Security tool
Napsal: 02 srp 2010 22:11
Zdravím. Můj počítač byl nakažen tímto virem potřeboval bych poradit jak s ním zkoncovat.
Stránka 1 z 1
Re: Security tool
Napsal: 02 srp 2010 22:12
Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .
Re: Security tool
Napsal: 02 srp 2010 22:14
RSIT nejde spustit... Vir ho vždy zablokuje
Re: Security tool
Napsal: 02 srp 2010 22:18
Omlouvám se za vstup
Zkuste to v nouzovém režimu (po restartu mačkejte F8 - nouzový režim)
Zkuste to v nouzovém režimu (po restartu mačkejte F8 - nouzový režim)
Re: Security tool
Napsal: 02 srp 2010 22:23
V nouzoném režimu to funguje (díky) tady to je:
Logfile of random's system information tool 1.08 (written by random/random)
Run by František at 2010-08-02 23:17:46
Microsoft Windows 7 Home Premium
System drive C: has 146 GB (56%) free of 260 GB
Total RAM: 3325 MB (79% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-06-29 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-28 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-28 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-28 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-18 7711264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-10 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-04-07 79360]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-12 2048352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-03-25 2924544]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-06-28 133368]
"PlayNC Launcher"= []
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-28 39408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"28212141"=C:\Users\František\AppData\Local\28212141.exe [2010-08-02 1016832]
C:\Users\František\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registration Assassin.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-02 23:17:47 ----D---- C:\Program Files\trend micro
2010-08-02 23:13:10 ----D---- C:\rsit
2010-08-02 22:52:29 ----A---- C:\Windows\ntbtlog.txt
2010-07-28 14:12:59 ----D---- C:\ProgramData\Electronic Arts
2010-07-28 14:04:34 ----D---- C:\Program Files\EA Games
2010-07-28 14:03:09 ----D---- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-07-28 13:54:21 ----D---- C:\Users\František\AppData\Roaming\Google
2010-07-28 13:54:18 ----D---- C:\Downloads
2010-07-28 13:53:46 ----D---- C:\Users\František\AppData\Roaming\BitComet
2010-07-28 13:53:45 ----D---- C:\Program Files\BitComet
2010-07-28 13:53:41 ----D---- C:\ProgramData\Google
2010-07-28 13:53:41 ----D---- C:\Program Files\Google
2010-07-28 00:58:28 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-07-28 00:58:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-07-28 00:58:25 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-07-28 00:58:25 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-07-28 00:58:25 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-07-28 00:58:23 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-07-28 00:58:23 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-07-28 00:58:21 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-07-28 00:58:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-07-28 00:58:21 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-07-28 00:58:18 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-07-28 00:58:18 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-07-28 00:58:18 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-07-28 00:58:17 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-07-28 00:58:15 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-07-28 00:58:15 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-07-28 00:58:15 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-07-28 00:58:14 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-07-28 00:58:14 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-07-28 00:58:14 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-07-28 00:58:12 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-07-28 00:58:12 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-07-28 00:58:12 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-07-28 00:57:12 ----D---- C:\Windows\system32\directx
2010-07-27 22:42:18 ----D---- C:\Program Files\NCSoft
2010-07-27 22:33:47 ----D---- C:\Users\František\AppData\Roaming\GetRightToGo
2010-07-19 18:17:00 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-19 18:10:29 ----D---- C:\ProgramData\Uniblue
2010-07-19 18:10:18 ----D---- C:\Users\František\AppData\Roaming\Uniblue
2010-07-19 18:10:09 ----D---- C:\Program Files\Uniblue
2010-07-13 08:52:49 ----A---- C:\Windows\system32\kernel32.dll
2010-07-13 08:52:49 ----A---- C:\Windows\system32\apphelp.dll
2010-07-07 11:53:01 ----D---- C:\ProgramData\Hewlett-Packard
2010-07-03 18:38:16 ----D---- C:\Users\František\AppData\Roaming\skypePM
2010-07-03 18:37:08 ----D---- C:\Users\František\AppData\Roaming\Skype
2010-07-03 18:36:22 ----D---- C:\Program Files\Common Files\Skype
2010-07-03 18:36:21 ----RD---- C:\Program Files\Skype
2010-07-03 18:36:19 ----D---- C:\ProgramData\Skype
======List of files/folders modified in the last 1 months======
2010-08-02 23:17:47 ----RD---- C:\Program Files
