![](https://neslape.cz/images/banner.png)
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC SEKANI
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
PC SEKANI
PC dlouho trvalo nez se rozjelo, pak se zacal sekat total commander, vydrzi jen nekolik sekund, pruzkumnik jede nekolik min nez spadne. IE a FF jedou celkem dlouho ale pak taky spadnou. hry nejdou rozjet vubec nebo se sekaji. zkousel sem Malwarebytes' Anti-Malware rychla kontrola nic nenajde a celkovy sken se do pulhodiny sekne.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Oem at 2010-01-24 23:59:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 41 GB (10%) free of 426 GB
Total RAM: 3582 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:51, on 24.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Download\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5504 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-19 144792]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-24 1800464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-21 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-08 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-12-23 472568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Program Files\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\Users\Oem\Desktop\FREERA~1.82\frd.exe -m []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
C:\PROGRA~1\GIGABYTE\GAMERH~1\HUD.exe [2008-06-26 1940992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a8a3de-08f8-11df-96b7-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5d303a-73ce-11de-b00b-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-01-24 18:54:43 ----D---- C:\ProgramData\Comodo
2010-01-24 18:54:42 ----A---- C:\Windows\system32\guard32.dll
2010-01-24 17:40:48 ----A---- C:\Windows\ntbtlog.txt
2010-01-24 17:19:11 ----D---- C:\rsit
2010-01-24 13:10:51 ----AD---- C:\Windows\rundll16.exe
2010-01-24 13:10:51 ----AD---- C:\Windows\logo1_.exe
2010-01-24 12:29:07 ----AD---- C:\Windows\VDLL.DLL
2010-01-24 12:29:07 ----AD---- C:\Windows\system32\runouce.exe
2010-01-24 12:29:07 ----AD---- C:\Windows\RUNDL132.EXE
2010-01-24 12:29:07 ----AD---- C:\Windows\logo_1.exe
2010-01-24 12:27:39 ----A---- C:\Windows\system32\msvcr80.dll
2010-01-24 12:27:38 ----A---- C:\Windows\system32\msvcp80.dll
2010-01-24 12:27:37 ----A---- C:\Windows\system32\eEmpty.exe
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-24 12:27:31 ----D---- C:\ProgramData\MicroWorld
2010-01-24 12:23:06 ----D---- C:\Program Files\CCleaner
2010-01-23 17:56:58 ----D---- C:\Program Files\Machinarium
2010-01-23 12:13:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 12:13:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 12:13:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\occache.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-18 13:17:31 ----D---- C:\Program Files\Adobe
2010-01-13 00:10:03 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 00:10:02 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 17:01:07 ----D---- C:\ProgramData\ATI
2010-01-11 16:12:14 ----D---- C:\ProgramData\WOP
2010-01-11 15:04:37 ----D---- C:\Program Files\ThirdWire
2010-01-10 18:08:05 ----D---- C:\ProgramData\PopCap Games
2010-01-10 18:07:10 ----D---- C:\Program Files\Plants vs. Zombies
2010-01-08 16:02:30 ----D---- C:\Program Files\Children of the Nile - Enhanced Edition
2010-01-08 15:57:23 ----D---- C:\Program Files\G2 Games
2010-01-08 14:57:32 ----D---- C:\Program Files\3000AD
======List of files/folders modified in the last 1 months======
2010-01-24 23:58:52 ----D---- C:\Windows\Temp
2010-01-24 23:40:18 ----D---- C:\Program Files\Mozilla Firefox
2010-01-24 23:36:59 ----D---- C:\Windows\System32
2010-01-24 23:36:59 ----D---- C:\Windows\inf
2010-01-24 23:36:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-24 22:40:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 22:40:06 ----D---- C:\Windows\system32\drivers
2010-01-24 19:48:13 ----SHD---- C:\Windows\Installer
2010-01-24 18:58:13 ----D---- C:\Windows
2010-01-24 18:56:05 ----D---- C:\Windows\system32\catroot
2010-01-24 18:56:00 ----SHD---- C:\System Volume Information
2010-01-24 18:54:43 ----HD---- C:\ProgramData
2010-01-24 18:54:42 ----D---- C:\Program Files\COMODO
2010-01-24 18:05:54 ----D---- C:\Program Files\Electronic Arts
2010-01-24 18:05:45 ----RSD---- C:\Windows\assembly
2010-01-24 18:04:58 ----D---- C:\Windows\system32\catroot2
2010-01-24 17:32:11 ----D---- C:\Users\Oem\AppData\Roaming\BITS
2010-01-24 17:09:35 ----A---- C:\Windows\win.ini
2010-01-24 16:28:12 ----D---- C:\Windows\Minidump
2010-01-24 15:52:09 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-24 15:51:23 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 15:31:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files
2010-01-24 12:24:56 ----D---- C:\Windows\Debug
2010-01-24 12:23:06 ----RD---- C:\Program Files
2010-01-24 12:22:57 ----D---- C:\Windows\Prefetch
2010-01-24 11:38:16 ----A---- C:\Windows\ged61.ini
2010-01-24 11:31:49 ----D---- C:\hry
2010-01-23 12:14:39 ----D---- C:\Windows\system32\migration
2010-01-23 12:14:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:14:29 ----D---- C:\Windows\winsxs
2010-01-23 00:04:58 ----D---- C:\Program Files\Warcraft III
2010-01-20 20:42:21 ----D---- C:\Windows\Tasks
2010-01-20 20:42:21 ----D---- C:\Windows\system32\Tasks
2010-01-20 17:05:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 13:17:35 ----D---- C:\ProgramData\Adobe
2010-01-18 13:17:35 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 00:12:25 ----D---- C:\Program Files\Windows Mail
2010-01-12 17:01:29 ----D---- C:\Program Files\ATI
2010-01-12 16:58:34 ----D---- C:\Program Files\ATI Technologies
2010-01-12 16:37:19 ----D---- C:\Computer
2010-01-08 16:00:55 ----RSD---- C:\Windows\Fonts
2010-01-08 15:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-08 15:57:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-08 14:33:00 ----D---- C:\Program Files\Steam
2010-01-08 14:17:56 ----D---- C:\Program Files\Ubisoft
2010-01-06 13:23:27 ----D---- C:\film
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-31 22:08:24 ----D---- C:\Users\Oem\AppData\Roaming\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-24 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-24 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-24 74328]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-09-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-09-21 25888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 aui17bwk;aui17bwk; C:\Windows\system32\drivers\aui17bwk.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-11 16608]
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 533888]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-24 723632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-11 215104]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-23 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-23 218608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-20 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-24 306432]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Ray;Ray; C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [2002-10-11 69632]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Oem at 2010-01-24 23:59:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 41 GB (10%) free of 426 GB
Total RAM: 3582 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:51, on 24.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Download\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5504 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-19 144792]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-24 1800464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-21 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-08 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-12-23 472568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Program Files\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\Users\Oem\Desktop\FREERA~1.82\frd.exe -m []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
C:\PROGRA~1\GIGABYTE\GAMERH~1\HUD.exe [2008-06-26 1940992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a8a3de-08f8-11df-96b7-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5d303a-73ce-11de-b00b-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-01-24 18:54:43 ----D---- C:\ProgramData\Comodo
2010-01-24 18:54:42 ----A---- C:\Windows\system32\guard32.dll
2010-01-24 17:40:48 ----A---- C:\Windows\ntbtlog.txt
2010-01-24 17:19:11 ----D---- C:\rsit
2010-01-24 13:10:51 ----AD---- C:\Windows\rundll16.exe
2010-01-24 13:10:51 ----AD---- C:\Windows\logo1_.exe
2010-01-24 12:29:07 ----AD---- C:\Windows\VDLL.DLL
2010-01-24 12:29:07 ----AD---- C:\Windows\system32\runouce.exe
2010-01-24 12:29:07 ----AD---- C:\Windows\RUNDL132.EXE
2010-01-24 12:29:07 ----AD---- C:\Windows\logo_1.exe
2010-01-24 12:27:39 ----A---- C:\Windows\system32\msvcr80.dll
2010-01-24 12:27:38 ----A---- C:\Windows\system32\msvcp80.dll
2010-01-24 12:27:37 ----A---- C:\Windows\system32\eEmpty.exe
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-24 12:27:31 ----D---- C:\ProgramData\MicroWorld
2010-01-24 12:23:06 ----D---- C:\Program Files\CCleaner
2010-01-23 17:56:58 ----D---- C:\Program Files\Machinarium
2010-01-23 12:13:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 12:13:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 12:13:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\occache.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-18 13:17:31 ----D---- C:\Program Files\Adobe
2010-01-13 00:10:03 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 00:10:02 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 17:01:07 ----D---- C:\ProgramData\ATI
2010-01-11 16:12:14 ----D---- C:\ProgramData\WOP
2010-01-11 15:04:37 ----D---- C:\Program Files\ThirdWire
2010-01-10 18:08:05 ----D---- C:\ProgramData\PopCap Games
2010-01-10 18:07:10 ----D---- C:\Program Files\Plants vs. Zombies
2010-01-08 16:02:30 ----D---- C:\Program Files\Children of the Nile - Enhanced Edition
2010-01-08 15:57:23 ----D---- C:\Program Files\G2 Games
2010-01-08 14:57:32 ----D---- C:\Program Files\3000AD
======List of files/folders modified in the last 1 months======
2010-01-24 23:58:52 ----D---- C:\Windows\Temp
2010-01-24 23:40:18 ----D---- C:\Program Files\Mozilla Firefox
2010-01-24 23:36:59 ----D---- C:\Windows\System32
2010-01-24 23:36:59 ----D---- C:\Windows\inf
2010-01-24 23:36:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-24 22:40:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 22:40:06 ----D---- C:\Windows\system32\drivers
2010-01-24 19:48:13 ----SHD---- C:\Windows\Installer
2010-01-24 18:58:13 ----D---- C:\Windows
2010-01-24 18:56:05 ----D---- C:\Windows\system32\catroot
2010-01-24 18:56:00 ----SHD---- C:\System Volume Information
2010-01-24 18:54:43 ----HD---- C:\ProgramData
2010-01-24 18:54:42 ----D---- C:\Program Files\COMODO
2010-01-24 18:05:54 ----D---- C:\Program Files\Electronic Arts
2010-01-24 18:05:45 ----RSD---- C:\Windows\assembly
2010-01-24 18:04:58 ----D---- C:\Windows\system32\catroot2
2010-01-24 17:32:11 ----D---- C:\Users\Oem\AppData\Roaming\BITS
2010-01-24 17:09:35 ----A---- C:\Windows\win.ini
2010-01-24 16:28:12 ----D---- C:\Windows\Minidump
2010-01-24 15:52:09 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-24 15:51:23 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 15:31:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files
2010-01-24 12:24:56 ----D---- C:\Windows\Debug
2010-01-24 12:23:06 ----RD---- C:\Program Files
2010-01-24 12:22:57 ----D---- C:\Windows\Prefetch
2010-01-24 11:38:16 ----A---- C:\Windows\ged61.ini
2010-01-24 11:31:49 ----D---- C:\hry
2010-01-23 12:14:39 ----D---- C:\Windows\system32\migration
2010-01-23 12:14:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:14:29 ----D---- C:\Windows\winsxs
2010-01-23 00:04:58 ----D---- C:\Program Files\Warcraft III
2010-01-20 20:42:21 ----D---- C:\Windows\Tasks
2010-01-20 20:42:21 ----D---- C:\Windows\system32\Tasks
