (Fixed) (Total:59.63 GB) (Free:50.67 GB) NTFS
4 Drive f: () (Fixed) (Total:337.77 GB) (Free:89.97 GB) NTFS
5 Drive g: (system) (Fixed) (Total:127.99 GB) (Free:45.12 GB) NTFS
7 Drive i: (starý disk) (Fixed) (Total:68.36 GB) (Free:40.67 GB) NTFS
9 Drive k: (vše ostatní) (Fixed) (Total:171.77 GB) (Free:41.45 GB) NTFS
10 Drive l: (programy) (Fixed) (Total:97.65 GB) (Free:47.98 GB) NTFS

========================= Users: ========================================

U§ivatelsk‚ Łźty pro \\ADMIN

Administrator Guest HelpAssistant
SUPPORT_388945a0 u§ivatel
Pýˇkaz byl ŁspŘçnŘ dokonźen.


**** End of log ****


díky za další rady
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod jaro3 » 02 úno 2012 19:01

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\CleanMFT32.exe
c:\windows\REGBK01.ZIP
c:\windows\REGBK00.ZIP
c:\windows\HideWin.exe

RegNull::
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]

RegLock::
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Chyby:
Chybující aplikace bubbleball.exe--asi přeinstalovat
Error: (Source: Service Control Manager
.NET Framework is incompatible with a previously installed one. For more information, see
http://support.microsoft.com/support/kb ... 0.asp(NULL

S netem žádný problém...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 03 úno 2012 11:21