2010-08-02 23:16:02 ----D---- C:\Windows\Temp
2010-08-02 22:52:29 ----D---- C:\Windows
2010-08-02 19:54:09 ----D---- C:\Users\František\AppData\Roaming\ICQ
2010-08-02 15:14:12 ----D---- C:\Windows\system32\config
2010-08-02 12:15:50 ----HD---- C:\$AVG8.VAULT$
2010-08-02 11:34:31 ----D---- C:\Windows\system32\drivers\Avg
2010-07-30 10:49:28 ----RSD---- C:\Windows\assembly
2010-07-30 10:48:45 ----SHD---- C:\System Volume Information
2010-07-29 00:53:07 ----D---- C:\Windows\system32\Tasks
2010-07-28 16:15:32 ----D---- C:\Windows\System32
2010-07-28 16:15:32 ----D---- C:\Windows\inf
2010-07-28 16:15:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-28 14:17:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-28 14:12:59 ----HD---- C:\ProgramData
2010-07-28 14:12:13 ----SHD---- C:\Windows\Installer
2010-07-28 13:54:13 ----D---- C:\Windows\Tasks
2010-07-28 00:57:12 ----D---- C:\Windows\Logs
2010-07-27 22:42:38 ----SD---- C:\Users\František\AppData\Roaming\Microsoft
2010-07-27 22:42:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-25 10:52:47 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 14:07:08 ----D---- C:\Windows\system32\wdi
2010-07-19 14:07:07 ----D---- C:\Windows\Prefetch
2010-07-16 15:35:14 ----D---- C:\Windows\system32\catroot2
2010-07-14 18:45:18 ----D---- C:\ProgramData\Microsoft Help
2010-07-13 16:06:02 ----D---- C:\Windows\winsxs
2010-07-13 08:51:47 ----D---- C:\Windows\system32\catroot
2010-07-03 18:36:22 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 14392]
R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2010-06-29 12552]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-26 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-06-29 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-29 27784]
S1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-06-29 108552]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 3xHybrid;WinFast DTV1000 S; C:\Windows\system32\DRIVERS\3xHybrid.sys [2009-08-17 1008768]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-11 5092864]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 cpuz130;cpuz130; \??\C:\Users\FRANTI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-08-02 17488]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-18 2752352]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-07-17 155648]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-11 172032]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-07-03 297752]
S2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-28 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by František at 2010-08-02 23:17:46
Microsoft Windows 7 Home Premium
System drive C: has 146 GB (56%) free of 260 GB
Total RAM: 3325 MB (79% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-06-29 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-28 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-28 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-28 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-18 7711264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-10 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-04-07 79360]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-12 2048352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-03-25 2924544]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-06-28 133368]
"PlayNC Launcher"= []
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-28 39408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"28212141"=C:\Users\František\AppData\Local\28212141.exe [2010-08-02 1016832]
C:\Users\František\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registration Assassin.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-08-02 23:17:47 ----D---- C:\Program Files\trend micro
2010-08-02 23:13:10 ----D---- C:\rsit
2010-08-02 22:52:29 ----A---- C:\Windows\ntbtlog.txt
2010-07-28 14:12:59 ----D---- C:\ProgramData\Electronic Arts
2010-07-28 14:04:34 ----D---- C:\Program Files\EA Games
2010-07-28 14:03:09 ----D---- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-07-28 13:54:21 ----D---- C:\Users\František\AppData\Roaming\Google
2010-07-28 13:54:18 ----D---- C:\Downloads
2010-07-28 13:53:46 ----D---- C:\Users\František\AppData\Roaming\BitComet
2010-07-28 13:53:45 ----D---- C:\Program Files\BitComet
2010-07-28 13:53:41 ----D---- C:\ProgramData\Google
2010-07-28 13:53:41 ----D---- C:\Program Files\Google
2010-07-28 00:58:28 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-07-28 00:58:27 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-07-28 00:58:26 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-07-28 00:58:25 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-07-28 00:58:25 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-07-28 00:58:25 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-07-28 00:58:24 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-07-28 00:58:23 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-07-28 00:58:23 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-07-28 00:58:22 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-07-28 00:58:21 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-07-28 