2010-01-20 17:05:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 13:17:35 ----D---- C:\ProgramData\Adobe
2010-01-18 13:17:35 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 00:12:25 ----D---- C:\Program Files\Windows Mail
2010-01-12 17:01:29 ----D---- C:\Program Files\ATI
2010-01-12 16:58:34 ----D---- C:\Program Files\ATI Technologies
2010-01-12 16:37:19 ----D---- C:\Computer
2010-01-08 16:00:55 ----RSD---- C:\Windows\Fonts
2010-01-08 15:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-08 15:57:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-08 14:33:00 ----D---- C:\Program Files\Steam
2010-01-08 14:17:56 ----D---- C:\Program Files\Ubisoft
2010-01-06 13:23:27 ----D---- C:\film
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-31 22:08:24 ----D---- C:\Users\Oem\AppData\Roaming\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-24 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-24 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-24 74328]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-09-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-09-21 25888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 aui17bwk;aui17bwk; C:\Windows\system32\drivers\aui17bwk.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-11 16608]
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 533888]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-24 723632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-11 215104]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-23 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-23 218608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-20 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-24 306432]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Ray;Ray; C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [2002-10-11 69632]
-----------------EOF-----------------
Re: PC SEKANI
Prosim o pomoc, pocitac je vice nestabilnejsi
Logfile of random's system information tool 1.06 (written by random/random)
Run by Oem at 2010-01-25 18:31:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 36 GB (8%) free of 426 GB
Total RAM: 3582 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:51, on 24.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Download\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5504 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-19 144792]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-24 1800464]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-25 2166784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-21 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-08 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-12-23 472568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Program Files\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\Users\Oem\Desktop\FREERA~1.82\frd.exe -m []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
C:\PROGRA~1\GIGABYTE\GAMERH~1\HUD.exe [2008-06-26 1940992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a8a3de-08f8-11df-96b7-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5d303a-73ce-11de-b00b-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-01-25 16:57:27 ----AD---- C:\Windows\rundll16.exe
2010-01-25 16:57:27 ----AD---- C:\Windows\logo1_.exe
2010-01-25 14:36:24 ----D---- C:\Program Files\WinClamAVShield
2010-01-25 14:22:39 ----D---- C:\Program Files\Crawler
2010-01-25 14:16:23 ----D---- C:\Users\Oem\AppData\Roaming\Spyware Terminator
2010-01-25 14:16:15 ----D---- C:\ProgramData\Spyware Terminator
2010-01-25 14:16:11 ----D---- C:\Program Files\Spyware Terminator
2010-01-24 18:54:43 ----D---- C:\ProgramData\Comodo
2010-01-24 18:54:42 ----A---- C:\Windows\system32\guard32.dll
2010-01-24 17:19:11 ----D---- C:\rsit
2010-01-24 12:29:07 ----AD---- C:\Windows\VDLL.DLL
2010-01-24 12:29:07 ----AD---- C:\Windows\system32\runouce.exe
2010-01-24 12:29:07 ----AD---- C:\Windows\RUNDL132.EXE
2010-01-24 12:29:07 ----AD---- C:\Windows\logo_1.exe
2010-01-24 12:27:39 ----A---- C:\Windows\system32\msvcr80.dll
2010-01-24 12:27:38 ----A---- C:\Windows\system32\msvcp80.dll
2010-01-24 12:27:37 ----A---- C:\Windows\system32\eEmpty.exe
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-24 12:27:31 ----D---- C:\ProgramData\MicroWorld
2010-01-24 12:23:06 ----D---- C:\Program Files\CCleaner
2010-01-23 17:56:58 ----D---- C:\Program Files\Machinarium
2010-01-23 12:13:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 12:13:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 12:13:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\occache.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-18 13:17:31 ----D---- C:\Program Files\Adobe
2010-01-13 00:10:03 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 00:10:02 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 17:01:07 ----D---- C:\ProgramData\ATI
2010-01-11 16:12:14 ----D---- C:\ProgramData\WOP
2010-01-11 15:04:37 ----D---- C:\Program Files\ThirdWire
2010-01-10 18:08:05 ----D---- C:\ProgramData\PopCap Games
2010-01-10 18:07:10 ----D---- C:\Program Files\Plants vs. Zombies
2010-01-08 16:02:30 ----D---- C:\Program Files\Children of the Nile - Enhanced Edition
2010-01-08 15:57:23 ----D---- C:\Program Files\G2 Games
2010-01-08 14:57:32 ----D---- C:\Program Files\3000AD
======List of files/folders modified in the last 1 months======
2010-01-25 18:31:28 ----D---- C:\Windows\Temp
2010-01-25 18:31:26 ----D---- C:\Windows\System32
2010-01-25 18:31:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-25 18:31:25 ----D---- C:\Windows\inf
2010-01-25 18:24:21 ----D---- C:\Windows\Prefetch
2010-01-25 16:57:27 ----D---- C:\Windows
2010-01-25 16:27:16 ----D---- C:\Windows\Minidump
2010-01-25 15:50:12 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 14:36:24 ----RD---- C:\Program Files
2010-01-25 14:28:06 ----D---- C:\Windows\system32\drivers
2010-01-25 14:20:46 ----SHD---- C:\System Volume Information
2010-01-25 14:16:15 ----HD---- C:\ProgramData
2010-01-25 13:51:55 ----D---- C:\Users\Oem\AppData\Roaming\BITS
2010-01-24 22:40:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 19:48:13 ----SHD---- C:\Windows\Installer
2010-01-24 18:56:05 ----D---- C:\Windows\system32\catroot
2010-01-24 18:54:42 ----D---- C:\Program Files\COMODO
2010-01-24 18:05:54 ----D---- C:\Program Files\Electronic Arts
2010-01-24 18:05:45 ----RSD---- C:\Windows\assembly
2010-01-24 18:04:58 ----D---- C:\Windows\system32\catroot2
2010-01-24 17:09:35 ----A---- C:\Windows\win.ini
2010-01-24 15:52:09 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-24 15:51:23 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 15:31:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files
2010-01-24 12:24:56 ----D---- C:\Windows\Debug
2010-01-24 11:38:16 ----A---- C:\Windows\ged61.ini
2010-01-24 11:31:49 ----D---- C:\hry
2010-01-23 12:14:39 ----D---- C:\Windows\system32\migration
2010-01-23 12:14:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:14:29 ----D---- C:\Windows\winsxs
2010-01-23 00:04:58 ----D---- C:\Program Files\Warcraft III
2010-01-20 20:42:21 ----D---- C:\Windows\Tasks
2010-01-20 20:42:21 ----D---- C:\Windows\system32\Tasks
2010-01-20 17:05:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 13:17:35 ----D---- C:\ProgramData\Adobe
2010-01-18 13:17:35 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 00:12:25 ----D---- C:\Program Files\Windows Mail
2010-01-12 17:01:29 ----D---- C:\Program Files\ATI
2010-01-12 16:58:34 ----D---- C:\Program Files\ATI Technologies
2010-01-12 16:37:19 ----D---- C:\Computer
2010-01-08 16:00:55 ----RSD---- C:\Windows\Fonts
2010-01-08 15:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-08 15:57:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-08 14:33:00 ----D---- C:\Program Files\Steam
2010-01-08 14:17:56 ----D---- C:\Program Files\Ubisoft
2010-01-06 13:23:27 ----D---- C:\film
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-31 22:08:24 ----D---- C:\Users\Oem\AppData\Roaming\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-24 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-24 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-24 74328]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-01-25 142592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-09-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-09-21 25888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-11 16608]
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 533888]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-24 723632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-11 215104]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-23 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-23 218608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-20 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-24 306432]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Ray;Ray; C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [2002-10-11 69632]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Oem at 2010-01-25 18:31:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 36 GB (8%) free of 426 GB
Total RAM: 3582 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:51, on 24.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Download\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5504 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-19 144792]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-24 1800464]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-25 2166784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-21 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-08 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-12-23 472568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Program Files\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\Users\Oem\Desktop\FREERA~1.82\frd.exe -m []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
C:\PROGRA~1\GIGABYTE\GAMERH~1\HUD.exe [2008-06-26 1940992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a8a3de-08f8-11df-96b7-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5d303a-73ce-11de-b00b-001fd05ef3e2}]
shell\AutoRun\command - J:\SaboteurLauncher.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-01-25 16:57:27 ----AD---- C:\Windows\rundll16.exe
2010-01-25 16:57:27 ----AD---- C:\Windows\logo1_.exe
2010-01-25 14:36:24 ----D---- C:\Program Files\WinClamAVShield
2010-01-25 14:22:39 ----D---- C:\Program Files\Crawler
2010-01-25 14:16:23 ----D---- C:\Users\Oem\AppData\Roaming\Spyware Terminator
2010-01-25 14:16:15 ----D---- C:\ProgramData\Spyware Terminator
2010-01-25 14:16:11 ----D---- C:\Program Files\Spyware Terminator
2010-01-24 18:54:43 ----D---- C:\ProgramData\Comodo
2010-01-24 18:54:42 ----A---- C:\Windows\system32\guard32.dll
2010-01-24 17:19:11 ----D---- C:\rsit
2010-01-24 12:29:07 ----AD---- C:\Windows\VDLL.DLL
2010-01-24 12:29:07 ----AD---- C:\Windows\system32\runouce.exe
2010-01-24 12:29:07 ----AD---- C:\Windows\RUNDL132.EXE
2010-01-24 12:29:07 ----AD---- C:\Windows\logo_1.exe
2010-01-24 12:27:39 ----A---- C:\Windows\system32\msvcr80.dll
2010-01-24 12:27:38 ----A---- C:\Windows\system32\msvcp80.dll
2010-01-24 12:27:37 ----A---- C:\Windows\system32\eEmpty.exe
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-24 12:27:31 ----D---- C:\ProgramData\MicroWorld
2010-01-24 12:23:06 ----D---- C:\Program Files\CCleaner
2010-01-23 17:56:58 ----D---- C:\Program Files\Machinarium
2010-01-23 12:13:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 12:13:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 12:13:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\occache.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-18 13:17:31 ----D---- C:\Program Files\Adobe
2010-01-13 00:10:03 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 00:10:02 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 17:01:07 ----D---- C:\ProgramData\ATI
2010-01-11 16:12:14 ----D---- C:\ProgramData\WOP
2010-01-11 15:04:37 ----D---- C:\Program Files\ThirdWire
2010-01-10 18:08:05 ----D---- C:\ProgramData\PopCap Games