ComboFix 12-02-02.01 - uživatel 03.02.2012 10:50:29.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2841 [GMT 1:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\u×ivatel\Plocha\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-03 do 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Malwarebytes
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-02 13:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 13:44 . 2012-02-02 13:45 9502424 ----a-w- C:\mbam-setup-1.60.1.1000.exe
2012-02-02 13:44 . 2012-02-02 13:44 50688 ----a-w- C:\ATF-Cleaner.exe
2012-02-01 14:44 . 2012-02-01 14:44 -------- d---a-w- c:\windows\rundll16.exe
2012-02-01 14:44 . 2012-02-01 14:44 -------- d---a-w- c:\windows\logo1_.exe
2012-02-01 10:54 . 2012-02-01 10:54 -------- d-----w- C:\TempBK
2012-01-29 16:29 . 2012-01-29 16:29 117760 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{3FE7D2BF-DB37-429A-B47E-5DE073404A42}\IconTmpl.50919BAA_6A87_4FF2_9F31_77666E9D001A.exe
2012-01-29 16:29 . 2009-06-29 13:32 193696 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-01-29 16:27 . 2012-01-29 16:29 -------- d-----w- c:\program files\Service ADVISOR
2012-01-29 16:27 . 2012-01-29 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Service ADVISOR
2012-01-29 16:27 . 2009-11-11 10:27 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-01-29 16:27 . 2012-01-29 16:26 697444 ----a-w- c:\windows\unins001.exe
2012-01-29 16:26 . 2009-03-30 12:28 616024 ----a-w- c:\windows\system32\COMCTL32.ocx
2012-01-29 16:26 . 2009-03-30 12:28 416584 ----a-w- c:\windows\system32\COMCT332.ocx
2012-01-29 16:26 . 2009-03-30 12:28 171096 ----a-w- c:\windows\system32\COMCT232.ocx
2012-01-29 16:26 . 2008-07-29 11:41 569439 ----a-w- c:\windows\system32\JDLegacyCfgReader.dll
2012-01-29 16:26 . 2007-07-16 08:12 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2012-01-29 16:26 . 2012-01-29 16:46 -------- d-----w- c:\program files\ECULP
2012-01-29 16:26 . 2012-01-29 16:26 -------- d-----w- c:\program files\Common Files\John Deere
2012-01-29 16:25 . 2009-09-04 12:32 32839 ----a-w- c:\windows\system32\JDTrimHTML.dll
2012-01-29 16:25 . 2009-05-15 10:23 323584 ----a-w- c:\windows\system32\JDPayloadProcessor.dll
2012-01-29 16:23 . 2006-06-26 11:53 168011 ----a-w- c:\windows\system32\JDError.dll
2012-01-29 16:23 . 2006-05-22 12:51 221255 ----a-w- c:\windows\system32\JDLog.dll
2012-01-29 16:23 . 2004-02-06 08:53 208896 ----a-w- c:\windows\system32\JDNetCommSerial.dll
2012-01-29 16:21 . 2007-12-05 18:41 106768 ----a-w- c:\windows\system32\msscrpt2.ocx
2012-01-29 16:11 . 2012-01-29 16:13 -------- d-----w- c:\program files\Microsoft SQL Server
2012-01-29 14:36 . 2012-01-29 14:36 -------- d-----w- c:\program files\HD Tune
2012-01-29 12:36 . 2012-01-29 12:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\VitySoft
2012-01-27 19:43 . 2012-01-27 19:43 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-01-27 19:26 . 2012-01-27 19:26 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-01-27 19:26 . 2012-01-27 19:26 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-01-27 19:26 . 2012-01-27 19:26 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-01-27 19:26 . 2012-01-27 19:26 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-01-27 19:26 . 2012-01-27 19:26 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-01-27 19:26 . 2012-01-27 19:26 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-01-27 19:26 . 2012-01-27 19:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-01-27 19:19 . 2012-01-27 19:25 141333296 ----a-w- C:\mwav.exe
2012-01-26 17:14 . 2012-01-26 17:14 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Identities
2012-01-23 19:04 . 2012-01-23 19:04 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Registry Mechanic
2012-01-23 18:52 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-01-23 18:52 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-01-23 18:52 . 2011-12-12 13:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-01-23 18:52 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-01-23 18:52 . 2012-01-23 18:52 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-23 18:52 . 2012-01-29 15:42 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-01-23 18:44 . 2012-01-23 18:44 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Product_RM
2012-01-23 18:44 . 2012-01-23 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2012-01-23 15:40 . 2012-01-23 15:40 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:38 -------- d-----w- c:\program files\Common Files\ABBYY
2012-01-23 15:38 . 2012-01-23 15:44 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:39 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2012-01-21 16:26 . 2012-02-02 18:00 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-18 15:38 . 2012-01-18 15:38 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\VDLL.DLL
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\system32\runouce.exe
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\logo_1.exe
2012-01-15 10:50 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2012-01-15 10:50 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2012-01-15 10:24 . 2012-01-15 10:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FTWeak
2012-01-15 10:24 . 2012-01-15 10:30 -------- d-----w- c:\program files\FCleaner