00:58:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-07-28 00:58:21 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-07-28 00:58:20 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-07-28 00:58:18 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-07-28 00:58:18 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-07-28 00:58:18 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-07-28 00:58:17 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-07-28 00:58:15 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-07-28 00:58:15 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-07-28 00:58:15 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-07-28 00:58:14 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-07-28 00:58:14 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-07-28 00:58:14 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-07-28 00:58:13 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-07-28 00:58:12 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-07-28 00:58:12 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-07-28 00:58:12 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-07-28 00:57:12 ----D---- C:\Windows\system32\directx
2010-07-27 22:42:18 ----D---- C:\Program Files\NCSoft
2010-07-27 22:33:47 ----D---- C:\Users\František\AppData\Roaming\GetRightToGo
2010-07-19 18:17:00 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-19 18:10:29 ----D---- C:\ProgramData\Uniblue
2010-07-19 18:10:18 ----D---- C:\Users\František\AppData\Roaming\Uniblue
2010-07-19 18:10:09 ----D---- C:\Program Files\Uniblue
2010-07-13 08:52:49 ----A---- C:\Windows\system32\kernel32.dll
2010-07-13 08:52:49 ----A---- C:\Windows\system32\apphelp.dll
2010-07-07 11:53:01 ----D---- C:\ProgramData\Hewlett-Packard
2010-07-03 18:38:16 ----D---- C:\Users\František\AppData\Roaming\skypePM
2010-07-03 18:37:08 ----D---- C:\Users\František\AppData\Roaming\Skype
2010-07-03 18:36:22 ----D---- C:\Program Files\Common Files\Skype
2010-07-03 18:36:21 ----RD---- C:\Program Files\Skype
2010-07-03 18:36:19 ----D---- C:\ProgramData\Skype
======List of files/folders modified in the last 1 months======
2010-08-02 23:17:47 ----RD---- C:\Program Files
2010-08-02 23:16:02 ----D---- C:\Windows\Temp
2010-08-02 22:52:29 ----D---- C:\Windows
2010-08-02 19:54:09 ----D---- C:\Users\František\AppData\Roaming\ICQ
2010-08-02 15:14:12 ----D---- C:\Windows\system32\config
2010-08-02 12:15:50 ----HD---- C:\$AVG8.VAULT$
2010-08-02 11:34:31 ----D---- C:\Windows\system32\drivers\Avg
2010-07-30 10:49:28 ----RSD---- C:\Windows\assembly
2010-07-30 10:48:45 ----SHD---- C:\System Volume Information
2010-07-29 00:53:07 ----D---- C:\Windows\system32\Tasks
2010-07-28 16:15:32 ----D---- C:\Windows\System32
2010-07-28 16:15:32 ----D---- C:\Windows\inf
2010-07-28 16:15:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-28 14:17:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-28 14:12:59 ----HD---- C:\ProgramData
2010-07-28 14:12:13 ----SHD---- C:\Windows\Installer
2010-07-28 13:54:13 ----D---- C:\Windows\Tasks
2010-07-28 00:57:12 ----D---- C:\Windows\Logs
2010-07-27 22:42:38 ----SD---- C:\Users\František\AppData\Roaming\Microsoft
2010-07-27 22:42:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-25 10:52:47 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 14:07:08 ----D---- C:\Windows\system32\wdi
2010-07-19 14:07:07 ----D---- C:\Windows\Prefetch
2010-07-16 15:35:14 ----D---- C:\Windows\system32\catroot2
2010-07-14 18:45:18 ----D---- C:\ProgramData\Microsoft Help
2010-07-13 16:06:02 ----D---- C:\Windows\winsxs
2010-07-13 08:51:47 ----D---- C:\Windows\system32\catroot
2010-07-03 18:36:22 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 14392]
R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2010-06-29 12552]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-26 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-06-29 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-29 27784]
S1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-06-29 108552]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 3xHybrid;WinFast DTV1000 S; C:\Windows\system32\DRIVERS\3xHybrid.sys [2009-08-17 1008768]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-11 5092864]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 cpuz130;cpuz130; \??\C:\Users\FRANTI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-08-02 17488]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-18 2752352]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-07-17 155648]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-11 172032]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-07-03 297752]
S2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-28 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
-----------------EOF-----------------
Re: Security tool
Napsal: 03 srp 2010 17:44
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Re: Security tool
Napsal: 03 srp 2010 18:29
ComboFix 10-08-02.03 - František 03.08.2010 19:24:10.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3325.2782 [GMT 2:00]
Spuštěný z: c:\users\František\Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.
