FCopy::
c:\documents and settings\Hondzik\Plocha\regedit.exe | c:\windows\regedit.exe
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zkoukněte mi log prosím mam nějakej zasekanej PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119429
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zkoukněte mi log prosím mam nějakej zasekanej PC
Nezdařilo se. Stáhněte přiložený soubor a rozbalte ho na plochu. Pak spusťte CF tímto skriptem:
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zkoukněte mi log prosím mam nějakej zasekanej PC
ComboFix 10-12-13.06 - Hondzik 14.12.2010 11:11:21.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.500 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hondzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hondzik\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hondzik\Data aplikací\PriceGong
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\z.xml
c:\windows\regedit.exe . . . je infikován!!
.
--------------- FCopy ---------------
c:\documents and settings\Hondzik\Plocha\regedit.exe --> c:\windows\regedit.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-14 do 2010-12-14 )))))))))))))))))))))))))))))))
.
2010-12-09 18:18 . 2010-12-09 18:18 -------- d-----w- C:\found.002
2010-12-09 09:08 . 2010-12-09 09:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Winter Sports 2009
2010-12-09 09:03 . 2010-12-09 09:05 -------- d-----w- c:\program files\RTL Winter Sports 2009
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- c:\program files\trend micro
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- C:\rsit
2010-12-08 18:53 . 2010-12-08 18:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-07 12:24 . 2010-12-07 12:24 -------- d-----w- c:\program files\directx
2010-12-07 12:13 . 2010-12-07 12:13 -------- d-----w- c:\program files\TONY HAWK+S PRO SKATER 2
2010-12-07 12:12 . 2010-12-09 11:01 -------- d-----w- c:\program files\Tony Hawk´s Pro Skater 2
2010-12-07 12:10 . 2010-12-07 12:10 -------- d-----w- c:\program files\Activision
2010-12-05 15:22 . 2010-12-05 15:22 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\PCHealth
2010-12-05 14:53 . 2008-04-14 08:51 727040 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-05 14:53 . 2008-04-14 00:01 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-12-05 13:10 . 2010-12-06 21:38 -------- d-----w- c:\program files\VirtualDJ
2010-12-04 21:53 . 2010-12-05 15:12 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Hamachi
2010-12-04 21:52 . 2010-12-04 21:53 -------- d-----w- c:\program files\Hamachi
2010-12-03 17:04 . 2005-11-17 14:46 337320 ----a-w- c:\windows\system32\difxapi.dll
2010-12-03 17:03 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-12-03 17:03 . 2010-12-03 17:03 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-12-03 17:03 . 2003-06-16 10:05 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-12-03 17:03 . 2003-05-27 15:45 3351 ----a-w- c:\windows\system32\drivers\vsp.sys
2010-12-03 17:03 . 2001-10-24 09:24 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-12-03 17:03 . 2001-10-24 09:24 98304 ----a-w- c:\windows\system32\a3d.dll
2010-12-03 16:53 . 2010-12-03 17:05 -------- d-----w- c:\program files\Setup Files
2010-12-03 16:47 . 2010-12-03 16:47 -------- d-----w- c:\program files\MSI
2010-12-03 16:20 . 2010-12-03 16:25 -------- d-----w- C:\TRANSLAT
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\LangSoft
2010-12-03 09:16 . 2010-12-03 09:16 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\WMTools Downloaded Files
2010-12-01 13:54 . 2010-12-03 14:45 -------- d-----w- c:\program files\PacIn
2010-12-01 12:31 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-01 12:31 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-01 12:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-01 12:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-12-01 12:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-01 12:23 . 2010-12-01 12:23 -------- d-----w- c:\program files\City Interactive
2010-12-01 11:52 . 2010-12-01 11:52 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\Deployment
2010-11-29 21:11 . 2010-11-29 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2010-11-29 20:21 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Leadertech
2010-11-29 07:58 . 2010-11-29 20:20 -------- d-----w- c:\program files\Driving Simulator 2009
2010-11-28 09:25 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Touchstone
2010-11-28 00:18 . 2010-11-28 00:18 -------- d-----w- c:\windows\system32\AGEIA