2012-01-15 10:22 . 2012-01-15 10:22 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\FTweak
2012-01-13 17:45 . 2012-01-13 17:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2012-01-13 17:44 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-01-13 17:44 . 2009-03-30 12:28 660296 ----a-w- c:\windows\system32\Mscomct2.ocx
2012-01-13 17:44 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-01-13 17:44 . 2012-01-13 17:45 -------- d-----w- c:\program files\PDFCreator
2012-01-13 17:44 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-01-13 17:38 . 2012-01-13 17:42 -------- d-----w- c:\program files\WordToPDF
2012-01-13 17:08 . 2012-01-13 17:08 -------- d-----w- c:\program files\MSECache
2012-01-13 15:35 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-10 18:28 . 2012-01-10 18:28 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\SKIDROW
2012-01-10 18:28 . 2012-01-10 18:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Trine2
2012-01-10 18:24 . 2012-01-10 18:24 -------- d-----w- c:\program files\Frozenbyte
2012-01-10 16:27 . 2012-01-10 16:40 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ICQ
2012-01-10 16:21 . 2012-01-10 16:21 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-10 16:16 . 2012-01-10 16:16 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-10 16:16 . 2012-01-10 16:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-01-09 15:50 . 2012-01-09 15:50 -------- d-----w- c:\windows\system32\Mira6
2012-01-09 15:50 . 2012-01-09 15:50 -------- d-----w- c:\program files\ScanDrv6
2012-01-09 15:50 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-01-09 15:50 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-01-09 15:50 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-01-09 15:50 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-01-09 15:50 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-01-09 15:50 . 2012-01-09 15:50 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-01-09 15:50 . 2012-01-09 15:50 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-01-08 17:15 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-01-08 17:15 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2012-01-08 17:14 . 2012-01-08 17:15 -------- d-----w- c:\windows\SHELLNEW
2012-01-08 15:48 . 2012-01-08 15:48 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Ubisoft
2012-01-08 15:46 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-08 15:46 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-01-08 15:46 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-01-08 15:46 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-08 15:46 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-08 15:46 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-01-08 15:46 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-01-08 15:46 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-01-08 15:43 . 2012-01-08 15:47 -------- d-----w- c:\program files\Ubisoft
2012-01-08 15:34 . 2012-01-29 16:13 -------- d-----w- c:\program files\Microsoft.NET
2012-01-08 15:30 . 2012-01-29 14:33 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Deployment
2012-01-07 11:12 . 2012-01-07 11:12 -------- d-----w- c:\program files\CCleaner
2012-01-04 19:25 . 2012-01-04 19:25 -------- d-----w- c:\program files\Canon
2012-01-04 16:12 . 2012-01-09 16:03 -------- d-----w- C:\nafta 20011
2012-01-04 15:27 . 2012-01-04 15:27 -------- d-----w- c:\program files\MSXML 6.0
2012-01-04 14:10 . 2012-01-04 14:10 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2012-01-04 14:10 . 2012-01-04 14:10 -------- d-----w- c:\program files\Common Files\soft602
2012-01-04 14:10 . 2012-01-04 14:10 -------- d-----w- c:\program files\Software602
2012-01-04 14:03 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-04 14:03 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-01-04 14:03 . 2004-07-26 11:05 24576 ----a-w- c:\windows\system32\RSRC32.DLL
2012-01-04 14:03 . 2004-07-26 11:05 1312 ----a-w- c:\windows\system32\RSRC16.DLL
2012-01-04 11:41 . 2012-01-04 11:41 -------- d-----w- c:\program files\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 17:34 . 2012-01-27 17:33 5731030 ----a-w- c:\windows\REGBK01.ZIP
2012-01-15 11:29 . 2012-01-15 11:28 5676757 ----a-w- c:\windows\REGBK00.ZIP
2012-01-04 15:12 . 2011-12-28 09:29 16608 ----a-w- c:\windows\gdrv.sys
2011-12-31 19:49 . 2011-12-29 10:39 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-29 11:11 . 2011-12-28 12:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-29 10:29 . 2011-12-29 10:29 166976 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-28 09:31 . 2011-12-28 09:31 319488 ----a-w- c:\windows\HideWin.exe