2010-08-03 17:27 . 2010-08-03 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-02 21:17 . 2010-08-02 21:17 -------- d-----w- c:\program files\trend micro
2010-08-02 21:13 . 2010-08-02 21:17 -------- d-----w- C:\rsit
2010-07-28 12:12 . 2010-07-28 12:12 -------- d-----w- c:\programdata\Electronic Arts
2010-07-28 12:04 . 2010-07-28 12:04 -------- d-----w- c:\program files\EA Games
2010-07-28 12:03 . 2010-07-28 12:03 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-07-28 11:54 . 2010-07-28 11:58 -------- d-----w- C:\Downloads
2010-07-28 11:53 . 2010-07-28 11:54 -------- d-----w- c:\program files\Google
2010-07-27 20:42 . 2010-07-27 20:42 -------- d-----w- c:\program files\NCSoft
2010-07-19 16:17 . 2010-07-19 16:17 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\programdata\Uniblue
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\program files\Uniblue
2010-07-13 06:52 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-07 09:53 . 2010-07-07 09:53 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-07 09:52 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 08:14 . 2010-06-26 02:16 17488 ----a-w- c:\windows\gdrv.sys
2010-07-28 14:15 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 14:15 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-07-28 12:17 . 2010-06-26 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-27 20:42 . 2010-06-26 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 07:31 . 2010-06-26 19:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-07-16 09:33 . 2010-06-28 16:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-07-14 16:45 . 2010-06-28 16:19 -------- d-----w- c:\programdata\Microsoft Help
2010-07-04 09:10 . 2010-06-28 16:32 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-03 16:38 . 2010-07-03 16:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----r- c:\program files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\programdata\Skype
2010-07-02 10:19 . 2010-06-26 19:44 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-29 21:01 . 2010-06-29 21:01 -------- d-----w- c:\program files\Ubisoft
2010-06-29 20:48 . 2010-06-29 20:48 -------- d-----w- c:\programdata\Ubisoft
2010-06-29 16:46 . 2010-06-29 16:45 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-06-29 09:04 . 2010-06-29 09:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-29 09:04 . 2010-06-29 09:04 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-29 09:04 . 2010-06-29 09:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\program files\AVG
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\programdata\avg8
2010-06-28 22:55 . 2010-06-28 16:23 -------- d-----w- c:\program files\Microsoft Works
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\programdata\NOS
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\program files\NOS
2010-06-28 20:46 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ7.2
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\programdata\ICQ
2010-06-28 18:27 . 2010-06-28 18:25 -------- d-----w- c:\program files\UO
2010-06-28 18:24 . 2010-06-28 18:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-28 16:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-28 16:22 . 2010-06-28 16:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:20 . 2010-06-28 16:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-27 21:11 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-27 20:54 . 2010-06-26 02:59 -------- d-----w- c:\program files\WinFast
2010-06-27 19:03 . 2010-06-27 19:02 -------- d-----w- c:\program files\PDFCreator
2010-06-26 21:05 . 2010-06-26 21:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 21:05 . 2010-06-26 21:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 21:04 . 2010-06-26 21:04 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-26 21:03 . 2010-06-26 21:03 -------- d-----w- c:\program files\totalcmd75a
2010-06-26 21:02 . 2010-06-26 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 19:43 . 2010-06-26 19:43 -------- d-----w- c:\program files\PlayReady
2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\programdata\Futuremark
2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-06-26 16:52 . 2010-06-26 16:52 -------- d-----w- c:\program files\Futuremark
2010-06-26 15:33 . 2010-06-26 15:33 -------- d-----w- c:\program files\SpeedFan
2010-06-26 03:02 . 2010-06-26 03:00 -------- d-----w- c:\programdata\ArcSoft
2010-06-26 03:00 . 2010-06-26 01:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-26 03:00 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-26 02:49 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-26 02:17 . 2010-06-26 02:17 -------- d-----w- c:\programdata\ATI
2010-06-26 02:16 . 2010-06-26 02:16 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-26 02:13 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI Technologies
2010-06-26 02:12 . 2010-06-26 02:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\DIFX
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\AMD
2010-06-26 02:02 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Gigabyte
2010-06-26 01:54 . 2010-06-26 01:50 -------- d-----w- c:\program files\Realtek
2010-06-26 01:50 . 2010-06-26 01:50 -------- d--h--w- c:\program files\Temp
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Plocha
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Šablony
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Dokumenty
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Data aplikací
2010-06-02 02:55 . 2010-07-27 22:58 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-27 22:58 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-27 22:58 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-26 02:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-26 02:36 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-07-27 22:58 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 12:14 . 2010-06-26 02:35 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-26 02:40 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-26 02:40 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-26 02:40 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-28 133368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-28 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"28212141"="c:\users\František\AppData\Local\28212141.exe" [2010-08-02 1016832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\Frantiçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-6-29 967304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-26 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-29 335240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 172032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-07-03 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-08-17 1008768]
R3 cpuz130;cpuz130;c:\users\FRANTI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-29 12552]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-29 108552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\7u8taa6x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-08-03 19:28:30
ComboFix-quarantined-files.txt 2010-08-03 17:28
Před spuštěním: Volných bajtů: 153 536 671 744
Po spuštění: Volných bajtů: 156 543 156 224
- - End Of File - - 2932DDC16C442C6A6B4DED4AB1B55018
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3325.2782 [GMT 2:00]
Spuštěný z: c:\users\František\Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.