2010-11-28 00:18 . 2010-11-29 08:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-28 00:17 . 2010-11-29 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 65536 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2010-11-24 15:37 . 2010-11-24 15:37 57344 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2010-11-24 15:28 . 2010-11-24 15:28 -------- d-----w- c:\program files\Aspyr Media, Inc
2010-11-24 08:05 . 2010-11-24 08:05 -------- d-----w- c:\program files\Zuma Deluxe
2010-11-24 07:32 . 2010-11-24 08:04 -------- d-----w- c:\program files\Vietcong2
2010-11-23 13:00 . 2010-11-26 10:15 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-15 08:22 . 2010-11-15 08:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\THQ
2010-11-15 01:09 . 2010-11-15 01:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-11-15 01:01 . 2010-11-15 01:01 -------- d-----w- c:\program files\THQ
2010-11-15 01:01 . 2006-05-16 09:58 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-11-15 01:01 . 2006-05-16 09:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-11-15 01:01 . 2006-05-16 09:58 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 21:52 . 2009-09-23 07:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-08 12:24 . 2010-11-08 12:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-13 10:16 . 2010-09-30 19:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-09 07:16 . 2010-10-09 07:16 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-18 12:00 . 2010-09-18 11:56 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-09-18 12:00 . 2010-09-18 12:00 63818 ----a-w- c:\windows\BricoPackUninst.cmd
2010-09-18 12:00 . 2008-04-14 08:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-09-18 11:26 . 2010-09-18 11:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
------- Sigcheck -------
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_08.16.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-14 09:22 . 2010-12-14 09:22 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
- 2010-12-01 12:30 . 2010-12-01 12:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-14 08:52 . 2008-04-14 06:52 147968 c:\windows\system32\dllcache\regedit.exe
+ 2010-12-09 09:06 . 2010-12-09 09:06 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Walser"="c:\program files\Draxysoft\Wallpaper Sequencer\Walser.exe" [2008-10-16 1365504]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AIMP2"="c:\aimp2\AIMP2.exe" [2010-08-07 1262592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Hondzik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2010-12-3 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe"= c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\PacIn\\PacIn.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\program files\id Software\Quake 4\Quake4.exe"= c:\program files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:10.0.0.1/255.255.255.255:Enabled:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 12:26 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 20:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 20:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 20:07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2010 12:40 247096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.9.2010 12:32 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8.11.2010 13:34 122504]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [3.12.2010 17:47 9216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [3.12.2010 18:03 3351]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 11:19
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-14 11:23:00
ComboFix-quarantined-files.txt 2010-12-14 10:22
ComboFix2.txt 2010-12-12 01:33
ComboFix3.txt 2010-12-11 18:08
ComboFix4.txt 2010-12-09 21:46
ComboFix5.txt 2010-12-14 10:09
Před spuštěním: Volných bajtů: 72 664 002 560
Po spuštění: Volných bajtů: 72 658 964 480
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 1F06ECA259A19A1B351128DD582B49D9
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.500 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hondzik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hondzik\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hondzik\Data aplikací\PriceGong
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Hondzik\Data aplikací\PriceGong\Data\z.xml
c:\windows\regedit.exe . . . je infikován!!
.
--------------- FCopy ---------------
c:\documents and settings\Hondzik\Plocha\regedit.exe --> c:\windows\regedit.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-14 do 2010-12-14 )))))))))))))))))))))))))))))))
.