2011-11-28 18:01 . 2011-12-28 11:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-28 11:12 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-28 11:22 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2011-12-28 11:12 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-28 11:12 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2011-12-28 11:21 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2011-12-28 11:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-28 11:12 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-28 11:12 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-28 11:12 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-28 11:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-28 11:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-28 17:26 . 2011-12-28 11:21 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-25 21:57 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2001-10-25 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2001-10-25 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 17:06 . 2011-12-28 12:44 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-12-28 12:13 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 16:56 . 2011-12-28 12:13 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-16 14:21 . 2011-12-28 10:55 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2001-10-25 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 03:42 . 2009-01-14 07:14 7493120 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-11-10 03:34 . 2011-12-28 10:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-11-10 03:26 . 2012-01-04 08:58 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 03:26 . 2012-01-04 08:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 03:20 . 2012-01-04 08:58 7196672 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 03:06 . 2009-01-14 05:46 19210240 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:54 . 2011-12-28 10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 02:53 . 2009-01-14 04:47 304640 ----a-w- c:\windows\system32\ati2dvag.dll
2011-11-10 02:50 . 2009-01-14 04:22 5266624 ----a-w- c:\windows\system32\ati3duag.dll
2011-11-10 02:41 . 2012-01-04 08:58 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-11-10 02:32 . 2009-01-14 04:36 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 02:32 . 2009-01-14 04:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 02:32 . 2009-01-14 04:36 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-11-10 02:32 . 2009-01-14 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 02:31 . 2009-01-14 04:35 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2011-11-10 02:30 . 2009-01-14 04:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-10 02:30 . 2009-01-14 04:05 3303040 ----a-w- c:\windows\system32\ativvaxx.dll
2011-11-10 02:29 . 2009-01-14 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-11-10 02:27 . 2012-01-04 08:58 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 02:23 . 2009-01-14 03:45 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-11-10 02:20 . 2009-01-14 04:53 602112 ----a-w- c:\windows\system32\atiok3x2.dll
2011-11-10 02:18 . 2009-01-14 03:44 233472 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:18 . 2009-01-14 03:44 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-11-10 02:12 . 2009-01-14 03:37 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-11-10 02:12 . 2012-01-04 08:58 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:12 . 2009-01-14 03:50 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:12 . 2009-01-14 03:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37 44032 ----a-w- c:\windows\system32\OpenCL.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_15.50.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-03 09:38 . 2012-02-03 09:38 16384 c:\windows\Temp\Perflib_Perfdata_ff0.dat
+ 2012-02-03 09:38 . 2012-02-03 09:38 16384 c:\windows\Temp\Perflib_Perfdata_f40.dat
+ 2001-10-25 12:00 . 2012-02-03 09:42 93390 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 93390 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-02-03 09:42 519782 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 519782 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-02-03 09:42 514942 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 514942 c:\windows\system32\perfh005.dat
+ 2001-10-25 12:00 . 2012-02-03 09:42 105172 c:\windows\system32\perfc005.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 105172 c:\windows\system32\perfc005.dat
+ 2011-12-28 10:11 . 2012-02-03 09:36 179448 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2005-02-16 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 13:56 1763840 ----a-w- c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 17:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 17:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [28.12.2011 12:21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [28.12.2011 12:21 195416]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [28.12.2011 12:22 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.12.2011 12:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.12.2011 12:12 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2011 12:12 20568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [23.1.2012 19:52 793048]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [28.12.2011 12:21 127192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-02 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-23 13:06]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 10:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-02-03 10:59:34
ComboFix-quarantined-files.txt 2012-02-03 09:59
ComboFix2.txt 2012-02-02 15:52
.
Před spuštěním: Volných bajtů: 52 586 344 448
Po spuštění: Volných bajtů: 52 575 023 104
.
- - End Of File - - 70F6E064179456135C13DD27C7839F8B
Nahoru
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 03 úno 2012 11:23