2010-01-10 18:07:10 ----D---- C:\Program Files\Plants vs. Zombies
2010-01-08 16:02:30 ----D---- C:\Program Files\Children of the Nile - Enhanced Edition
2010-01-08 15:57:23 ----D---- C:\Program Files\G2 Games
2010-01-08 14:57:32 ----D---- C:\Program Files\3000AD
======List of files/folders modified in the last 1 months======
2010-01-25 18:31:28 ----D---- C:\Windows\Temp
2010-01-25 18:31:26 ----D---- C:\Windows\System32
2010-01-25 18:31:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-25 18:31:25 ----D---- C:\Windows\inf
2010-01-25 18:24:21 ----D---- C:\Windows\Prefetch
2010-01-25 16:57:27 ----D---- C:\Windows
2010-01-25 16:27:16 ----D---- C:\Windows\Minidump
2010-01-25 15:50:12 ----D---- C:\Program Files\Mozilla Firefox
2010-01-25 14:36:24 ----RD---- C:\Program Files
2010-01-25 14:28:06 ----D---- C:\Windows\system32\drivers
2010-01-25 14:20:46 ----SHD---- C:\System Volume Information
2010-01-25 14:16:15 ----HD---- C:\ProgramData
2010-01-25 13:51:55 ----D---- C:\Users\Oem\AppData\Roaming\BITS
2010-01-24 22:40:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 19:48:13 ----SHD---- C:\Windows\Installer
2010-01-24 18:56:05 ----D---- C:\Windows\system32\catroot
2010-01-24 18:54:42 ----D---- C:\Program Files\COMODO
2010-01-24 18:05:54 ----D---- C:\Program Files\Electronic Arts
2010-01-24 18:05:45 ----RSD---- C:\Windows\assembly
2010-01-24 18:04:58 ----D---- C:\Windows\system32\catroot2
2010-01-24 17:09:35 ----A---- C:\Windows\win.ini
2010-01-24 15:52:09 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-24 15:51:23 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 15:31:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-24 12:27:32 ----D---- C:\Program Files\Common Files
2010-01-24 12:24:56 ----D---- C:\Windows\Debug
2010-01-24 11:38:16 ----A---- C:\Windows\ged61.ini
2010-01-24 11:31:49 ----D---- C:\hry
2010-01-23 12:14:39 ----D---- C:\Windows\system32\migration
2010-01-23 12:14:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:14:29 ----D---- C:\Windows\winsxs
2010-01-23 00:04:58 ----D---- C:\Program Files\Warcraft III
2010-01-20 20:42:21 ----D---- C:\Windows\Tasks
2010-01-20 20:42:21 ----D---- C:\Windows\system32\Tasks
2010-01-20 17:05:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 13:17:35 ----D---- C:\ProgramData\Adobe
2010-01-18 13:17:35 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 00:12:25 ----D---- C:\Program Files\Windows Mail
2010-01-12 17:01:29 ----D---- C:\Program Files\ATI
2010-01-12 16:58:34 ----D---- C:\Program Files\ATI Technologies
2010-01-12 16:37:19 ----D---- C:\Computer
2010-01-08 16:00:55 ----RSD---- C:\Windows\Fonts
2010-01-08 15:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-08 15:57:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-08 14:33:00 ----D---- C:\Program Files\Steam
2010-01-08 14:17:56 ----D---- C:\Program Files\Ubisoft
2010-01-06 13:23:27 ----D---- C:\film
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-31 22:08:24 ----D---- C:\Users\Oem\AppData\Roaming\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-24 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-24 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-24 74328]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-01-25 142592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-09-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-09-21 25888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-11 16608]
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 533888]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-24 723632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-11 215104]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-23 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-23 218608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-20 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-24 306432]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Ray;Ray; C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [2002-10-11 69632]
-----------------EOF-----------------
Re: PC SEKANI
Dobrý večer
Zazálohujte si důležitá data, pro jistotu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
![2 :)](./images/smilies/2.gif)
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
![2 :)](./images/smilies/2.gif)
![45 :arrow:](./images/smilies/45.gif)
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC SEKANI
bohuzel mi nejde rozjet combofix ikdyz dam prava administratora
Re: PC SEKANI
Nevadí
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
![2 :)](./images/smilies/2.gif)
![45 :arrow:](./images/smilies/45.gif)
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
![45 :arrow:](./images/smilies/45.gif)
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC SEKANI
no ja nemam u administratora ty zvlastni opravneni, nejde trteba kvuli tomu combofix??
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-26 00:19:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Oem\AppData\Local\Temp\uwldapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-26 00:19:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Oem\AppData\Local\Temp\uwldapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- EOF - GMER 1.0.15 ----
Re: PC SEKANI
Pokud neděláte v omezeném učtu, měl by jít spustit
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC SEKANI
tak se mi podarilo nejak rozjet combofix
ComboFix 10-01-25.06 - Oem 26.01.2010 12:27:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2622 [GMT 1:00]
Spuštěný z: c:\users\Oem\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\Oem\AppData\Local\temp
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\jimi\AppData\Local\temp
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-26 00:20 . 2010-01-26 00:24 -------- d-----w- C:\32788R22FWJFW.8.tmp
2010-01-25 23:09 . 2010-01-26 00:20 -------- d-----w- C:\32788R22FWJFW.7.tmp
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\users\Oem\AppData\Roaming\PeerNetworking
2010-01-25 22:53 . 2010-01-25 23:09 -------- d-----w- C:\32788R22FWJFW.6.tmp
2010-01-25 22:47 . 2010-01-25 22:53 -------- d-----w- C:\32788R22FWJFW.5.tmp
2010-01-25 22:47 . 2010-01-25 22:47 -------- d--h--w- c:\windows\PIF
2010-01-25 22:45 . 2010-01-25 22:47 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-01-25 22:41 . 2010-01-25 22:45 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-01-25 22:40 . 2010-01-25 22:41 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-01-25 22:38 . 2010-01-25 22:40 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-01-25 20:14 . 2010-01-25 22:04 -------- d-----w- c:\program files\SpeedFan
2010-01-25 18:42 . 2010-01-25 22:11 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-25 15:57 . 2010-01-25 15:57 -------- d---a-w- c:\windows\rundll16.exe
2010-01-25 15:57 . 2010-01-25 15:57 -------- d---a-w- c:\windows\logo1_.exe
2010-01-25 13:36 . 2010-01-25 13:38 -------- d-----w- c:\program files\WinClamAVShield
2010-01-25 13:22 . 2010-01-26 10:34 -------- d-----w- c:\program files\Crawler
2010-01-25 13:16 . 2010-01-25 18:41 -------- d-----w- c:\users\Oem\AppData\Roaming\Spyware Terminator
2010-01-25 13:16 . 2010-01-25 13:16 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-25 13:16 . 2010-01-25 13:16 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-25 13:16 . 2010-01-25 13:16 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-25 13:16 . 2010-01-25 14:49 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-25 13:16 . 2010-01-25 22:17 -------- d-----w- c:\program files\Spyware Terminator
2010-01-24 21:39 . 2010-01-24 21:39 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-24 17:54 . 2010-01-24 17:57 -------- d-----w- c:\programdata\Comodo
2010-01-24 17:54 . 2010-01-24 17:54 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-24 17:54 . 2010-01-24 17:54 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-24 17:54 . 2010-01-24 17:54 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-24 17:54 . 2010-01-24 17:54 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-24 16:19 . 2010-01-24 16:25 -------- d-----w- C:\rsit
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\logo_1.exe
2010-01-24 11:27 . 2010-01-24 11:27 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-24 11:27 . 2010-01-24 11:27 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-24 11:27 . 2010-01-24 11:27 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-24 11:27 . 2010-01-24 11:27 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-24 11:27 . 2010-01-24 11:27 -------- d-----w- c:\programdata\MicroWorld
2010-01-24 11:23 . 2010-01-24 11:23 -------- d-----w- c:\program files\CCleaner
2010-01-23 16:56 . 2010-01-23 16:57 -------- d-----w- c:\program files\Machinarium
2010-01-20 19:42 . 2010-01-20 19:42 -------- d-----w- c:\users\Oem\AppData\Local\Deployment
2010-01-20 19:42 . 2010-01-20 19:42 -------- d-----w- c:\users\Oem\AppData\Local\Apps
2010-01-12 23:10 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:10 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 16:01 . 2010-01-12 16:01 -------- d-----w- c:\programdata\ATI
2010-01-12 15:55 . 2010-01-12 15:55 10134 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}\ARPPRODUCTICON.exe
2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\users\Public\Games
2010-01-11 15:16 . 2010-01-11 15:16 -------- d-----w- c:\users\Oem\AppData\Local\Wings of Prey
2010-01-11 15:12 . 2010-01-11 15:12 -------- d-----w- c:\users\Oem\AppData\Local\WOP
2010-01-11 15:12 . 2010-01-11 15:12 -------- d-----w- c:\programdata\WOP
2010-01-11 14:04 . 2010-01-11 14:04 -------- d-----w- c:\program files\ThirdWire
2010-01-10 17:08 . 2010-01-10 17:08 -------- d-----w- c:\programdata\PopCap Games
2010-01-10 17:07 . 2010-01-10 17:07 -------- d-----w- c:\program files\Plants vs. Zombies
2010-01-08 15:02 . 2010-01-08 15:05 -------- d-----w- c:\program files\Children of the Nile - Enhanced Edition
2010-01-08 14:57 . 2010-01-08 14:57 -------- d-----w- c:\program files\G2 Games
2010-01-08 14:57 . 2010-01-08 14:57 10134 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{5CB6A112-DA36-486B-9B1C-6341CB95DE37}\ARPPRODUCTICON.exe
2010-01-08 13:57 . 2010-01-08 13:57 -------- d-----w- c:\program files\3000AD
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 11:24 . 2008-01-21 06:46 633168 ----a-w- c:\windows\system32\perfh005.dat
2010-01-26 11:24 . 2008-01-21 06:46 128514 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 21:40 . 2009-11-10 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 17:54 . 2009-03-26 20:38 -------- d-----w- c:\program files\COMODO
2010-01-24 17:05 . 2008-11-20 00:21 -------- d-----w- c:\program files\Electronic Arts
2010-01-24 14:52 . 2009-07-18 19:12 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-24 14:52 . 2010-01-24 14:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.11409168
2010-01-24 14:51 . 2009-07-18 19:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-24 14:31 . 2008-11-19 23:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-22 23:04 . 2008-12-26 14:05 -------- d-----w- c:\program files\Warcraft III
2010-01-20 16:05 . 2009-09-18 16:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 12:17 . 2008-11-19 22:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 12:28 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 23:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 16:01 . 2008-12-05 08:14 -------- d-----w- c:\program files\ATI
2010-01-12 15:58 . 2008-12-05 08:14 -------- d-----w- c:\program files\ATI Technologies
2010-01-08 14:57 . 2008-11-14 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 13:33 . 2008-12-17 10:46 -------- d-----w- c:\program files\Steam
2010-01-08 13:17 . 2008-11-20 09:47 -------- d-----w- c:\program files\Ubisoft
2010-01-07 15:07 . 2009-11-10 22:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-10 22:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-01-23 11:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 11:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-23 11:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-23 11:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 21:08 . 2008-11-19 22:44 -------- d-----w- c:\users\Oem\AppData\Roaming\ICQ
