Log z RSIT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:20:39, on 29.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TableNinja\TableNinja.exe
C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe
C:\Program Files\RVG Software\Holdem Manager\HMImport.exe
C:\Program Files\RVG Software\Holdem Manager\HMHud.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elite\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Petas\Download\RSIT.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\trend micro\Elite.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6109] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4565] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6164] command.com /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9976] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [SpybotDeletingB1578] command.com /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5149] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5427] command.com /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4605] cmd.exe /c del "C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat"
O4 - HKUS\S-1-5-21-3499907369-2792925310-1543200893-1012\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3499907369-2792925310-1543200893-1012\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'postgres')
O4 - HKUS\S-1-5-21-3499907369-2792925310-1543200893-1012\..\Run: [Google Update] "C:\Users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'postgres')
O4 - HKUS\S-1-5-21-3499907369-2792925310-1543200893-1012\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C908C5D7-780C-4EE9-B3AA-B84AB2C49A88}: NameServer = 213.250.192.1,213.250.194.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
--
End of file - 10932 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3499907369-2792925310-1543200893-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3499907369-2792925310-1543200893-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-09-09 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-10-05 68280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-10-05 191160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-09-09 798771]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"TortoiseHgOverlayIconServer"=C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"reset"=regedit /s reset.reg []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-11-30 9914984]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-02 365336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA6109"=command.com /c del C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE []
"SpybotDeletingC4565"=cmd.exe /c del C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE []
"SpybotDeletingA6164"=command.com /c del C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat []
"SpybotDeletingC9976"=cmd.exe /c del C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
"ares"=C:\Program Files\Ares\Ares.exe -h []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB1578"=command.com /c del C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE []
"SpybotDeletingD5149"=cmd.exe /c del C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE []
"SpybotDeletingB5427"=command.com /c del C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat []
"SpybotDeletingD4605"=cmd.exe /c del C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Elite\AppData\Roaming\uTorrent\utorrent.exe [2009-11-25 289584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Elite^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2010-10-05 228024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2011-01-29 20:11:26 ----D---- C:\rsit
2011-01-29 18:00:49 ----D---- C:\Windows\system32\Adobe
2011-01-29 17:47:09 ----A---- C:\Windows\system32\BtwRSupport.dll
2011-01-29 17:46:43 ----D---- C:\Windows\system32\es-MX
2011-01-29 17:46:43 ----D---- C:\Windows\system32\es-AR
2011-01-29 17:46:35 ----D---- C:\Program Files\WIDCOMM
2011-01-29 15:09:47 ----A---- C:\Windows\wininit.ini
2011-01-29 11:14:08 ----D---- C:\ProgramData\SPC
2011-01-27 19:15:24 ----D---- C:\Users\Elite\AppData\Roaming\MaskMyIP
2011-01-27 19:15:24 ----D---- C:\ProgramData\MaskMyIP
2011-01-27 19:13:14 ----D---- C:\Users\Elite\AppData\Roaming\SuperHideIP
2011-01-27 19:13:14 ----D---- C:\ProgramData\SuperHideIP
2011-01-27 19:05:43 ----D---- C:\Users\Elite\AppData\Roaming\H__Petas_Download_AutoHideIP.exe
2011-01-27 19:05:43 ----D---- C:\ProgramData\H__Petas_Download_AutoHideIP.exe
2011-01-24 16:01:46 ----D---- C:\Users\Elite\AppData\Roaming\Camfrog
2011-01-19 21:23:17 ----A---- C:\Windows\system32\pokerstove.txt
2011-01-18 21:11:20 ----D---- C:\ProgramData\Kaspersky Lab
2011-01-18 21:11:20 ----D---- C:\Program Files\Kaspersky Lab