2010-08-03 17:27 . 2010-08-03 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-02 21:17 . 2010-08-02 21:17 -------- d-----w- c:\program files\trend micro
2010-08-02 21:13 . 2010-08-02 21:17 -------- d-----w- C:\rsit
2010-07-28 12:12 . 2010-07-28 12:12 -------- d-----w- c:\programdata\Electronic Arts
2010-07-28 12:04 . 2010-07-28 12:04 -------- d-----w- c:\program files\EA Games
2010-07-28 12:03 . 2010-07-28 12:03 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-07-28 11:54 . 2010-07-28 11:58 -------- d-----w- C:\Downloads
2010-07-28 11:53 . 2010-07-28 11:54 -------- d-----w- c:\program files\Google
2010-07-27 20:42 . 2010-07-27 20:42 -------- d-----w- c:\program files\NCSoft
2010-07-19 16:17 . 2010-07-19 16:17 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\programdata\Uniblue
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\program files\Uniblue
2010-07-13 06:52 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-07 09:53 . 2010-07-07 09:53 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-07 09:52 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 08:14 . 2010-06-26 02:16 17488 ----a-w- c:\windows\gdrv.sys
2010-07-28 14:15 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 14:15 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-07-28 12:17 . 2010-06-26 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-27 20:42 . 2010-06-26 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 07:31 . 2010-06-26 19:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-07-16 09:33 . 2010-06-28 16:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-07-14 16:45 . 2010-06-28 16:19 -------- d-----w- c:\programdata\Microsoft Help
2010-07-04 09:10 . 2010-06-28 16:32 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-03 16:38 . 2010-07-03 16:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----r- c:\program files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\programdata\Skype
2010-07-02 10:19 . 2010-06-26 19:44 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-29 21:01 . 2010-06-29 21:01 -------- d-----w- c:\program files\Ubisoft
2010-06-29 20:48 . 2010-06-29 20:48 -------- d-----w- c:\programdata\Ubisoft
2010-06-29 16:46 . 2010-06-29 16:45 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-06-29 09:04 . 2010-06-29 09:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-29 09:04 . 2010-06-29 09:04 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-29 09:04 . 2010-06-29 09:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\program files\AVG
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\programdata\avg8
2010-06-28 22:55 . 2010-06-28 16:23 -------- d-----w- c:\program files\Microsoft Works
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\programdata\NOS
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\program files\NOS
2010-06-28 20:46 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ7.2
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\programdata\ICQ
2010-06-28 18:27 . 2010-06-28 18:25 -------- d-----w- c:\program files\UO
2010-06-28 18:24 . 2010-06-28 18:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-28 16:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-28 16:22 . 2010-06-28 16:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:20 . 2010-06-28 16:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-27 21:11 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-27 20:54 . 2010-06-26 02:59 -------- d-----w- c:\program files\WinFast
2010-06-27 19:03 . 2010-06-27 19:02 -------- d-----w- c:\program files\PDFCreator
2010-06-26 21:05 . 2010-06-26 21:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 21:05 . 2010-06-26 21:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 21:04 . 2010-06-26 21:04 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-26 21:03 . 2010-06-26 21:03 -------- d-----w- c:\program files\totalcmd75a
2010-06-26 21:02 . 2010-06-26 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 19:43 . 2010-06-26 19:43 -------- d-----w- c:\program files\PlayReady
2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\programdata\Futuremark
2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-06-26 16:52 . 2010-06-26 16:52 -------- d-----w- c:\program files\Futuremark
2010-06-26 15:33 . 2010-06-26 15:33 -------- d-----w- c:\program files\SpeedFan
2010-06-26 03:02 . 2010-06-26 03:00 -------- d-----w- c:\programdata\ArcSoft
2010-06-26 03:00 . 2010-06-26 01:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-26 03:00 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-26 02:49 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-26 02:17 . 2010-06-26 02:17 -------- d-----w- c:\programdata\ATI
2010-06-26 02:16 . 2010-06-26 02:16 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-26 02:13 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI Technologies
2010-06-26 02:12 . 2010-06-26 02:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\DIFX
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\AMD
2010-06-26 02:02 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Gigabyte
2010-06-26 01:54 . 2010-06-26 01:50 -------- d-----w- c:\program files\Realtek
2010-06-26 01:50 . 2010-06-26 01:50 -------- d--h--w- c:\program files\Temp
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Plocha
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Šablony
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Dokumenty
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Data aplikací