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_7a5a767d.exe
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_701f5d03.exe
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_45091238.exe
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_3b251e1f.exe
2009-12-23 11:36 . 2009-09-27 13:21 -------- d-----w- c:\program files\Turbine
2009-12-22 10:09 . 2008-12-21 18:18 1 ----a-w- c:\users\Oem\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-21 11:18 . 2009-12-21 11:18 -------- d-----w- c:\program files\Rage Software
2009-12-11 18:25 . 2008-11-19 22:42 -------- d-----w- c:\program files\Opera
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18 . 2009-11-25 03:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2008-07-04 03:37 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2008-07-04 03:37 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2009-11-25 03:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2008-07-04 03:21 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2008-07-04 03:03 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-11-25 02:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-11 22:29 . 2009-05-12 13:34 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-11 22:29 . 2009-05-12 13:33 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-09 12:31 . 2009-12-09 14:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 14:57 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 14:57 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 09:17 . 2009-11-25 10:46 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 11:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-19 144792]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-24 1800464]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-25 2166784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
path=c:\users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.82.lnk
backup=c:\windows\pss\FreeRapid 0.82.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
path=c:\users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD.lnk
backup=c:\windows\pss\GIGABYTE Gamer HUD.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-20 19:42 135664 ----atw- c:\users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 16:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-21 11:50 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-08 14:58 1217808 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
2009-12-23 11:04 472568 ----a-w- c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 15:38 61440 ----a-w- c:\program files\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ec,56,35,dc,fc,fa,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2450520333-1999450610-3651769405-1000]
"EnableNotificationsRef"=dword:00000001
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 10:04 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [24.1.2010 18:54 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [24.1.2010 18:54 29520]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [25.1.2010 14:16 142592]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.11.2009 4:17 172032]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 GUCI_AVS;iSlim 320;c:\windows\System32\drivers\GUCI_AVS.sys [24.12.2008 19:48 533888]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [27.9.2009 14:21 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [27.9.2009 14:21 218608]
S3 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [24.4.2007 17:52 16688]
S4 Ray;Ray;c:\program files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [11.10.2002 12:30 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
- c:\users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 19:42]
2010-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
- c:\users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 19:42]
2010-01-26 c:\windows\Tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
- c:\windows\system32\msfeedssync.exe [2010-01-23 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\krxgmvnb.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Oem\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\krxgmvnb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 12:33
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2450520333-1999450610-3651769405-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:75,3b,23,4d,f8,40,c8,71,06,3e,94,25,b3,44,dd,d8,7f,f0,4c,ea,ce,81,d2,
02,1c,d2,94,5a,33,46,f6,ac,33,48,eb,98,99,2b,39,a9,54,f5,4f,0b,8b,a2,2d,5c,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
[HKEY_USERS\S-1-5-21-2450520333-1999450610-3651769405-1000\Software\SecuROM\License information*]
"datasecu"=hex:02,35,ee,bf,c2,cc,3a,a9,f8,d8,0d,2e,2b,e3,1f,5b,44,a3,4a,4b,7e,
ff,45,9f,b1,55,05,b7,51,1b,f3,e1,37,a6,ce,ad,7d,b4,78,35,88,e1,1c,11,b2,ba,\
"rkeysecu"=hex:ee,a3,ae,fe,e7,0f,a0,c2,0b,95,79,32,06,fc,75,ed
.
Celkový čas: 2010-01-26 12:36:11
ComboFix-quarantined-files.txt 2010-01-26 11:36
Před spuštěním: Volných bajtů: 36 026 359 808
Po spuštění: Volných bajtů: 35 993 243 648
- - End Of File - - 86C40F37A61ECAE533C938EE50C2787F
ComboFix 10-01-25.06 - Oem 26.01.2010 12:27:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2622 [GMT 1:00]
Spuštěný z: c:\users\Oem\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\Oem\AppData\Local\temp
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\jimi\AppData\Local\temp
2010-01-26 11:33 . 2010-01-26 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-26 00:20 . 2010-01-26 00:24 -------- d-----w- C:\32788R22FWJFW.8.tmp
2010-01-25 23:09 . 2010-01-26 00:20 -------- d-----w- C:\32788R22FWJFW.7.tmp
2010-01-25 23:04 . 2010-01-25 23:04 -------- d-----w- c:\users\Oem\AppData\Roaming\PeerNetworking
2010-01-25 22:53 . 2010-01-25 23:09 -------- d-----w- C:\32788R22FWJFW.6.tmp
2010-01-25 22:47 . 2010-01-25 22:53 -------- d-----w- C:\32788R22FWJFW.5.tmp
2010-01-25 22:47 . 2010-01-25 22:47 -------- d--h--w- c:\windows\PIF
2010-01-25 22:45 . 2010-01-25 22:47 -------- d-----w- C:\32788R22FWJFW.4.tmp
2010-01-25 22:41 . 2010-01-25 22:45 -------- d-----w- C:\32788R22FWJFW.3.tmp
2010-01-25 22:40 . 2010-01-25 22:41 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-01-25 22:38 . 2010-01-25 22:40 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-01-25 20:14 . 2010-01-25 22:04 -------- d-----w- c:\program files\SpeedFan
2010-01-25 18:42 . 2010-01-25 22:11 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-25 15:57 . 2010-01-25 15:57 -------- d---a-w- c:\windows\rundll16.exe
2010-01-25 15:57 . 2010-01-25 15:57 -------- d---a-w- c:\windows\logo1_.exe
2010-01-25 13:36 . 2010-01-25 13:38 -------- d-----w- c:\program files\WinClamAVShield
2010-01-25 13:22 . 2010-01-26 10:34 -------- d-----w- c:\program files\Crawler
2010-01-25 13:16 . 2010-01-25 18:41 -------- d-----w- c:\users\Oem\AppData\Roaming\Spyware Terminator
2010-01-25 13:16 . 2010-01-25 13:16 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-25 13:16 . 2010-01-25 13:16 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-25 13:16 . 2010-01-25 13:16 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-25 13:16 . 2010-01-25 14:49 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-25 13:16 . 2010-01-25 22:17 -------- d-----w- c:\program files\Spyware Terminator
2010-01-24 21:39 . 2010-01-24 21:39 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-24 17:54 . 2010-01-24 17:57 -------- d-----w- c:\programdata\Comodo
2010-01-24 17:54 . 2010-01-24 17:54 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-24 17:54 . 2010-01-24 17:54 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-24 17:54 . 2010-01-24 17:54 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-24 17:54 . 2010-01-24 17:54 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-24 16:19 . 2010-01-24 16:25 -------- d-----w- C:\rsit
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-24 11:29 . 2010-01-24 11:29 -------- d---a-w- c:\windows\logo_1.exe
2010-01-24 11:27 . 2010-01-24 11:27 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-24 11:27 . 2010-01-24 11:27 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-24 11:27 . 2010-01-24 11:27 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-24 11:27 . 2010-01-24 11:27 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-24 11:27 . 2010-01-24 11:27 -------- d-----w- c:\programdata\MicroWorld
2010-01-24 11:23 . 2010-01-24 11:23 -------- d-----w- c:\program files\CCleaner
2010-01-23 16:56 . 2010-01-23 16:57 -------- d-----w- c:\program files\Machinarium
2010-01-20 19:42 . 2010-01-20 19:42 -------- d-----w- c:\users\Oem\AppData\Local\Deployment
2010-01-20 19:42 . 2010-01-20 19:42 -------- d-----w- c:\users\Oem\AppData\Local\Apps
2010-01-12 23:10 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:10 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 16:01 . 2010-01-12 16:01 -------- d-----w- c:\programdata\ATI
2010-01-12 15:55 . 2010-01-12 15:55 10134 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}\ARPPRODUCTICON.exe
2010-01-12 05:57 . 2010-01-12 05:57 -------- d-----w- c:\users\Public\Games
2010-01-11 15:16 . 2010-01-11 15:16 -------- d-----w- c:\users\Oem\AppData\Local\Wings of Prey
2010-01-11 15:12 . 2010-01-11 15:12 -------- d-----w- c:\users\Oem\AppData\Local\WOP
2010-01-11 15:12 . 2010-01-11 15:12 -------- d-----w- c:\programdata\WOP
2010-01-11 14:04 . 2010-01-11 14:04 -------- d-----w- c:\program files\ThirdWire
2010-01-10 17:08 . 2010-01-10 17:08 -------- d-----w- c:\programdata\PopCap Games
2010-01-10 17:07 . 2010-01-10 17:07 -------- d-----w- c:\program files\Plants vs. Zombies
2010-01-08 15:02 . 2010-01-08 15:05 -------- d-----w- c:\program files\Children of the Nile - Enhanced Edition
2010-01-08 14:57 . 2010-01-08 14:57 -------- d-----w- c:\program files\G2 Games
2010-01-08 14:57 . 2010-01-08 14:57 10134 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{5CB6A112-DA36-486B-9B1C-6341CB95DE37}\ARPPRODUCTICON.exe
2010-01-08 13:57 . 2010-01-08 13:57 -------- d-----w- c:\program files\3000AD
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 11:24 . 2008-01-21 06:46 633168 ----a-w- c:\windows\system32\perfh005.dat
2010-01-26 11:24 . 2008-01-21 06:46 128514 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 21:40 . 2009-11-10 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 17:54 . 2009-03-26 20:38 -------- d-----w- c:\program files\COMODO
2010-01-24 17:05 . 2008-11-20 00:21 -------- d-----w- c:\program files\Electronic Arts
2010-01-24 14:52 . 2009-07-18 19:12 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-24 14:52 . 2010-01-24 14:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.11409168
2010-01-24 14:51 . 2009-07-18 19:13 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-24 14:31 . 2008-11-19 23:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-22 23:04 . 2008-12-26 14:05 -------- d-----w- c:\program files\Warcraft III
2010-01-20 16:05 . 2009-09-18 16:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 12:17 . 2008-11-19 22:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 12:28 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 23:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 16:01 . 2008-12-05 08:14 -------- d-----w- c:\program files\ATI
2010-01-12 15:58 . 2008-12-05 08:14 -------- d-----w- c:\program files\ATI Technologies
2010-01-08 14:57 . 2008-11-14 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 13:33 . 2008-12-17 10:46 -------- d-----w- c:\program files\Steam
2010-01-08 13:17 . 2008-11-20 09:47 -------- d-----w- c:\program files\Ubisoft
2010-01-07 15:07 . 2009-11-10 22:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-10 22:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-01-23 11:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 11:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-23 11:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-23 11:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 21:08 . 2008-11-19 22:44 -------- d-----w- c:\users\Oem\AppData\Roaming\ICQ