2011-01-18 21:04:05 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2011-01-16 09:26:11 ----D---- C:\ProgramData\Malwarebytes
2011-01-16 09:26:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-02 13:54:28 ----D---- C:\Program Files\PokerStove
======List of files/folders modified in the last 1 months======
2011-01-29 20:20:24 ----D---- C:\Windows\temp
2011-01-29 20:20:24 ----D---- C:\Program Files\trend micro
2011-01-29 18:06:40 ----D---- C:\Users\Elite\AppData\Roaming\Vso
2011-01-29 18:00:49 ----D---- C:\Windows\System32
2011-01-29 17:49:33 ----SHD---- C:\Windows\Installer
2011-01-29 17:49:05 ----D---- C:\Windows\system32\catroot
2011-01-29 17:49:04 ----D---- C:\Windows\system32\DriverStore
2011-01-29 17:49:02 ----D---- C:\Windows\inf
2011-01-29 17:47:10 ----SD---- C:\Windows\system32\Microsoft
2011-01-29 17:46:46 ----D---- C:\Windows\system32\zh-TW
2011-01-29 17:46:46 ----D---- C:\Windows\system32\zh-CN
2011-01-29 17:46:46 ----D---- C:\Windows\system32\sv-SE
2011-01-29 17:46:46 ----D---- C:\Windows\system32\ru-RU
2011-01-29 17:46:45 ----D---- C:\Windows\system32\pt-BR
2011-01-29 17:46:45 ----D---- C:\Windows\system32\pl-PL
2011-01-29 17:46:45 ----D---- C:\Windows\system32\nl-NL
2011-01-29 17:46:44 ----D---- C:\Windows\system32\nb-NO
2011-01-29 17:46:44 ----D---- C:\Windows\system32\ko-KR
2011-01-29 17:46:44 ----D---- C:\Windows\system32\ja-JP
2011-01-29 17:46:44 ----D---- C:\Windows\system32\it-IT
2011-01-29 17:46:43 ----D---- C:\Windows\system32\fr-FR
2011-01-29 17:46:43 ----D---- C:\Windows\system32\es-ES
2011-01-29 17:46:43 ----D---- C:\Windows\system32\en-US
2011-01-29 17:46:43 ----D---- C:\Windows\system32\de-DE
2011-01-29 17:46:43 ----D---- C:\Windows\system32\da-DK
2011-01-29 17:46:42 ----D---- C:\Windows\system32\fi-FI
2011-01-29 17:46:36 ----D---- C:\Windows
2011-01-29 17:46:35 ----RD---- C:\Program Files
2011-01-29 13:50:24 ----A---- C:\driverlog.txt
2011-01-29 13:41:55 ----D---- C:\Program Files\TortoiseHg
2011-01-29 11:14:08 ----D---- C:\ProgramData
2011-01-29 08:54:15 ----D---- C:\Program Files\TableNinja
2011-01-29 08:43:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-28 00:12:43 ----D---- C:\Users\Elite\AppData\Roaming\uTorrent
2011-01-27 19:06:10 ----D---- C:\Program Files\Mozilla Firefox
2011-01-26 15:34:33 ----D---- C:\Windows\Prefetch
2011-01-24 16:00:31 ----D---- C:\Users\Elite\AppData\Roaming\Mozilla
2011-01-24 14:51:18 ----SHD---- C:\System Volume Information
2011-01-23 20:35:16 ----D---- C:\Windows\system32\config
2011-01-22 12:08:21 ----D---- C:\Users\Elite\AppData\Roaming\ICQ
2011-01-20 20:24:18 ----D---- C:\Windows\system32\Tasks
2011-01-20 20:24:16 ----D---- C:\Users\Elite\AppData\Roaming\Skype
2011-01-20 20:24:16 ----D---- C:\Program Files\Common Files
2011-01-20 20:23:27 ----D---- C:\Windows\system32\drivers
2011-01-17 07:37:18 ----D---- C:\Windows\sk-SK
2011-01-15 09:18:58 ----D---- C:\Windows\system32\catroot2
2011-01-14 20:47:11 ----D---- C:\Windows\system32\LogFiles
2011-01-12 15:20:58 ----D---- C:\Windows\Minidump
2011-01-07 19:29:23 ----D---- C:\Users\Elite\AppData\Roaming\Mumble
2011-01-07 18:22:27 ----D---- C:\Program Files\ICQ7.2
2011-01-01 09:07:41 ----D---- C:\HMArchive
2010-12-30 07:37:35 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-13 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-10-01 488536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-10-08 231248]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-07-14 117248]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-12-24 6650368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-12-24 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-12-24 102416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-11-30 3317800]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-01-29 47360]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-11-27 233472]
S3 a9b52zap;a9b52zap; C:\Windows\system32\drivers\a9b52zap.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 108560]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-12-24 6650368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Elite\AppData\Local\Temp\catchme.sys []
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-04-11 16608]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 ip100Avista;ASUS NX1001 Network Adapter NT Driver; C:\Windows\system32\DRIVERS\ipfnd51.sys [2010-04-16 29696]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-12-24 176128]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-02 365336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-10-14 555560]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-12-12 66872]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe /service msvsmon90 []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o preventivni kontrolu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o preventivni kontrolu.