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:44, on 3.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\uživatel\Dokumenty\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe -startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5067 bytes

no zatím je ok takže asi vyřešeno díky.ted je v netstat max 20 řádků uvidim do večera jakmile jich tam zase naběhne 50 a víc tak jde net strašně pomalu.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod jaro3 » 03 úno 2012 15:22

OK.

Udělej znovu tento script , HJT už nedávej:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\CleanMFT32.exe
c:\windows\REGBK01.ZIP
c:\windows\REGBK00.ZIP
c:\windows\HideWin.exe
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
mafian
Level 3.5
Level 3.5
Příspěvky: 770
Registrován: leden 07
Pohlaví: Muž
Stav:
Offline

Re: kontrola hjt

Příspěvekod mafian » 03 úno 2012 16:47

ComboFix 12-02-02.01 - uživatel 03.02.2012 16:32:54.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2830 [GMT 1:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\u×ivatel\Plocha\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-03 do 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Malwarebytes
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-02 13:45 . 2012-02-02 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-02 13:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 13:44 . 2012-02-02 13:45 9502424 ----a-w- C:\mbam-setup-1.60.1.1000.exe
2012-02-02 13:44 . 2012-02-02 13:44 50688 ----a-w- C:\ATF-Cleaner.exe
2012-02-01 14:44 . 2012-02-01 14:44 -------- d---a-w- c:\windows\rundll16.exe
2012-02-01 14:44 . 2012-02-01 14:44 -------- d---a-w- c:\windows\logo1_.exe
2012-02-01 10:54 . 2012-02-01 10:54 -------- d-----w- C:\TempBK
2012-01-29 16:29 . 2012-01-29 16:29 117760 ----a-r- c:\documents and settings\uživatel\Data aplikací\Microsoft\Installer\{3FE7D2BF-DB37-429A-B47E-5DE073404A42}\IconTmpl.50919BAA_6A87_4FF2_9F31_77666E9D001A.exe
2012-01-29 16:29 . 2009-06-29 13:32 193696 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-01-29 16:27 . 2012-01-29 16:29 -------- d-----w- c:\program files\Service ADVISOR
2012-01-29 16:27 . 2012-01-29 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Service ADVISOR
2012-01-29 16:27 . 2009-11-11 10:27 59904 ----a-w- c:\windows\system32\zlib1.dll
2012-01-29 16:27 . 2012-01-29 16:26 697444 ----a-w- c:\windows\unins001.exe
2012-01-29 16:26 . 2009-03-30 12:28 616024 ----a-w- c:\windows\system32\COMCTL32.ocx
2012-01-29 16:26 . 2009-03-30 12:28 416584 ----a-w- c:\windows\system32\COMCT332.ocx
2012-01-29 16:26 . 2009-03-30 12:28 171096 ----a-w- c:\windows\system32\COMCT232.ocx
2012-01-29 16:26 . 2008-07-29 11:41 569439 ----a-w- c:\windows\system32\JDLegacyCfgReader.dll
2012-01-29 16:26 . 2007-07-16 08:12 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2012-01-29 16:26 . 2012-01-29 16:46 -------- d-----w- c:\program files\ECULP
2012-01-29 16:26 . 2012-01-29 16:26 -------- d-----w- c:\program files\Common Files\John Deere
2012-01-29 16:25 . 2009-09-04 12:32 32839 ----a-w- c:\windows\system32\JDTrimHTML.dll
2012-01-29 16:25 . 2009-05-15 10:23 323584 ----a-w- c:\windows\system32\JDPayloadProcessor.dll
2012-01-29 16:23 . 2006-06-26 11:53 168011 ----a-w- c:\windows\system32\JDError.dll
2012-01-29 16:23 . 2006-05-22 12:51 221255 ----a-w- c:\windows\system32\JDLog.dll
2012-01-29 16:23 . 2004-02-06 08:53 208896 ----a-w- c:\windows\system32\JDNetCommSerial.dll
2012-01-29 16:21 . 2007-12-05 18:41 106768 ----a-w- c:\windows\system32\msscrpt2.ocx
2012-01-29 16:11 . 2012-01-29 16:13 -------- d-----w- c:\program files\Microsoft SQL Server
2012-01-29 14:36 . 2012-01-29 14:36 -------- d-----w- c:\program files\HD Tune
2012-01-29 12:36 . 2012-01-29 12:36 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\VitySoft
2012-01-27 19:43 . 2012-01-27 19:43 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-01-27 19:26 . 2012-01-27 19:26 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-01-27 19:26 . 2012-01-27 19:26 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-01-27 19:26 . 2012-01-27 19:26 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-01-27 19:26 . 2012-01-27 19:26 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-01-27 19:26 . 2012-01-27 19:26 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-01-27 19:26 . 2012-01-27 19:26 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-01-27 19:26 . 2012-01-27 19:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-01-27 19:19 . 2012-01-27 19:25 141333296 ----a-w- C:\mwav.exe
2012-01-26 17:14 . 2012-01-26 17:14 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Identities
2012-01-23 19:04 . 2012-01-23 19:04 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Registry Mechanic
2012-01-23 18:52 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-01-23 18:52 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-01-23 18:52 . 2011-12-12 13:07 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-01-23 18:52 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-01-23 18:52 . 2012-01-23 18:52 -------- d-----w- c:\program files\Common Files\PC Tools
2012-01-23 18:52 . 2012-01-29 15:42 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-01-23 18:44 . 2012-01-23 18:44 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Product_RM
2012-01-23 18:44 . 2012-01-23 18:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2012-01-23 15:40 . 2012-01-23 15:40 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:38 -------- d-----w- c:\program files\Common Files\ABBYY
2012-01-23 15:38 . 2012-01-23 15:44 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ABBYY