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_7a5a767d.exe
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_701f5d03.exe
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_45091238.exe
2009-12-29 12:14 . 2009-01-26 20:42 11502 ----a-r- c:\users\Oem\AppData\Roaming\Microsoft\Installer\{9B40A0CC-AB90-4375-8D35-668393564B57}\_3b251e1f.exe
2009-12-23 11:36 . 2009-09-27 13:21 -------- d-----w- c:\program files\Turbine
2009-12-22 10:09 . 2008-12-21 18:18 1 ----a-w- c:\users\Oem\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-21 11:18 . 2009-12-21 11:18 -------- d-----w- c:\program files\Rage Software
2009-12-11 18:25 . 2008-11-19 22:42 -------- d-----w- c:\program files\Opera
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18 . 2009-11-25 03:18 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2008-07-04 03:37 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2008-07-04 03:37 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2009-11-25 03:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2008-07-04 03:21 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2008-07-04 03:03 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-11-25 02:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-11 22:29 . 2009-05-12 13:34 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-11 22:29 . 2009-05-12 13:33 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-09 12:31 . 2009-12-09 14:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 14:57 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 14:57 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 09:17 . 2009-11-25 10:46 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 11:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-19 144792]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-24 1800464]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-25 2166784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
path=c:\users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.82.lnk
backup=c:\windows\pss\FreeRapid 0.82.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
path=c:\users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD.lnk
backup=c:\windows\pss\GIGABYTE Gamer HUD.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-20 19:42 135664 ----atw- c:\users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\PAP7501\GUCI_AVS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 16:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-21 11:50 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-08 14:58 1217808 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
2009-12-23 11:04 472568 ----a-w- c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 15:38 61440 ----a-w- c:\program files\Warcraft III\W3DR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ec,56,35,dc,fc,fa,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2450520333-1999450610-3651769405-1000]
"EnableNotificationsRef"=dword:00000001
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 10:04 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [24.1.2010 18:54 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [24.1.2010 18:54 29520]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [25.1.2010 14:16 142592]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.11.2009 4:17 172032]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 GUCI_AVS;iSlim 320;c:\windows\System32\drivers\GUCI_AVS.sys [24.12.2008 19:48 533888]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [27.9.2009 14:21 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [27.9.2009 14:21 218608]
S3 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [24.4.2007 17:52 16688]
S4 Ray;Ray;c:\program files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [11.10.2002 12:30 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
- c:\users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 19:42]
2010-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
- c:\users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 19:42]
2010-01-26 c:\windows\Tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
- c:\windows\system32\msfeedssync.exe [2010-01-23 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\krxgmvnb.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Oem\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Oem\AppData\Roaming\Mozilla\Firefox\Profiles\krxgmvnb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 12:33
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2450520333-1999450610-3651769405-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:75,3b,23,4d,f8,40,c8,71,06,3e,94,25,b3,44,dd,d8,7f,f0,4c,ea,ce,81,d2,
02,1c,d2,94,5a,33,46,f6,ac,33,48,eb,98,99,2b,39,a9,54,f5,4f,0b,8b,a2,2d,5c,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
[HKEY_USERS\S-1-5-21-2450520333-1999450610-3651769405-1000\Software\SecuROM\License information*]
"datasecu"=hex:02,35,ee,bf,c2,cc,3a,a9,f8,d8,0d,2e,2b,e3,1f,5b,44,a3,4a,4b,7e,
ff,45,9f,b1,55,05,b7,51,1b,f3,e1,37,a6,ce,ad,7d,b4,78,35,88,e1,1c,11,b2,ba,\
"rkeysecu"=hex:ee,a3,ae,fe,e7,0f,a0,c2,0b,95,79,32,06,fc,75,ed
.
Celkový čas: 2010-01-26 12:36:11
ComboFix-quarantined-files.txt 2010-01-26 11:36
Před spuštěním: Volných bajtů: 36 026 359 808
Po spuštění: Volných bajtů: 35 993 243 648
- - End Of File - - 86C40F37A61ECAE533C938EE50C2787F
Re: PC SEKANI
vcera jsem jeste zkousel gmer a scan jel hodinu a log mel pres 500000 znaku, dnes to jelo ryhle
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-26 13:21:00
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Oem\AppData\Local\Temp\uwldapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x91676F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x91677F4E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x91677166]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x91E0188E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x916763EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x91E010EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x91E00DCE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x916762CE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x91E02938]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x91677C08]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x91675E94]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x91E00ED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x91E00FC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x91675CC6]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x91E01BBC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x91676670]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x91E013F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x916759F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x91676900]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x91675B6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x916783B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x91677626]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x91E01526]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x91677A38]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x91E00BFC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x9167660A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x916767F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x91E01B04]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x91676066]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x91E0170C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x91677272]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 83CC685C 4 Bytes [80, 6F, 67, 91] {SUB BYTE [EDI+0x67], 0x91}
.text ntkrnlpa.exe!KeSetEvent + 13D 83CC6880 8 Bytes [4E, 7F, 67, 91, 66, 71, 67, ...]
.text ntkrnlpa.exe!KeSetEvent + 1A9 83CC68EC 4 Bytes [8E, 18, E0, 91] {MOV DS, [EAX]; LOOPNZ 0xffffffffffffff95}
.text ntkrnlpa.exe!KeSetEvent + 1C1 83CC6904 4 Bytes [EC, 63, 67, 91] {IN AL, DX ; ARPL [EDI-0x6f], SP}
.text ntkrnlpa.exe!KeSetEvent + 1D9 83CC691C 4 Bytes [EC, 10, E0, 91] {IN AL, DX ; ADC AL, AH; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C07000, 0x2CB104, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA7A0F300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA7A52300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[948] ntdll.dll!NtAllocateVirtualMemory 77994134 5 Bytes JMP 0040F940 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2120] ntdll.dll!NtAllocateVirtualMemory 77994134 5 Bytes JMP 0050DF00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73B9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {420B5278-4CCE-48EE-8E0E-1899B89B3B19}
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-26 13:21:00
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Oem\AppData\Local\Temp\uwldapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x91676F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x91677F4E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x91677166]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x91E0188E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x916763EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x91E010EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x91E00DCE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x916762CE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x91E02938]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x91677C08]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x91675E94]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x91E00ED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x91E00FC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x91675CC6]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x91E01BBC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x91676670]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x91E013F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x916759F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x91676900]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x91675B6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x916783B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x91677626]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x91E01526]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x91677A38]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x91E00BFC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x9167660A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x916767F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x91E01B04]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x91676066]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x91E0170C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x91677272]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 83CC685C 4 Bytes [80, 6F, 67, 91] {SUB BYTE [EDI+0x67], 0x91}
.text ntkrnlpa.exe!KeSetEvent + 13D 83CC6880 8 Bytes [4E, 7F, 67, 91, 66, 71, 67, ...]
.text ntkrnlpa.exe!KeSetEvent + 1A9 83CC68EC 4 Bytes [8E, 18, E0, 91] {MOV DS, [EAX]; LOOPNZ 0xffffffffffffff95}
.text ntkrnlpa.exe!KeSetEvent + 1C1 83CC6904 4 Bytes [EC, 63, 67, 91] {IN AL, DX ; ARPL [EDI-0x6f], SP}
.text ntkrnlpa.exe!KeSetEvent + 1D9 83CC691C 4 Bytes [EC, 10, E0, 91] {IN AL, DX ; ADC AL, AH; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C07000, 0x2CB104, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA7A0F300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA7A52300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[948] ntdll.dll!NtAllocateVirtualMemory 77994134 5 Bytes JMP 0040F940 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2120] ntdll.dll!NtAllocateVirtualMemory 77994134 5 Bytes JMP 0050DF00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73B48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73B9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420B5278-4CCE-48EE-8E0E-1899B89B3B19}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {420B5278-4CCE-48EE-8E0E-1899B89B3B19}
---- EOF - GMER 1.0.15 ----
Re: PC SEKANI
Dobrý den,
Prosím taktéž o kontrolu logu, z důvodů popsaných výše.........