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o preventivni kontrolu.
ComboFix 11-01-31.01 - Elite 31.01.2011 21:46:52.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2136 [GMT 1:00]
Spuštěný z: h:\petas\Download\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-31 )))))))))))))))))))))))))))))))
.
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres.Elite-PC\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres.Elite-PC.001\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres.Elite-PC.000\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Pool\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Host\AppData\Local\temp
2011-01-31 16:28 . 2011-01-31 16:28 -------- d-----w- c:\program files\Ares
2011-01-29 20:18 . 2011-01-29 20:18 -------- d-----w- c:\program files\Astonsoft
2011-01-29 17:00 . 2011-01-29 17:00 -------- d-----w- c:\windows\system32\Adobe
2011-01-29 16:47 . 2008-10-14 15:02 225280 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----w- c:\windows\system32\es-MX
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----w- c:\windows\system32\es-AR
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----w- c:\program files\WIDCOMM
2011-01-29 10:14 . 2011-01-29 10:16 -------- d-----w- c:\programdata\SPC
2011-01-27 18:15 . 2011-01-27 18:15 -------- d-----w- c:\users\Elite\AppData\Roaming\MaskMyIP
2011-01-27 18:15 . 2011-01-27 18:15 -------- d-----w- c:\programdata\MaskMyIP
2011-01-27 18:13 . 2011-01-27 18:13 -------- d-----w- c:\users\Elite\AppData\Roaming\SuperHideIP
2011-01-27 18:13 . 2011-01-27 18:13 -------- d-----w- c:\programdata\SuperHideIP
2011-01-27 18:05 . 2011-01-27 18:05 -------- d-----w- c:\users\Elite\AppData\Roaming\H__Petas_Download_AutoHideIP.exe
2011-01-27 18:05 . 2011-01-27 18:05 -------- d-----w- c:\programdata\H__Petas_Download_AutoHideIP.exe
2011-01-26 21:22 . 2011-01-26 21:37 -------- d-----w- c:\users\Elite\AppData\Local\Ares
2011-01-24 15:01 . 2011-01-24 15:02 -------- d-----w- c:\users\Elite\AppData\Roaming\Camfrog
2011-01-24 15:01 . 2011-01-24 15:01 -------- d-----w- c:\users\Elite\AppData\Local\CrashRpt
2011-01-18 20:17 . 2010-10-05 19:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-01-18 20:12 . 2010-10-05 19:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-01-18 20:12 . 2011-01-18 20:37 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-18 20:12 . 2011-01-18 20:37 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-18 20:11 . 2011-01-31 20:14 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-18 20:11 . 2011-01-18 20:11 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-18 20:04 . 2011-01-18 20:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-01-16 08:26 . 2011-01-16 08:26 -------- d-----w- c:\programdata\Malwarebytes
2011-01-16 08:26 . 2011-01-21 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 12:54 . 2011-01-02 12:54 -------- d-----w- c:\program files\PokerStove
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 14:15 . 2010-12-24 14:15 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-12-24 14:15 . 2010-12-24 14:14 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-12-24 14:15 . 2010-05-27 17:02 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-12-24 14:15 . 2010-12-24 14:15 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-12-24 14:15 . 2010-12-24 14:15 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-24 14:15 . 2010-12-24 14:15 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-12-24 14:14 . 2010-12-24 14:14 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-12-24 14:14 . 2010-05-27 16:37 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-12-24 14:14 . 2010-12-24 14:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-12-24 14:14 . 2010-12-24 14:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-12-24 14:14 . 2010-05-27 16:31 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-12-24 14:14 . 2010-12-24 14:14 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-12-24 14:14 . 2010-12-24 14:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-12-24 14:14 . 2009-07-13 22:09 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-12-24 14:13 . 2010-12-24 14:13 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-12-24 14:13 . 2010-12-24 14:13 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-12-24 14:13 . 2010-12-24 14:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-12-24 14:13 . 2010-12-24 14:13 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-12-24 14:13 . 2010-12-24 14:12 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-12-24 14:13 . 2010-05-27 16:24 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-12-24 14:13 . 2010-12-24 14:13 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-12-24 14:13 . 2010-05-27 16:35 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-24 14:13 . 2010-12-24 14:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-12-24 14:13 . 2010-12-24 14:12 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-12-24 14:12 . 