2010-06-02 02:55 . 2010-07-27 22:58 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-27 22:58 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-27 22:58 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-26 02:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-26 02:36 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-07-27 22:58 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 12:14 . 2010-06-26 02:35 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-26 02:40 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-26 02:40 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-26 02:40 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-28 133368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-28 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"28212141"="c:\users\František\AppData\Local\28212141.exe" [2010-08-02 1016832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\Frantiçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-6-29 967304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-26 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-29 335240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 172032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-07-03 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-08-17 1008768]
R3 cpuz130;cpuz130;c:\users\FRANTI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-29 12552]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-29 108552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\7u8taa6x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-08-03 19:28:30
ComboFix-quarantined-files.txt 2010-08-03 17:28
Před spuštěním: Volných bajtů: 153 536 671 744
Po spuštění: Volných bajtů: 156 543 156 224
- - End Of File - - 2932DDC16C442C6A6B4DED4AB1B55018
Re: Security tool
Napsal: 03 srp 2010 18:33
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\users\František\AppData\Local\28212141.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"28212141"=-
Re: Security tool
Napsal: 04 srp 2010 11:04
ComboFix 10-08-02.03 - František 03.08.2010 19:47:09.2.4 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3325.2726 [GMT 2:00]
Spuštěný z: c:\users\František\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\František\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
file zipped: c:\users\František\AppData\Local\28212141.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\František\AppData\Local\28212141.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.
2010-08-03 17:49 . 2010-08-03 17:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-03 17:49 . 2010-08-03 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-02 21:17 . 2010-08-02 21:17 -------- d-----w- c:\program files\trend micro
2010-08-02 21:13 . 2010-08-02 21:17 -------- d-----w- C:\rsit
2010-07-28 12:12 . 2010-07-28 12:12 -------- d-----w- c:\programdata\Electronic Arts
2010-07-28 12:04 . 2010-07-28 12:04 -------- d-----w- c:\program files\EA Games
2010-07-28 12:03 . 2010-07-28 12:03 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-07-28 11:54 . 2010-07-28 11:58 -------- d-----w- C:\Downloads
2010-07-28 11:53 . 2010-07-28 11:54 -------- d-----w- c:\program files\Google
2010-07-27 20:42 . 2010-07-27 20:42 -------- d-----w- c:\program files\NCSoft
2010-07-19 16:17 . 2010-07-19 16:17 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\programdata\Uniblue
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\program files\Uniblue
2010-07-13 06:52 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-07 09:53 . 2010-07-07 09:53 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-07 09:52 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 08:14 . 2010-06-26 02:16 17488 ----a-w- c:\windows\gdrv.sys
2010-07-28 14:15 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 14:15 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-07-28 12:17 . 2010-06-26 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-27 20:42 . 2010-06-26 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 07:31 . 2010-06-26 19:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-07-16 09:33 . 2010-06-28 16:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-07-14 16:45 . 2010-06-28 16:19 -------- d-----w- c:\programdata\Microsoft Help
2010-07-04 09:10 . 2010-06-28 16:32 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-03 16:38 . 2010-07-03 16:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----r- c:\program files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\programdata\Skype
2010-07-02 10:19 . 2010-06-26 19:44 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-29 21:01 . 2010-06-29 21:01 -------- d-----w- c:\program files\Ubisoft
2010-06-29 20:48 . 2010-06-29 20:48 -------- d-----w- c:\programdata\Ubisoft
2010-06-29 16:46 . 2010-06-29 16:45 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-06-29 09:04 . 2010-06-29 09:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-29 09:04 . 2010-06-29 09:04 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-29 09:04 . 2010-06-29 09:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\program files\AVG
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\programdata\avg8
2010-06-28 22:55 . 2010-06-28 16:23 -------- d-----w- c:\program files\Microsoft Works
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\programdata\NOS
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\program files\NOS
2010-06-28 20:46 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ7.2
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\programdata\ICQ
2010-06-28 18:27 . 2010-06-28 18:25 -------- d-----w- c:\program files\UO
2010-06-28 18:24 . 2010-06-28 18:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-28 16:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-28 16:22 . 2010-06-28 16:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:20 . 2010-06-28 16:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-27 21:11 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-27 20:54 . 2010-06-26 02:59 -------- d-----w- c:\program files\WinFast
2010-06-27 19:03 . 2010-06-27 19:02 -------- d-----w- c:\program files\PDFCreator
2010-06-26 21:05 . 2010-06-26 21:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 21:05 . 2010-06-26 21:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 21:04 . 2010-06-26 21:04 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-26 21:03 . 2010-06-26 21:03 -------- d-----w- c:\program files\totalcmd75a