2010-12-09 18:18 . 2010-12-09 18:18 -------- d-----w- C:\found.002
2010-12-09 09:08 . 2010-12-09 09:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Winter Sports 2009
2010-12-09 09:03 . 2010-12-09 09:05 -------- d-----w- c:\program files\RTL Winter Sports 2009
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- c:\program files\trend micro
2010-12-08 19:08 . 2010-12-08 19:09 -------- d-----w- C:\rsit
2010-12-08 18:53 . 2010-12-08 18:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-07 12:24 . 2010-12-07 12:24 -------- d-----w- c:\program files\directx
2010-12-07 12:13 . 2010-12-07 12:13 -------- d-----w- c:\program files\TONY HAWK+S PRO SKATER 2
2010-12-07 12:12 . 2010-12-09 11:01 -------- d-----w- c:\program files\Tony Hawk´s Pro Skater 2
2010-12-07 12:10 . 2010-12-07 12:10 -------- d-----w- c:\program files\Activision
2010-12-05 15:22 . 2010-12-05 15:22 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\PCHealth
2010-12-05 14:53 . 2008-04-14 08:51 727040 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-05 14:53 . 2008-04-14 00:01 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-12-05 13:10 . 2010-12-06 21:38 -------- d-----w- c:\program files\VirtualDJ
2010-12-04 21:53 . 2010-12-05 15:12 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Hamachi
2010-12-04 21:52 . 2010-12-04 21:53 -------- d-----w- c:\program files\Hamachi
2010-12-03 17:04 . 2005-11-17 14:46 337320 ----a-w- c:\windows\system32\difxapi.dll
2010-12-03 17:03 . 2003-07-04 22:14 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-12-03 17:03 . 2010-12-03 17:03 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-12-03 17:03 . 2003-06-16 10:05 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-12-03 17:03 . 2003-05-27 15:45 3351 ----a-w- c:\windows\system32\drivers\vsp.sys
2010-12-03 17:03 . 2001-10-24 09:24 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2010-12-03 17:03 . 2001-10-24 09:24 98304 ----a-w- c:\windows\system32\a3d.dll
2010-12-03 16:53 . 2010-12-03 17:05 -------- d-----w- c:\program files\Setup Files
2010-12-03 16:47 . 2010-12-03 16:47 -------- d-----w- c:\program files\MSI
2010-12-03 16:20 . 2010-12-03 16:25 -------- d-----w- C:\TRANSLAT
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2010-12-03 16:20 . 2010-12-03 16:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\LangSoft
2010-12-03 09:16 . 2010-12-03 09:16 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\WMTools Downloaded Files
2010-12-01 13:54 . 2010-12-03 14:45 -------- d-----w- c:\program files\PacIn
2010-12-01 12:31 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-12-01 12:31 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-12-01 12:31 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-12-01 12:31 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-01 12:31 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-12-01 12:31 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-12-01 12:31 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-01 12:23 . 2010-12-01 12:23 -------- d-----w- c:\program files\City Interactive
2010-12-01 11:52 . 2010-12-01 11:52 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\Deployment
2010-11-29 21:11 . 2010-11-29 21:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2010-11-29 20:21 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Leadertech
2010-11-29 07:58 . 2010-11-29 20:20 -------- d-----w- c:\program files\Driving Simulator 2009
2010-11-28 09:25 . 2010-11-29 20:21 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\Touchstone
2010-11-28 00:18 . 2010-11-28 00:18 -------- d-----w- c:\windows\system32\AGEIA
2010-11-28 00:18 . 2010-11-29 08:39 -------- d-----w- c:\program files\AGEIA Technologies
2010-11-28 00:17 . 2010-11-29 08:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 65536 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2010-11-24 15:37 . 2010-11-24 15:37 61440 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2010-11-24 15:37 . 2010-11-24 15:37 57344 ----a-r- c:\documents and settings\Hondzik\Data aplikací\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2010-11-24 15:28 . 2010-11-24 15:28 -------- d-----w- c:\program files\Aspyr Media, Inc
2010-11-24 08:05 . 2010-11-24 08:05 -------- d-----w- c:\program files\Zuma Deluxe
2010-11-24 07:32 . 2010-11-24 08:04 -------- d-----w- c:\program files\Vietcong2
2010-11-23 13:00 . 2010-11-26 10:15 -------- d-----w- c:\documents and settings\Hondzik\Local Settings\Data aplikací\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 -------- d-----w- c:\program files\ConduitEngine
2010-11-23 13:00 . 2010-11-23 13:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-15 08:22 . 2010-11-15 08:22 -------- d-----w- c:\documents and settings\Hondzik\Data aplikací\THQ
2010-11-15 01:09 . 2010-11-15 01:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallShield
2010-11-15 01:01 . 2010-11-15 01:01 -------- d-----w- c:\program files\THQ