2010-12-24 14:12 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-12-24 14:12 . 2010-12-24 14:12 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-12-24 14:12 . 2010-12-24 14:12 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-12-24 14:12 . 2010-12-24 14:12 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-12-24 14:12 . 2010-12-24 14:12 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2010-12-24 14:12 . 2010-12-24 14:12 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-12-24 14:12 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-12-12 12:26 . 2010-12-12 12:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-12 12:26 . 2010-12-12 12:26 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 12:26 . 2010-12-12 12:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-11 15:04 . 2010-07-09 15:20 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-11 15:04 . 2010-07-09 15:15 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-05 15:50 . 2010-09-04 08:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-30 16:06 . 2010-12-24 15:49 3317800 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-11-24 13:24 . 2010-12-24 15:49 3790440 ----a-w- c:\windows\system32\RtkAPO.dll
2010-11-24 13:24 . 2010-12-24 15:49 1976936 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-11-22 10:39 . 2010-12-24 15:49 469608 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-11-11 12:27 . 2010-12-24 15:49 69224 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-11-08 06:31 . 2010-12-24 15:49 78680 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-11-08 06:31 . 2010-12-24 15:49 359768 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-11-08 06:31 . 2010-12-24 15:49 64856 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-11-08 06:31 . 2010-12-24 15:49 295768 ----a-w- c:\windows\system32\RP3DHT32.dll
2010-11-08 06:31 . 2010-12-24 15:49 295768 ----a-w- c:\windows\system32\RP3DAA32.dll
2010-11-08 06:31 . 2010-12-24 15:49 170840 ----a-w- c:\windows\system32\RTEED32A.dll
2010-11-03 17:27 . 2010-12-24 15:49 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-17 135664]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^Elite^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-17 21:04 135664 ----atw- c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-11-25 20:34 289584 ----a-w- c:\users\Elite\AppData\Roaming\uTorrent\utorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
R3 ip100Avista;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2010-04-16 29696]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-24 176128]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-24 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-24 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-24 102416]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-27 233472]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-29 09:14]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499907369-2792925310-1543200893-1000Core.job
- c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 21:04]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499907369-2792925310-1543200893-1000UA.job
- c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 21:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: {C908C5D7-780C-4EE9-B3AA-B84AB2C49A88} = 213.250.192.1,213.250.194.1
FF - ProfilePath - c:\users\Elite\AppData\Roaming\Mozilla\Firefox\Profiles\rmdqw2uu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.socks - 119.145.69.5
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL poradce: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Auto Hide IP: support@auto-hide-ip.com - %profile%\extensions\support@auto-hide-ip.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Super Hide IP: support@super-hide-ip.com - %profile%\extensions\support@super-hide-ip.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TortoiseHgOverlayIconServer - c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-Steam - h:\progra~1\Steam\UNWISE.EXE
AddRemove-Super Internet TV (Premium Edition)_is1 - h:\program files\Super Internet TV\unins000.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3499907369-2792925310-1543200893-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,5b,e4,fd,57,29,07,00,f7,7b,39,53,61,03,4e,16,6f,c0,fa,a1,b1,
44,dc,db,93,9b,19,49,55,7a,79,6d,d9,54,c6,e3,30,39,a8,db,f7,b7,fb,67,59,55,\
"rkeysecu"=hex:bf,0c,7b,99,b1,02,71,68,69,a7,5b,68,74,a6,41,4a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-31 21:54:29
ComboFix-quarantined-files.txt 2011-01-31 20:54
ComboFix2.txt 2010-12-22 17:48
ComboFix3.txt 2009-12-23 19:48
Před spuštěním: 2 726 072 320
Po spuštění: 2 702 229 504
- - End Of File - - C24E4B8679EC4FFC6D53602011308A86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3582.2136 [GMT 1:00]
Spuštěný z: h:\petas\Download\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-28 do 2011-01-31 )))))))))))))))))))))))))))))))
.