2010-06-26 21:02 . 2010-06-26 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 19:43 . 2010-06-26 19:43 -------- d-----w- c:\program files\PlayReady
2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\programdata\Futuremark
2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-06-26 16:52 . 2010-06-26 16:52 -------- d-----w- c:\program files\Futuremark
2010-06-26 15:33 . 2010-06-26 15:33 -------- d-----w- c:\program files\SpeedFan
2010-06-26 03:02 . 2010-06-26 03:00 -------- d-----w- c:\programdata\ArcSoft
2010-06-26 03:00 . 2010-06-26 01:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-26 03:00 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-26 02:49 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-26 02:17 . 2010-06-26 02:17 -------- d-----w- c:\programdata\ATI
2010-06-26 02:16 . 2010-06-26 02:16 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-26 02:13 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI Technologies
2010-06-26 02:12 . 2010-06-26 02:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\DIFX
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\AMD
2010-06-26 02:02 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Gigabyte
2010-06-26 01:54 . 2010-06-26 01:50 -------- d-----w- c:\program files\Realtek
2010-06-26 01:50 . 2010-06-26 01:50 -------- d--h--w- c:\program files\Temp
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Plocha
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Šablony
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Dokumenty
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Data aplikací
2010-06-02 02:55 . 2010-07-27 22:58 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-27 22:58 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-27 22:58 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-26 02:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-26 02:36 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-07-27 22:58 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 12:14 . 2010-06-26 02:35 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-26 02:40 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-26 02:40 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-26 02:40 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-28 133368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\Frantiçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-6-29 967304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-26 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-29 335240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 172032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-07-03 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-08-17 1008768]
R3 cpuz130;cpuz130;c:\users\FRANTI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-29 12552]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-29 108552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\7u8taa6x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-08-03 19:50:08
ComboFix-quarantined-files.txt 2010-08-03 17:50
ComboFix2.txt 2010-08-03 17:28
Před spuštěním: Volných bajtů: 156 596 789 248
Po spuštění: Volných bajtů: 156 542 648 320
- - End Of File - - 8B51E0538700FFEA0D43D16AFEB4413E
Nahr nˇ probŘhlo ŁspŘçnŘ
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3325.2726 [GMT 2:00]
Spuštěný z: c:\users\František\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\František\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
file zipped: c:\users\František\AppData\Local\28212141.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\František\AppData\Local\28212141.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.
2010-08-03 17:49 . 2010-08-03 17:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-03 17:49 . 2010-08-03 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-02 21:17 . 2010-08-02 21:17 -------- d-----w- c:\program files\trend micro
2010-08-02 21:13 . 2010-08-02 21:17 -------- d-----w- C:\rsit
2010-07-28 12:12 . 2010-07-28 12:12 -------- d-----w- c:\programdata\Electronic Arts
2010-07-28 12:04 . 2010-07-28 12:04 -------- d-----w- c:\program files\EA Games
2010-07-28 12:03 . 2010-07-28 12:03 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-07-28 11:54 . 2010-07-28 11:58 -------- d-----w- C:\Downloads
2010-07-28 11:53 . 2010-07-28 11:54 -------- d-----w- c:\program files\Google
2010-07-27 20:42 . 2010-07-27 20:42 -------- d-----w- c:\program files\NCSoft
2010-07-19 16:17 . 2010-07-19 16:17 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\programdata\Uniblue
2010-07-19 16:10 . 2010-07-19 16:10 -------- d-----w- c:\program files\Uniblue
2010-07-13 06:52 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-07 09:53 . 2010-07-07 09:53 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-07 09:52 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 08:14 . 2010-06-26 02:16 17488 ----a-w- c:\windows\gdrv.sys
2010-07-28 14:15 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 14:15 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-07-28 12:17 . 2010-06-26 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-27 20:42 . 2010-06-26 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 07:31 . 2010-06-26 19:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-07-16 09:33 . 2010-06-28 16:32 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-07-14 16:45 . 2010-06-28 16:19 -------- d-----w- c:\programdata\Microsoft Help
2010-07-04 09:10 . 2010-06-28 16:32 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-07-03 16:38 . 2010-07-03 16:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----r- c:\program files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\program files\Common Files\Skype
2010-07-03 16:36 . 2010-07-03 16:36 -------- d-----w- c:\programdata\Skype