2012-01-23 15:38 . 2012-01-23 15:39 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2012-01-21 16:26 . 2012-02-02 18:00 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-18 15:38 . 2012-01-18 15:38 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\VDLL.DLL
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\system32\runouce.exe
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-01-15 11:18 . 2012-01-15 11:18 -------- d---a-w- c:\windows\logo_1.exe
2012-01-15 10:50 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2012-01-15 10:50 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2012-01-15 10:24 . 2012-01-15 10:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FTWeak
2012-01-15 10:24 . 2012-01-15 10:30 -------- d-----w- c:\program files\FCleaner
2012-01-15 10:22 . 2012-01-15 10:22 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\FTweak
2012-01-13 17:45 . 2012-01-13 17:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2012-01-13 17:44 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-01-13 17:44 . 2009-03-30 12:28 660296 ----a-w- c:\windows\system32\Mscomct2.ocx
2012-01-13 17:44 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-01-13 17:44 . 2012-01-13 17:45 -------- d-----w- c:\program files\PDFCreator
2012-01-13 17:44 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-01-13 17:38 . 2012-01-13 17:42 -------- d-----w- c:\program files\WordToPDF
2012-01-13 17:08 . 2012-01-13 17:08 -------- d-----w- c:\program files\MSECache
2012-01-13 15:35 . 2008-04-14 07:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-10 18:28 . 2012-01-10 18:28 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\SKIDROW
2012-01-10 18:28 . 2012-01-10 18:28 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Trine2
2012-01-10 18:24 . 2012-01-10 18:24 -------- d-----w- c:\program files\Frozenbyte
2012-01-10 16:27 . 2012-01-10 16:40 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ICQ
2012-01-10 16:21 . 2012-01-10 16:21 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-10 16:16 . 2012-01-10 16:16 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-10 16:16 . 2012-01-10 16:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-01-09 15:50 . 2012-01-09 15:50 -------- d-----w- c:\windows\system32\Mira6
2012-01-09 15:50 . 2012-01-09 15:50 -------- d-----w- c:\program files\ScanDrv6
2012-01-09 15:50 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-01-09 15:50 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-01-09 15:50 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-01-09 15:50 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-01-09 15:50 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-01-09 15:50 . 2012-01-09 15:50 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-01-09 15:50 . 2012-01-09 15:50 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-01-08 17:15 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-01-08 17:15 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2012-01-08 17:14 . 2012-01-08 17:15 -------- d-----w- c:\windows\SHELLNEW
2012-01-08 15:48 . 2012-01-08 15:48 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Ubisoft
2012-01-08 15:46 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-01-08 15:46 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-01-08 15:46 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-01-08 15:46 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-01-08 15:46 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-08 15:46 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-01-08 15:46 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-01-08 15:46 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-01-08 15:46 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-01-08 15:43 . 2012-01-08 15:47 -------- d-----w- c:\program files\Ubisoft
2012-01-08 15:34 . 2012-01-29 16:13 -------- d-----w- c:\program files\Microsoft.NET
2012-01-08 15:30 . 2012-01-29 14:33 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Deployment
2012-01-07 11:12 . 2012-01-07 11:12 -------- d-----w- c:\program files\CCleaner
2012-01-04 19:25 . 2012-01-04 19:25 -------- d-----w- c:\program files\Canon
2012-01-04 16:12 . 2012-01-09 16:03 -------- d-----w- C:\nafta 20011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 17:34 . 2012-01-27 17:33 5731030 ----a-w- c:\windows\REGBK01.ZIP
2012-01-15 11:29 . 2012-01-15 11:28 5676757 ----a-w- c:\windows\REGBK00.ZIP
2012-01-04 15:12 . 2011-12-28 09:29 16608 ----a-w- c:\windows\gdrv.sys
2011-12-31 19:49 . 2011-12-29 10:39 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-29 11:11 . 2011-12-28 12:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-29 10:29 . 2011-12-29 10:29 166976 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-28 09:31 . 2011-12-28 09:31 319488 ----a-w- c:\windows\HideWin.exe