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres.Elite-PC\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres.Elite-PC.001\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\postgres.Elite-PC.000\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Pool\AppData\Local\temp
2011-01-31 20:52 . 2011-01-31 20:52 -------- d-----w- c:\users\Host\AppData\Local\temp
2011-01-31 16:28 . 2011-01-31 16:28 -------- d-----w- c:\program files\Ares
2011-01-29 20:18 . 2011-01-29 20:18 -------- d-----w- c:\program files\Astonsoft
2011-01-29 17:00 . 2011-01-29 17:00 -------- d-----w- c:\windows\system32\Adobe
2011-01-29 16:47 . 2008-10-14 15:02 225280 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----w- c:\windows\system32\es-MX
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----w- c:\windows\system32\es-AR
2011-01-29 16:46 . 2011-01-29 16:46 -------- d-----w- c:\program files\WIDCOMM
2011-01-29 10:14 . 2011-01-29 10:16 -------- d-----w- c:\programdata\SPC
2011-01-27 18:15 . 2011-01-27 18:15 -------- d-----w- c:\users\Elite\AppData\Roaming\MaskMyIP
2011-01-27 18:15 . 2011-01-27 18:15 -------- d-----w- c:\programdata\MaskMyIP
2011-01-27 18:13 . 2011-01-27 18:13 -------- d-----w- c:\users\Elite\AppData\Roaming\SuperHideIP
2011-01-27 18:13 . 2011-01-27 18:13 -------- d-----w- c:\programdata\SuperHideIP
2011-01-27 18:05 . 2011-01-27 18:05 -------- d-----w- c:\users\Elite\AppData\Roaming\H__Petas_Download_AutoHideIP.exe
2011-01-27 18:05 . 2011-01-27 18:05 -------- d-----w- c:\programdata\H__Petas_Download_AutoHideIP.exe
2011-01-26 21:22 . 2011-01-26 21:37 -------- d-----w- c:\users\Elite\AppData\Local\Ares
2011-01-24 15:01 . 2011-01-24 15:02 -------- d-----w- c:\users\Elite\AppData\Roaming\Camfrog
2011-01-24 15:01 . 2011-01-24 15:01 -------- d-----w- c:\users\Elite\AppData\Local\CrashRpt
2011-01-18 20:17 . 2010-10-05 19:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-01-18 20:12 . 2010-10-05 19:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-01-18 20:12 . 2011-01-18 20:37 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-18 20:12 . 2011-01-18 20:37 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-18 20:11 . 2011-01-31 20:14 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-18 20:11 . 2011-01-18 20:11 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-18 20:04 . 2011-01-18 20:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-01-16 08:26 . 2011-01-16 08:26 -------- d-----w- c:\programdata\Malwarebytes
2011-01-16 08:26 . 2011-01-21 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 12:54 . 2011-01-02 12:54 -------- d-----w- c:\program files\PokerStove
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 14:15 . 2010-12-24 14:15 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
2010-12-24 14:15 . 2010-12-24 14:14 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-12-24 14:15 . 2010-05-27 17:02 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-12-24 14:15 . 2010-12-24 14:15 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-12-24 14:15 . 2010-12-24 14:15 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-24 14:15 . 2010-12-24 14:15 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-12-24 14:14 . 2010-12-24 14:14 294912 ----a-w- c:\windows\system32\ATIODE.exe
2010-12-24 14:14 . 2010-05-27 16:37 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-12-24 14:14 . 2010-12-24 14:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-12-24 14:14 . 2010-12-24 14:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-12-24 14:14 . 2010-05-27 16:31 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-12-24 14:14 . 2010-12-24 14:14 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-12-24 14:14 . 2010-12-24 14:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-12-24 14:14 . 2009-07-13 22:09 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-12-24 14:13 . 2010-12-24 14:13 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-12-24 14:13 . 2010-12-24 14:13 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-12-24 14:13 . 2010-12-24 14:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-12-24 14:13 . 2010-12-24 14:13 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-12-24 14:13 . 2010-12-24 14:12 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-12-24 14:13 . 2010-05-27 16:24 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-12-24 14:13 . 2010-12-24 14:13 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-12-24 14:13 . 2010-05-27 16:35 52736 ----a-w- c:\windows\system32\coinst.dll