2010-07-02 10:19 . 2010-06-26 19:44 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-29 21:01 . 2010-06-29 21:01 -------- d-----w- c:\program files\Ubisoft
2010-06-29 20:48 . 2010-06-29 20:48 -------- d-----w- c:\programdata\Ubisoft
2010-06-29 16:46 . 2010-06-29 16:45 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-06-29 09:04 . 2010-06-29 09:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-29 09:04 . 2010-06-29 09:04 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-29 09:04 . 2010-06-29 09:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\program files\AVG
2010-06-29 09:04 . 2010-06-29 09:04 -------- d-----w- c:\programdata\avg8
2010-06-28 22:55 . 2010-06-28 16:23 -------- d-----w- c:\program files\Microsoft Works
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\programdata\NOS
2010-06-28 22:00 . 2010-06-28 22:00 -------- d-----w- c:\program files\NOS
2010-06-28 20:46 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ7.2
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-28 20:45 . 2010-06-28 20:45 -------- d-----w- c:\programdata\ICQ
2010-06-28 18:27 . 2010-06-28 18:25 -------- d-----w- c:\program files\UO
2010-06-28 18:24 . 2010-06-28 18:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-28 16:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-28 16:22 . 2010-06-28 16:22 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:20 . 2010-06-28 16:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-27 21:11 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-27 20:54 . 2010-06-26 02:59 -------- d-----w- c:\program files\WinFast
2010-06-27 19:03 . 2010-06-27 19:02 -------- d-----w- c:\program files\PDFCreator
2010-06-26 21:05 . 2010-06-26 21:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 21:05 . 2010-06-26 21:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 21:04 . 2010-06-26 21:04 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-26 21:03 . 2010-06-26 21:03 -------- d-----w- c:\program files\totalcmd75a
2010-06-26 21:02 . 2010-06-26 21:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-26 19:43 . 2010-06-26 19:43 -------- d-----w- c:\program files\PlayReady
2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\programdata\Futuremark
2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2010-06-26 16:52 . 2010-06-26 16:52 -------- d-----w- c:\program files\Futuremark
2010-06-26 15:33 . 2010-06-26 15:33 -------- d-----w- c:\program files\SpeedFan
2010-06-26 03:02 . 2010-06-26 03:00 -------- d-----w- c:\programdata\ArcSoft
2010-06-26 03:00 . 2010-06-26 01:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-26 03:00 . 2010-06-26 03:00 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-26 02:49 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-26 02:17 . 2010-06-26 02:17 -------- d-----w- c:\programdata\ATI
2010-06-26 02:16 . 2010-06-26 02:16 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-26 02:13 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI Technologies
2010-06-26 02:12 . 2010-06-26 02:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\DIFX
2010-06-26 02:03 . 2010-06-26 02:03 -------- d-----w- c:\program files\AMD
2010-06-26 02:02 . 2010-06-26 02:02 -------- d-----w- c:\program files\ATI
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Gigabyte
2010-06-26 01:54 . 2010-06-26 01:50 -------- d-----w- c:\program files\Realtek
2010-06-26 01:50 . 2010-06-26 01:50 -------- d--h--w- c:\program files\Temp
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Plocha
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Šablony
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Dokumenty
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--we c:\programdata\Data aplikací
2010-06-02 02:55 . 2010-07-27 22:58 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-27 22:58 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-27 22:58 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-26 02:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-26 02:36 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-07-27 22:58 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-27 22:58 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 12:14 . 2010-06-26 02:35 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-26 02:40 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14 . 2010-06-26 02:40 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-26 02:40 417792 ----a-w- c:\windows\system32\msdri.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-28 133368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-12 2048352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\Frantiçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-6-29 967304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-26 691696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-29 335240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 172032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-07-03 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\DRIVERS\3xHybrid.sys [2009-08-17 1008768]
R3 cpuz130;cpuz130;c:\users\FRANTI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-29 12552]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-29 108552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 11:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\7u8taa6x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-08-03 19:50:08
ComboFix-quarantined-files.txt 2010-08-03 17:50
ComboFix2.txt 2010-08-03 17:28
Před spuštěním: Volných bajtů: 156 596 789 248
Po spuštění: Volných bajtů: 156 542 648 320
- - End Of File - - 8B51E0538700FFEA0D43D16AFEB4413E
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Security tool
Napsal: 04 srp 2010 19:11
Smazáno, log již vypadá čistý.
Re: Security tool
Napsal: 08 srp 2010 11:24
Ano, vše již funguje, jak má =) díky moc za pomoc 
Re: Security tool
Napsal: 08 srp 2010 11:42
Nemáte zač!