ComboFix 10-01-24.05 - Mates 25.01.2010 15:42:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2229 [GMT 1:00]
Spuštěný z: c:\users\Mates\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LINKMAGIC.lnk
c:\recycler\S-1-5-21-1085031214-1957994488-725345543-1003
c:\users\Mates\AppData\Roaming\inst.exe
c:\users\Mates\Documents\cc_20091223_130512.reg
c:\windows\Suyin.reg
c:\windows\system32\bcmwl6.inf
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 14:58 . 2010-01-25 14:59 -------- d-----w- c:\users\Mates\AppData\Local\temp
2010-01-25 14:58 . 2010-01-25 14:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-25 14:58 . 2010-01-25 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-25 14:42 . 2010-01-25 14:42 -------- d-----w- c:\users\Mates\AppData\Local\ESET
2010-01-23 16:40 . 2010-01-23 16:40 -------- d-----w- c:\windows\system32\Uniblue
2010-01-22 18:59 . 2010-01-23 21:26 -------- d-----w- c:\program files\ESET
2010-01-22 18:42 . 2009-09-02 09:20 652 ----a-w- c:\windows\FIX.reg
2010-01-22 18:42 . 2008-11-01 12:23 280 ----a-w- c:\windows\reset.reg
2010-01-22 15:42 . 2008-01-21 02:24 9216 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report02eafb4f\LogonUI.exe
2010-01-22 15:14 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-22 15:14 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-22 15:14 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-22 15:14 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-22 15:14 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-22 15:14 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-19 16:10 . 2010-01-19 17:43 -------- d-----w- c:\programdata\POPWWPROFILES
2010-01-19 15:41 . 2010-01-19 15:41 -------- d-----w- C:\QIP
2010-01-19 15:40 . 2010-01-19 15:42 -------- d-----w- c:\program files\QIP Infium
2010-01-19 15:05 . 2008-07-01 12:16 388096 ----a-w- c:\windows\system32\netr28.sys
2010-01-19 15:05 . 2008-07-01 12:13 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2010-01-19 15:05 . 2008-07-01 12:13 14028 ----a-w- c:\windows\system32\RaCoInst.dat
2010-01-19 15:05 . 2010-01-19 15:05 -------- d-----w- c:\programdata\Ralink
2010-01-19 15:04 . 2008-04-23 16:19 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-19 15:03 . 2010-01-19 15:03 -------- d-----w- c:\program files\Broadcom
2010-01-19 14:52 . 2010-01-19 14:52 -------- d-----w- c:\programdata\Broadcom
2010-01-19 14:45 . 2008-03-18 10:36 54824 ------w- c:\windows\system32\agrsmdel.exe
2010-01-19 14:45 . 2007-12-11 10:40 13312 ------w- c:\windows\system32\agrscoin.dll
2010-01-19 14:45 . 2010-01-19 14:45 -------- d-----w- c:\program files\Apoint2K
2010-01-19 14:40 . 2010-01-19 14:40 -------- d-----w- c:\windows\Options
2010-01-19 14:40 . 2010-01-19 14:40 -------- d-----w- c:\program files\Atheros
2010-01-19 14:40 . 2008-08-14 17:37 921600 ----a-w- c:\windows\system32\athr.sys
2010-01-19 14:39 . 2010-01-19 14:39 -------- d-----w- c:\programdata\Atheros
2010-01-19 14:31 . 2008-01-31 22:14 166448 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-19 14:31 . 2008-01-19 15:53 100546 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-18 17:25 . 2010-01-19 15:59 -------- d-----w- C:\dell
2010-01-14 16:14 . 2008-12-04 00:25 120832 ----a-w- c:\users\Mates\AppData\Roaming\Mozilla\Firefox\Profiles\y3zw9ejq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-01-14 16:01 . 2010-01-14 16:20 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 15:39 . 2010-01-24 18:10 -------- d-----w- c:\users\Mates\AppData\Roaming\Winamp
2010-01-13 15:39 . 2010-01-13 15:40 -------- d-----w- c:\program files\Winamp
2010-01-13 13:58 . 2010-01-13 13:58 -------- d-----w- c:\programdata\POP3Profiles
2010-01-13 05:20 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:20 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 18:27 . 2009-01-16 02:27 11264 ----a-w- c:\windows\system32\atimuixx.dll
2010-01-09 18:19 . 2010-01-09 18:19 -------- d-----w- C:\ATI
2010-01-09 18:13 . 2010-01-09 18:13 49408000 ----a-w- c:\users\Mates\AppData\Roaming\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa015_00_60000_52.exe
2010-01-09 17:27 . 2009-07-06 03:18 2644135 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\Uniblue DiskRescue.exe
2010-01-09 17:27 . 2009-07-06 03:23 2653048 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-01-09 17:27 . 2008-09-10 15:22 836880 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\B4B74A3\3826204\UBDefrag.DLL
2010-01-09 17:26 . 2008-11-14 13:32 774144 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3FBA627D\1A9B0B16\ScanPluginView.dll
2010-01-09 17:23 . 2010-01-09 17:27 -------- dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-09 15:28 . 2009-07-06 03:40 2838454 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2010-01-09 15:28 . 2009-04-29 09:45 845128 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2010-01-09 15:28 . 2009-04-29 09:45 771368 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2010-01-09 15:28 . 2009-04-29 09:45 54608 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2010-01-09 15:28 . 2009-04-29 09:45 519168 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2010-01-09 15:28 . 2009-04-29 09:45 474408 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2010-01-09 15:28 . 2009-04-29 09:45 395048 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2010-01-09 15:28 . 2009-04-29 09:45 345008 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2010-01-09 15:28 . 2009-04-29 09:45 236840 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2010-01-09 15:28 . 2009-04-29 09:45 197968 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2010-01-09 15:28 . 2009-04-29 09:45 614696 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2010-01-09 15:28 . 2009-04-29 09:45 1250600 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2010-01-09 15:27 . 2010-01-09 15:28 -------- dc-h--w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2010-01-09 11:14 . 2010-01-09 11:16 3175784 ----a-w- c:\users\Mates\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2010-01-09 10:50 . 2010-01-09 17:27 -------- d-----w- c:\program files\Uniblue
2010-01-06 15:02 . 2010-01-09 17:34 -------- d-----w- c:\users\Mates\AppData\Roaming\Uniblue
2010-01-06 14:57 . 2010-01-06 14:57 -------- d-----w- c:\programdata\Vso
2010-01-06 14:31 . 2010-01-06 14:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-06 14:31 . 2010-01-06 14:31 47360 ----a-w- c:\users\Mates\AppData\Roaming\pcouffin.sys
2010-01-06 14:31 . 2010-01-06 15:29 -------- d-----w- c:\users\Mates\AppData\Roaming\Vso
2010-01-06 14:30 . 2010-01-06 14:30 -------- d-----w- c:\program files\VSO
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 14:57 . 2009-07-21 05:44 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 14:46 . 2008-05-20 04:12 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-01-25 14:46 . 2008-05-20 04:12 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-01-25 14:37 . 2009-05-31 20:04 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-25 14:37 . 2009-06-06 14:24 -------- d-----w- c:\users\Mates\AppData\Roaming\uTorrent
2010-01-25 14:36 . 2009-06-06 17:03 -------- d-----w- c:\users\Mates\AppData\Roaming\Skype
2010-01-25 14:22 . 2009-08-17 12:04 -------- d-----w- c:\program files\NetSoftware
2010-01-23 18:22 . 2009-08-08 09:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-23 13:03 . 2009-11-29 20:20 1356 ----a-w- c:\users\Mates\AppData\Local\d3d9caps.dat
2010-01-22 22:16 . 2009-06-09 20:04 -------- d-----w- c:\program files\Moje Aplikace
2010-01-22 21:37 . 2009-05-31 20:23 -------- d-----w- c:\programdata\eSobi
2010-01-22 21:36 . 2009-06-06 17:37 -------- d-----w- c:\users\Mates\AppData\Roaming\eSobi
2010-01-22 14:53 . 2008-05-19 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 10:28 . 2009-09-02 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 14:24 . 2009-08-08 08:34 -------- d-----w- c:\program files\IObit
2010-01-19 14:50 . 2009-05-31 20:07 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-19 14:45 . 2010-01-19 14:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-18 21:39 . 2009-06-21 14:18 -------- d-----w- c:\users\Mates\AppData\Roaming\BSplayer Pro
2010-01-17 23:07 . 2009-06-07 08:11 -------- d-----w- c:\users\Mates\AppData\Roaming\skypePM
2010-01-16 08:10 . 2009-06-17 18:52 58 ----a-w- c:\windows\system32\sp701asm.dat
2010-01-14 17:20 . 2010-01-09 17:26 -------- d-----w- c:\programdata\DriverScanner
2010-01-14 10:12 . 2009-10-02 23:35 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 15:36 . 2009-06-07 11:34 -------- d-----w- c:\program files\Ubisoft
2010-01-13 13:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-10 10:14 . 2009-05-31 20:04 -------- d-----w- c:\program files\ATI
2010-01-09 17:27 . 2010-01-09 17:26 -------- dc-h--w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2010-01-08 14:18 . 2009-08-09 11:13 -------- d-----w- c:\program files\Záloha
2010-01-06 15:18 . 2009-06-06 20:17 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-06 15:18 . 2009-06-06 20:17 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-04 17:02 . 2009-11-21 08:59 -------- d-----w- c:\users\Mates\AppData\Roaming\Any Video Converter
2010-01-04 17:02 . 2009-11-17 10:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-04 16:37 . 2009-11-15 13:21 -------- d-----w- c:\users\Mates\AppData\Roaming\Software Informer
2010-01-02 06:38 . 2010-01-22 14:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 14:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 14:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 14:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-24 10:53 . 2009-11-29 10:41 -------- d-----w- c:\users\Mates\AppData\Roaming\Nero
2009-12-16 09:50 . 2009-12-12 10:08 -------- d-----w- c:\users\Guest\AppData\Roaming\Ice Age 2
2009-12-14 15:44 . 2009-12-10 14:20 -------- d-----w- c:\users\Mates\AppData\Roaming\Ice Age 2
2009-12-10 15:16 . 2009-06-11 15:24 -------- d-----w- c:\users\Guest\AppData\Roaming\Nero
2009-12-10 15:15 . 2009-06-11 15:24 130736 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:19 . 2009-12-10 14:19 1 ----a-w- C:\DXOkay.bin
2009-12-08 19:30 . 2009-12-08 19:30 -------- d-----w- c:\users\Mates\AppData\Roaming\XRay Engine
2009-12-04 17:36 . 2009-06-06 14:24 -------- d-----w- c:\program files\uTorrent
2009-11-29 19:49 . 2009-06-14 12:15 -------- d-----w- c:\program files\VDOWNLOADER
2009-11-29 19:44 . 2009-05-31 20:05 130736 ----a-w- c:\users\Mates\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-29 19:34 . 2009-06-06 17:45 -------- d-----w- c:\program files\Microsoft Works
2009-11-29 10:39 . 2009-06-06 18:11 -------- d-----w- c:\programdata\Nero
2009-11-29 10:31 . 2009-06-06 18:11 -------- d-----w- c:\program files\Common Files\Nero
2009-11-29 10:10 . 2009-11-29 09:49 -------- d-----w- c:\program files\Nero
2009-11-16 20:29 . 2009-11-16 18:13 53319 ----a-w- c:\programdata\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-11-16 18:28 . 2009-11-16 12:24 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-16 09:51 . 2009-11-16 09:51 22528 ----a-r- c:\users\Mates\AppData\Roaming\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe
2009-11-09 18:00 . 2009-11-17 10:29 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 12:31 . 2009-12-09 14:13 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 14:13 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 14:13 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 21:00 . 2009-11-06 21:00 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 02:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 19:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-17 12:05 . 2009-08-17 12:05 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2009-10-05 17:34 . 2009-10-25 12:48 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-01 11:42 . 2009-06-01 11:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\users\Mates\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-10-05 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-10-05 17:34 150768 ----a-w- c:\users\Mates\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-01 13:31 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-01-10 289584]
"infium.exe"="c:\program files\QIP Infium\infium.exe" [2009-10-08 5662720]
"Skype.exe"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"daemon.exe"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2009-10-19 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-01 2079256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-24 159744]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-05-31 20:04 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,52,14,2d,08,02,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/16 19:35];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 16:59 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 12:11 16384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 15:49 93312]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19.5.2008 19:35 24576]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [1.9.2008 14:31 108568]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 21:42 50424]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.4.2007 19:09 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [8.8.2009 10:08 1153368]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10.9.2008 16:22 229648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28.3.2008 12:44 210432]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 6:40 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15.4.2008 19:13 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [8.4.2008 19:46 43736]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.6.2009 14:11 721904]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 2:03 131072]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31.5.2009 21:04 24064]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [7.5.2008 7:39 17968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [11.6.2009 16:34 81704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-25 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-11-15 12:51]
2010-01-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-11-15 12:51]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84459838-171874766-2945494207-1003Core.job
- c:\users\Mates\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-21 13:28]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84459838-171874766-2945494207-1003UA.job
- c:\users\Mates\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-21 13:28]
2010-01-18 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-15 08:22]
2010-01-09 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0609&m=extensa_5630
mStart Page = hxxp://www.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Mates\AppData\Roaming\Mozilla\Firefox\Profiles\y3zw9ejq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.maggots-lair.com/novinky
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb128\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb128\SearchSettings.dll
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
MSConfigStartUp-Skytel - Skytel.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 15:59
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\users\Mates\AppData\Roaming\Software Informer\cache\icons\EW : Cossacks.ico 4398 bytes hidden from API
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-25 16:04:18
ComboFix-quarantined-files.txt 2010-01-25 15:04
Před spuštěním: Volných bajtů: 16 412 561 408
Po spuštění: Volných bajtů: 21 054 160 896
- - End Of File - - BAB7EAF23CA340630511EF03543FBD01
Prosím taktéž o kontrolu logu, z důvodů popsaných výše.........