2010-12-24 14:13 . 2010-12-24 14:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-12-24 14:13 . 2010-12-24 14:12 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-12-24 14:12 . 2010-12-24 14:12 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-12-24 14:12 . 2010-12-24 14:12 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-12-24 14:12 . 2010-12-24 14:12 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-12-24 14:12 . 2010-12-24 14:12 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-12-24 14:12 . 2010-12-24 14:12 102416 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2010-12-24 14:12 . 2010-12-24 14:12 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-12-24 14:12 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-12-12 12:26 . 2010-12-12 12:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-12 12:26 . 2010-12-12 12:26 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 12:26 . 2010-12-12 12:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-11 15:04 . 2010-07-09 15:20 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-11 15:04 . 2010-07-09 15:15 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-05 15:50 . 2010-09-04 08:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-30 16:06 . 2010-12-24 15:49 3317800 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-11-24 13:24 . 2010-12-24 15:49 3790440 ----a-w- c:\windows\system32\RtkAPO.dll
2010-11-24 13:24 . 2010-12-24 15:49 1976936 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-11-22 10:39 . 2010-12-24 15:49 469608 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-11-11 12:27 . 2010-12-24 15:49 69224 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-11-08 06:31 . 2010-12-24 15:49 78680 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-11-08 06:31 . 2010-12-24 15:49 359768 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-11-08 06:31 . 2010-12-24 15:49 64856 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-11-08 06:31 . 2010-12-24 15:49 295768 ----a-w- c:\windows\system32\RP3DHT32.dll
2010-11-08 06:31 . 2010-12-24 15:49 295768 ----a-w- c:\windows\system32\RP3DAA32.dll
2010-11-08 06:31 . 2010-12-24 15:49 170840 ----a-w- c:\windows\system32\RTEED32A.dll
2010-11-03 17:27 . 2010-12-24 15:49 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-17 135664]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^Elite^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-17 21:04 135664 ----atw- c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-11-25 20:34 289584 ----a-w- c:\users\Elite\AppData\Roaming\uTorrent\utorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
R3 ip100Avista;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2010-04-16 29696]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-24 176128]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-24 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-24 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-12-24 102416]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-27 233472]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-29 09:14]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499907369-2792925310-1543200893-1000Core.job
- c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 21:04]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3499907369-2792925310-1543200893-1000UA.job
- c:\users\Elite\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 21:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: {C908C5D7-780C-4EE9-B3AA-B84AB2C49A88} = 213.250.192.1,213.250.194.1
FF - ProfilePath - c:\users\Elite\AppData\Roaming\Mozilla\Firefox\Profiles\rmdqw2uu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.socks - 119.145.69.5
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL poradce: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Auto Hide IP: support@auto-hide-ip.com - %profile%\extensions\support@auto-hide-ip.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Super Hide IP: support@super-hide-ip.com - %profile%\extensions\support@super-hide-ip.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TortoiseHgOverlayIconServer - c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-Steam - h:\progra~1\Steam\UNWISE.EXE
AddRemove-Super Internet TV (Premium Edition)_is1 - h:\program files\Super Internet TV\unins000.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3499907369-2792925310-1543200893-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,5b,e4,fd,57,29,07,00,f7,7b,39,53,61,03,4e,16,6f,c0,fa,a1,b1,
44,dc,db,93,9b,19,49,55,7a,79,6d,d9,54,c6,e3,30,39,a8,db,f7,b7,fb,67,59,55,\
"rkeysecu"=hex:bf,0c,7b,99,b1,02,71,68,69,a7,5b,68,74,a6,41,4a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-31 21:54:29
ComboFix-quarantined-files.txt 2011-01-31 20:54
ComboFix2.txt 2010-12-22 17:48
ComboFix3.txt 2009-12-23 19:48
Před spuštěním: 2 726 072 320
Po spuštění: 2 702 229 504
- - End Of File - - C24E4B8679EC4FFC6D53602011308A86
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o preventivni kontrolu.
Několik položek bylo smazáno, zbytek logu vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o preventivni kontrolu.
Dekuji, chtel bych se jeste zeptat, zda toto odhali i keyloggery ? mam podezreni, ze jich nekolik na PC mam.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o preventivni kontrolu.
Většinu keyloggerů CF odhalí. Žádný tam ale nevidím, nebo alespoň neběží. Kdyby tomu tak bylo, nechal bych je smazat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?