2010-11-15 01:01 . 2006-05-16 09:58 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2010-11-15 01:01 . 2006-05-16 09:58 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2010-11-15 01:01 . 2006-05-16 09:58 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 21:52 . 2009-09-23 07:41 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-11-08 12:24 . 2010-11-08 12:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-13 10:16 . 2010-09-30 19:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-09 07:16 . 2010-10-09 07:16 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2010-09-18 12:00 . 2010-09-18 11:56 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-09-18 12:00 . 2010-09-18 12:00 63818 ----a-w- c:\windows\BricoPackUninst.cmd
2010-09-18 12:00 . 2008-04-14 08:52 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-09-18 11:26 . 2010-09-18 11:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
------- Sigcheck -------
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2010-09-09 . CA15720E7B3B8FD2E7F12C8A635A6308 . 3601920 . . [7.00.6000.17092] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\mshtml.dll
[-] 2010-09-09 . C5BC248010B1B6346314AE420D7ED454 . 3605504 . . [7.00.6000.21294] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[-] 2008-03-01 . 1DD7591221D8489E79E902EFB863C60B . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-03-01 . AA61A6FAA4D691A6ED38FC1099EDE19B . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2010-09-09 . 41DD413E4546E25E0D0C5B8B7DEE1967 . 832512 . . [7.00.6000.17091] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3gdr\wininet.dll
[-] 2010-09-09 . 40B58A838D691766E19FA3C21B16EC41 . 841216 . . [7.00.6000.21293] . . c:\windows\SoftwareDistribution\Download\6eeee8aef4c41b3f7820b53cbdf2ae3a\sp3qfe\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[-] 2008-03-01 . DAF3BDEEBFADFF5D423310983D648291 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-03-01 . 46A1A52EB6C86344C6EBF65B17404C90 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-09_08.16.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-14 09:22 . 2010-12-14 09:22 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
- 2010-12-01 12:30 . 2010-12-01 12:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-14 08:52 . 2008-04-14 06:52 147968 c:\windows\system32\dllcache\regedit.exe
+ 2010-12-09 09:06 . 2010-12-09 09:06 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-09 09:06 . 2010-12-09 09:06 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-01 12:30 . 2010-12-01 12:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Walser"="c:\program files\Draxysoft\Wallpaper Sequencer\Walser.exe" [2008-10-16 1365504]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AIMP2"="c:\aimp2\AIMP2.exe" [2010-08-07 1262592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2004-02-24 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\Hondzik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2010-12-3 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe"= c:\program files\Adobe\Adobe Photoshop CS4\Photoshop.exe:10.0.0.1/255.255.255.255:Enabled:Adobe Photoshop CS4
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\PacIn\\PacIn.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\program files\id Software\Quake 4\Quake4.exe"= c:\program files\id Software\Quake 4\Quake4.exe:192.168.1.1/255.255.255.255:Enabled:Quake 4
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:10.0.0.1/255.255.255.255:Enabled:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 12:26 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 20:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 20:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 20:07 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6.12.2010 8:31 1238408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.9.2010 12:40 247096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.9.2010 12:32 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8.11.2010 13:34 122504]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [3.12.2010 17:47 9216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [3.12.2010 18:03 3351]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
2010-12-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube Download - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Hondzik\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hondzik\Data aplikací\Mozilla\Firefox\Profiles\eekw1szj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 11:19
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-14 11:23:00
ComboFix-quarantined-files.txt 2010-12-14 10:22
ComboFix2.txt 2010-12-12 01:33
ComboFix3.txt 2010-12-11 18:08
ComboFix4.txt 2010-12-09 21:46
ComboFix5.txt 2010-12-14 10:09
Před spuštěním: Volných bajtů: 72 664 002 560
Po spuštění: Volných bajtů: 72 658 964 480
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 1F06ECA259A19A1B351128DD582B49D9
-
Rudy
- Site Admin
- Příspěvky: 119429
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zkoukněte mi log prosím mam nějakej zasekanej PC
Ještě proveďte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?