2011-11-28 18:01 . 2011-12-28 11:12 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-28 11:12 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-28 11:22 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2011-12-28 11:12 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-28 11:12 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2011-12-28 11:21 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2011-12-28 11:12 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-28 11:12 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-28 11:12 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-28 11:12 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-28 11:12 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-28 11:12 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-28 17:26 . 2011-12-28 11:21 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-25 21:57 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2001-10-25 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2001-10-25 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 17:06 . 2011-12-28 12:44 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-12-28 12:13 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 16:56 . 2011-12-28 12:13 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-16 14:21 . 2011-12-28 10:55 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2001-10-25 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 03:42 . 2009-01-14 07:14 7493120 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-11-10 03:34 . 2011-12-28 10:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-11-10 03:26 . 2012-01-04 08:58 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 03:26 . 2012-01-04 08:58 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 03:20 . 2012-01-04 08:58 7196672 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 03:06 . 2009-01-14 05:46 19210240 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:54 . 2011-12-28 10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 02:53 . 2009-01-14 04:47 304640 ----a-w- c:\windows\system32\ati2dvag.dll
2011-11-10 02:50 . 2009-01-14 04:22 5266624 ----a-w- c:\windows\system32\ati3duag.dll
2011-11-10 02:41 . 2012-01-04 08:58 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-11-10 02:32 . 2009-01-14 04:36 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 02:32 . 2009-01-14 04:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 02:32 . 2009-01-14 04:36 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-11-10 02:32 . 2009-01-14 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 02:31 . 2009-01-14 04:35 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2011-11-10 02:30 . 2009-01-14 04:34 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-10 02:30 . 2009-01-14 04:05 3303040 ----a-w- c:\windows\system32\ativvaxx.dll
2011-11-10 02:29 . 2009-01-14 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-11-10 02:27 . 2012-01-04 08:58 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 02:23 . 2009-01-14 03:45 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-11-10 02:20 . 2009-01-14 04:53 602112 ----a-w- c:\windows\system32\atiok3x2.dll
2011-11-10 02:18 . 2009-01-14 03:44 233472 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:18 . 2009-01-14 03:44 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-11-10 02:12 . 2009-01-14 03:37 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-11-10 02:12 . 2012-01-04 08:58 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:12 . 2009-01-14 03:50 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:12 . 2009-01-14 03:43 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 21:37 . 2011-11-09 21:37 44032 ----a-w- c:\windows\system32\OpenCL.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_15.50.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-03 15:21 . 2012-02-03 15:21 16384 c:\windows\Temp\Perflib_Perfdata_dfc.dat
+ 2012-02-03 15:21 . 2012-02-03 15:21 16384 c:\windows\Temp\Perflib_Perfdata_d5c.dat
+ 2001-10-25 12:00 . 2012-02-03 15:25 93390 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 93390 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-02-03 15:25 519782 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 519782 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-02-03 15:25 514942 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 514942 c:\windows\system32\perfh005.dat
+ 2001-10-25 12:00 . 2012-02-03 15:25 105172 c:\windows\system32\perfc005.dat
- 2001-10-25 12:00 . 2012-02-02 15:22 105172 c:\windows\system32\perfc005.dat
+ 2011-12-28 10:11 . 2012-02-03 09:36 179448 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2005-02-16 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 13:56 1763840 ----a-w- c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 17:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 17:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [28.12.2011 12:21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [28.12.2011 12:21 195416]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [28.12.2011 12:22 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.12.2011 12:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.12.2011 12:12 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10.1.2012 17:21 239168]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.12.2011 12:12 20568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [23.1.2012 19:52 793048]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [28.10.2010 19:31 2156952]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [28.12.2011 12:21 127192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-02 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-23 13:06]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E0A2D612-9559-4215-AAD7-1B34697AC779}: NameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6CECD6A3-55D5-D1F3-C348-EE754667ECF7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"e:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-02-03 16:41:49
ComboFix-quarantined-files.txt 2012-02-03 15:41
ComboFix2.txt 2012-02-03 09:59
ComboFix3.txt 2012-02-02 15:52
.
Před spuštěním: Volných bajtů: 52 612 964 352
Po spuštění: Volných bajtů: 52 596 580 352
.
- - End Of File - - 61F1789FDCF648431F787C126089F991


mám ještě něco udělat?
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 101 hostů