ComboFix 10-01-24.05 - Mates 25.01.2010 15:42:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2229 [GMT 1:00]
Spuštěný z: c:\users\Mates\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LINKMAGIC.lnk
c:\recycler\S-1-5-21-1085031214-1957994488-725345543-1003
c:\users\Mates\AppData\Roaming\inst.exe
c:\users\Mates\Documents\cc_20091223_130512.reg
c:\windows\Suyin.reg
c:\windows\system32\bcmwl6.inf
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-25 do 2010-01-25 )))))))))))))))))))))))))))))))
.
2010-01-25 14:58 . 2010-01-25 14:59 -------- d-----w- c:\users\Mates\AppData\Local\temp
2010-01-25 14:58 . 2010-01-25 14:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-25 14:58 . 2010-01-25 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-25 14:42 . 2010-01-25 14:42 -------- d-----w- c:\users\Mates\AppData\Local\ESET
2010-01-23 16:40 . 2010-01-23 16:40 -------- d-----w- c:\windows\system32\Uniblue
2010-01-22 18:59 . 2010-01-23 21:26 -------- d-----w- c:\program files\ESET
2010-01-22 18:42 . 2009-09-02 09:20 652 ----a-w- c:\windows\FIX.reg
2010-01-22 18:42 . 2008-11-01 12:23 280 ----a-w- c:\windows\reset.reg
2010-01-22 15:42 . 2008-01-21 02:24 9216 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report02eafb4f\LogonUI.exe
2010-01-22 15:14 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-22 15:14 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-22 15:14 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-22 15:14 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-22 15:14 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-22 15:14 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-19 16:10 . 2010-01-19 17:43 -------- d-----w- c:\programdata\POPWWPROFILES
2010-01-19 15:41 . 2010-01-19 15:41 -------- d-----w- C:\QIP
2010-01-19 15:40 . 2010-01-19 15:42 -------- d-----w- c:\program files\QIP Infium
2010-01-19 15:05 . 2008-07-01 12:16 388096 ----a-w- c:\windows\system32\netr28.sys
2010-01-19 15:05 . 2008-07-01 12:13 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2010-01-19 15:05 . 2008-07-01 12:13 14028 ----a-w- c:\windows\system32\RaCoInst.dat
2010-01-19 15:05 . 2010-01-19 15:05 -------- d-----w- c:\programdata\Ralink
2010-01-19 15:04 . 2008-04-23 16:19 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-19 15:03 . 2010-01-19 15:03 -------- d-----w- c:\program files\Broadcom
2010-01-19 14:52 . 2010-01-19 14:52 -------- d-----w- c:\programdata\Broadcom
2010-01-19 14:45 . 2008-03-18 10:36 54824 ------w- c:\windows\system32\agrsmdel.exe
2010-01-19 14:45 . 2007-12-11 10:40 13312 ------w- c:\windows\system32\agrscoin.dll
2010-01-19 14:45 . 2010-01-19 14:45 -------- d-----w- c:\program files\Apoint2K
2010-01-19 14:40 . 2010-01-19 14:40 -------- d-----w- c:\windows\Options
2010-01-19 14:40 . 2010-01-19 14:40 -------- d-----w- c:\program files\Atheros
2010-01-19 14:40 . 2008-08-14 17:37 921600 ----a-w- c:\windows\system32\athr.sys
2010-01-19 14:39 . 2010-01-19 14:39 -------- d-----w- c:\programdata\Atheros
2010-01-19 14:31 . 2008-01-31 22:14 166448 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-19 14:31 . 2008-01-19 15:53 100546 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-18 17:25 . 2010-01-19 15:59 -------- d-----w- C:\dell
2010-01-14 16:14 . 2008-12-04 00:25 120832 ----a-w- c:\users\Mates\AppData\Roaming\Mozilla\Firefox\Profiles\y3zw9ejq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-01-14 16:01 . 2010-01-14 16:20 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 15:39 . 2010-01-24 18:10 -------- d-----w- c:\users\Mates\AppData\Roaming\Winamp
2010-01-13 15:39 . 2010-01-13 15:40 -------- d-----w- c:\program files\Winamp
2010-01-13 13:58 . 2010-01-13 13:58 -------- d-----w- c:\programdata\POP3Profiles
2010-01-13 05:20 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:20 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 18:27 . 2009-01-16 02:27 11264 ----a-w- c:\windows\system32\atimuixx.dll
2010-01-09 18:19 . 2010-01-09 18:19 -------- d-----w- C:\ATI
2010-01-09 18:13 . 2010-01-09 18:13 49408000 ----a-w- c:\users\Mates\AppData\Roaming\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa015_00_60000_52.exe
2010-01-09 17:27 . 2009-07-06 03:18 2644135 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\Uniblue DiskRescue.exe
2010-01-09 17:27 . 2009-07-06 03:23 2653048 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-01-09 17:27 . 2008-09-10 15:22 836880 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\B4B74A3\3826204\UBDefrag.DLL
2010-01-09 17:26 . 2008-11-14 13:32 774144 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\driverscanner\3FBA627D\1A9B0B16\ScanPluginView.dll
2010-01-09 17:23 . 2010-01-09 17:27 -------- dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-09 15:28 . 2009-07-06 03:40 2838454 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2010-01-09 15:28 . 2009-04-29 09:45 845128 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2010-01-09 15:28 . 2009-04-29 09:45 771368 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2010-01-09 15:28 . 2009-04-29 09:45 54608 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2010-01-09 15:28 . 2009-04-29 09:45 519168 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2010-01-09 15:28 . 2009-04-29 09:45 474408 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2010-01-09 15:28 . 2009-04-29 09:45 395048 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2010-01-09 15:28 . 2009-04-29 09:45 345008 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2010-01-09 15:28 . 2009-04-29 09:45 236840 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2010-01-09 15:28 . 2009-04-29 09:45 197968 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2010-01-09 15:28 . 2009-04-29 09:45 614696 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2010-01-09 15:28 . 2009-04-29 09:45 1250600 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2010-01-09 15:27 . 2010-01-09 15:28 -------- dc-h--w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2010-01-09 11:14 . 2010-01-09 11:16 3175784 ----a-w- c:\users\Mates\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2010-01-09 10:50 . 2010-01-09 17:27 -------- d-----w- c:\program files\Uniblue
2010-01-06 15:02 . 2010-01-09 17:34 -------- d-----w- c:\users\Mates\AppData\Roaming\Uniblue
2010-01-06 14:57 . 2010-01-06 14:57 -------- d-----w- c:\programdata\Vso
2010-01-06 14:31 . 2010-01-06 14:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-06 14:31 . 2010-01-06 14:31 47360 ----a-w- c:\users\Mates\AppData\Roaming\pcouffin.sys
2010-01-06 14:31 . 2010-01-06 15:29 -------- d-----w- c:\users\Mates\AppData\Roaming\Vso
2010-01-06 14:30 . 2010-01-06 14:30 -------- d-----w- c:\program files\VSO
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 14:57 . 2009-07-21 05:44 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 14:46 . 2008-05-20 04:12 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-01-25 14:46 . 2008-05-20 04:12 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-01-25 14:37 . 2009-05-31 20:04 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-25 14:37 . 2009-06-06 14:24 -------- d-----w- c:\users\Mates\AppData\Roaming\uTorrent
2010-01-25 14:36 . 2009-06-06 17:03 -------- d-----w- c:\users\Mates\AppData\Roaming\Skype
2010-01-25 14:22 . 2009-08-17 12:04 -------- d-----w- c:\program files\NetSoftware
2010-01-23 18:22 . 2009-08-08 09:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-23 13:03 . 2009-11-29 20:20 1356 ----a-w- c:\users\Mates\AppData\Local\d3d9caps.dat
2010-01-22 22:16 . 2009-06-09 20:04 -------- d-----w- c:\program files\Moje Aplikace
2010-01-22 21:37 . 2009-05-31 20:23 -------- d-----w- c:\programdata\eSobi
2010-01-22 21:36 . 2009-06-06 17:37 -------- d-----w- c:\users\Mates\AppData\Roaming\eSobi
2010-01-22 14:53 . 2008-05-19 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 10:28 . 2009-09-02 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 14:24 . 2009-08-08 08:34 -------- d-----w- c:\program files\IObit
2010-01-19 14:50 . 2009-05-31 20:07 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-19 14:45 . 2010-01-19 14:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-18 21:39 . 2009-06-21 14:18 -------- d-----w- c:\users\Mates\AppData\Roaming\BSplayer Pro
2010-01-17 23:07 . 2009-06-07 08:11 -------- d-----w- c:\users\Mates\AppData\Roaming\skypePM
2010-01-16 08:10 . 2009-06-17 18:52 58 ----a-w- c:\windows\system32\sp701asm.dat
2010-01-14 17:20 . 2010-01-09 17:26 -------- d-----w- c:\programdata\DriverScanner
2010-01-14 10:12 . 2009-10-02 23:35 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 15:36 . 2009-06-07 11:34 -------- d-----w- c:\program files\Ubisoft
2010-01-13 13:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-10 10:14 . 2009-05-31 20:04 -------- d-----w- c:\program files\ATI
2010-01-09 17:27 . 2010-01-09 17:26 -------- dc-h--w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2010-01-08 14:18 . 2009-08-09 11:13 -------- d-----w- c:\program files\Záloha
2010-01-06 15:18 . 2009-06-06 20:17 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-06 15:18 . 2009-06-06 20:17 952 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-04 17:02 . 2009-11-21 08:59 -------- d-----w- c:\users\Mates\AppData\Roaming\Any Video Converter
2010-01-04 17:02 . 2009-11-17 10:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-04 16:37 . 2009-11-15 13:21 -------- d-----w- c:\users\Mates\AppData\Roaming\Software Informer
2010-01-02 06:38 . 2010-01-22 14:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 14:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 14:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 14:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-24 10:53 . 2009-11-29 10:41 -------- d-----w- c:\users\Mates\AppData\Roaming\Nero
2009-12-16 09:50 . 2009-12-12 10:08 -------- d-----w- c:\users\Guest\AppData\Roaming\Ice Age 2
2009-12-14 15:44 . 2009-12-10 14:20 -------- d-----w- c:\users\Mates\AppData\Roaming\Ice Age 2
2009-12-10 15:16 . 2009-06-11 15:24 -------- d-----w- c:\users\Guest\AppData\Roaming\Nero
2009-12-10 15:15 . 2009-06-11 15:24 130736 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:19 . 2009-12-10 14:19 1 ----a-w- C:\DXOkay.bin
2009-12-08 19:30 . 2009-12-08 19:30 -------- d-----w- c:\users\Mates\AppData\Roaming\XRay Engine
2009-12-04 17:36 . 2009-06-06 14:24 -------- d-----w- c:\program files\uTorrent
2009-11-29 19:49 . 2009-06-14 12:15 -------- d-----w- c:\program files\VDOWNLOADER
2009-11-29 19:44 . 2009-05-31 20:05 130736 ----a-w- c:\users\Mates\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-29 19:34 . 2009-06-06 17:45 -------- d-----w- c:\program files\Microsoft Works
2009-11-29 10:39 . 2009-06-06 18:11 -------- d-----w- c:\programdata\Nero
2009-11-29 10:31 . 2009-06-06 18:11 -------- d-----w- c:\program files\Common Files\Nero
2009-11-29 10:10 . 2009-11-29 09:49 -------- d-----w- c:\program files\Nero
2009-11-16 20:29 . 2009-11-16 18:13 53319 ----a-w- c:\programdata\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-11-16 18:28 . 2009-11-16 12:24 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-16 09:51 . 2009-11-16 09:51 22528 ----a-r- c:\users\Mates\AppData\Roaming\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe
2009-11-09 18:00 . 2009-11-17 10:29 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-09 12:31 . 2009-12-09 14:13 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 14:13 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 14:13 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 21:00 . 2009-11-06 21:00 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 02:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 19:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-17 12:05 . 2009-08-17 12:05 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2009-10-05 17:34 . 2009-10-25 12:48 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-01 11:42 . 2009-06-01 11:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\users\Mates\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-10-05 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-10-05 17:34 150768 ----a-w- c:\users\Mates\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-01 13:31 98328 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-01-10 289584]
"infium.exe"="c:\program files\QIP Infium\infium.exe" [2009-10-08 5662720]
"Skype.exe"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"daemon.exe"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reset"="regedit" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2009-10-19 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"NBHGui"="c:\program files\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-01 2079256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-24 159744]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-05-31 20:04 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,52,14,2d,08,02,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/16 19:35];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 16:59 87536]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 12:11 16384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 15:49 93312]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19.5.2008 19:35 24576]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [1.9.2008 14:31 108568]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 21:42 50424]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.4.2007 19:09 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [8.8.2009 10:08 1153368]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10.9.2008 16:22 229648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28.3.2008 12:44 210432]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 6:40 3668480]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15.4.2008 19:13 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [8.4.2008 19:46 43736]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.6.2009 14:11 721904]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 2:03 131072]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31.5.2009 21:04 24064]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [7.5.2008 7:39 17968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [11.6.2009 16:34 81704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-25 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-11-15 12:51]
2010-01-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-11-15 12:51]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84459838-171874766-2945494207-1003Core.job
- c:\users\Mates\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-21 13:28]
2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84459838-171874766-2945494207-1003UA.job
- c:\users\Mates\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-21 13:28]
2010-01-18 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-15 08:22]
2010-01-09 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0609&m=extensa_5630
mStart Page = hxxp://www.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Mates\AppData\Roaming\Mozilla\Firefox\Profiles\y3zw9ejq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.maggots-lair.com/novinky
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb128\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb128\SearchSettings.dll
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
MSConfigStartUp-Skytel - Skytel.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 15:59
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\users\Mates\AppData\Roaming\Software Informer\cache\icons\EW : Cossacks.ico 4398 bytes hidden from API
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-25 16:04:18
ComboFix-quarantined-files.txt 2010-01-25 15:04
Před spuštěním: Volných bajtů: 16 412 561 408
Po spuštění: Volných bajtů: 21 054 160 896
- - End Of File - - BAB7EAF23CA340630511EF03543FBD01
-
- VIP
- Příspěvky: 331
- Registrován: 25 dub 2005 18:27
- Bydliště: Praha-Bubeneč
- Kontaktovat uživatele:
Re: PC SEKANI
Dobrý den,
založte si vlastní téma.
založte si vlastní téma.
![45 :arrow:](./images/smilies/45.gif)
![45 :arrow:](./images/smilies/45.gif)
![45 :arrow:](./images/smilies/45.gif)
![2 :)](./images/smilies/2.gif)
__________________________________________
Re: PC SEKANI
tak konecne asi na 6 pokus dojel mbam komplet scen dokonce a dal sem odstranit nakazene soubory. pc zatim jede ok ale porad mi prijde trochu zpomaleny, totalcommander nespadl, ostatni programy taky nepadaji tak snad ze by by konecne klid
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3628
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
26.1.2010 15:07:05
mbam-log-2010-01-26 (15-07-05).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 420113
Uplynulý čas: 1 hour(s), 24 minute(s), 52 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Program Files\Warcraft III\xpam.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully.
C:\Program Files\Warcraft III\modwar.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\hry\Braid\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3628
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
26.1.2010 15:07:05
mbam-log-2010-01-26 (15-07-05).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 420113
Uplynulý čas: 1 hour(s), 24 minute(s), 52 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Program Files\Warcraft III\xpam.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully.
C:\Program Files\Warcraft III\modwar.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\hry\Braid\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
Re: PC SEKANI
mam jeste pro jistotu udelat nejaky scan?? a co se soubory ktere vytvoril combofix??
Re: PC SEKANI
![45 :arrow:](./images/smilies/45.gif)
Start >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
![45 :arrow:](./images/smilies/45.gif)
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
![45 :arrow:](./images/smilies/45.gif)
TFC (http://oldtimer.geekstogo.com/TFC.exe)
![45 :arrow:](./images/smilies/45.gif)
-nainstalujte a vyčištěte dočasné soubory, i registry
![45 :arrow:](./images/smilies/45.gif)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
![Exclamation :!:](./images/smilies/icon_exclaim.gif)
Chcete podpořit naše forum? Informace zde
![Obrázek](http://vyosek.ic.cz/pro_usery/asap1.jpg)
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: PC SEKANI
tak vsechno od toho mbam scanu jede ok
jeste sem si vzpomnel na program mwav tem mi pise ve Virus log info:
Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Oem at 2010-01-26 17:57:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 48 GB (11%) free of 426 GB
Total RAM: 3582 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:44, on 26.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Oem\Desktop\RSIT.exe
D:\Download\Oem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5772 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-19 144792]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-24 1800464]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-25 2166784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-21 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-08 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-12-23 472568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Program Files\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\Users\Oem\Desktop\FREERA~1.82\frd.exe -m []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
C:\PROGRA~1\GIGABYTE\GAMERH~1\HUD.exe [2008-06-26 1940992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-01-26 17:48:02 ----D---- C:\rsit
2010-01-26 12:36:13 ----D---- C:\Windows\temp
2010-01-26 12:35:20 ----SHD---- C:\$RECYCLE.BIN
2010-01-26 01:28:02 ----A---- C:\Windows\MBR.exe
2010-01-26 00:04:02 ----D---- C:\Users\Oem\AppData\Roaming\PeerNetworking
2010-01-25 23:47:34 ----HD---- C:\Windows\PIF
2010-01-25 21:14:35 ----D---- C:\Program Files\SpeedFan
2010-01-25 19:42:17 ----D---- C:\ProgramData\Kaspersky Lab
2010-01-25 14:36:24 ----D---- C:\Program Files\WinClamAVShield
2010-01-25 14:22:39 ----D---- C:\Program Files\Crawler
2010-01-25 14:16:23 ----D---- C:\Users\Oem\AppData\Roaming\Spyware Terminator
2010-01-25 14:16:15 ----D---- C:\ProgramData\Spyware Terminator
2010-01-25 14:16:11 ----D---- C:\Program Files\Spyware Terminator
2010-01-24 18:54:43 ----D---- C:\ProgramData\Comodo
2010-01-24 18:54:42 ----A---- C:\Windows\system32\guard32.dll
2010-01-24 12:29:07 ----AD---- C:\Windows\VDLL.DLL
2010-01-24 12:29:07 ----AD---- C:\Windows\RUNDL132.EXE
2010-01-24 12:29:07 ----AD---- C:\Windows\logo_1.exe
2010-01-24 12:27:37 ----A---- C:\Windows\system32\eEmpty.exe
2010-01-24 12:23:06 ----D---- C:\Program Files\CCleaner
2010-01-23 12:13:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 12:13:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 12:13:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\occache.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-18 13:17:31 ----D---- C:\Program Files\Adobe
2010-01-13 00:10:03 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 00:10:02 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 17:01:07 ----D---- C:\ProgramData\ATI
2010-01-11 16:12:14 ----D---- C:\ProgramData\WOP
2010-01-11 15:04:37 ----D---- C:\Program Files\ThirdWire
2010-01-10 18:08:05 ----D---- C:\ProgramData\PopCap Games
2010-01-10 18:07:10 ----D---- C:\Program Files\Plants vs. Zombies
2010-01-08 16:02:30 ----D---- C:\Program Files\Children of the Nile - Enhanced Edition
2010-01-08 15:57:23 ----D---- C:\Program Files\G2 Games
2010-01-08 14:57:32 ----D---- C:\Program Files\3000AD
======List of files/folders modified in the last 1 months======
2010-01-26 17:57:44 ----D---- C:\Windows\Prefetch
2010-01-26 17:57:40 ----D---- C:\Windows\System32
2010-01-26 17:57:40 ----D---- C:\Windows\inf
2010-01-26 17:57:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-26 17:45:19 ----D---- C:\Windows
2010-01-26 17:41:18 ----D---- C:\Windows\system32\drivers
2010-01-26 17:36:13 ----D---- C:\ProgramData
2010-01-26 17:36:13 ----D---- C:\Program Files\Common Files
2010-01-26 17:14:21 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 16:54:56 ----D---- C:\Program Files\Steam
2010-01-26 15:56:41 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-26 15:56:33 ----SHD---- C:\System Volume Information
2010-01-26 15:48:07 ----D---- C:\hry
2010-01-26 15:32:36 ----SHD---- C:\Windows\Installer
2010-01-26 15:32:23 ----D---- C:\Program Files\Electronic Arts
2010-01-26 15:28:13 ----RD---- C:\Program Files
2010-01-26 15:08:24 ----D---- C:\Windows\ShellNew
2010-01-26 15:07:04 ----D---- C:\Program Files\Warcraft III
2010-01-26 12:51:20 ----D---- C:\Windows\Minidump
2010-01-26 12:33:47 ----A---- C:\Windows\system.ini
2010-01-26 12:30:43 ----D---- C:\Windows\AppPatch
2010-01-24 22:40:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 18:56:05 ----D---- C:\Windows\system32\catroot
2010-01-24 18:54:42 ----D---- C:\Program Files\COMODO
2010-01-24 18:05:45 ----RSD---- C:\Windows\assembly
2010-01-24 18:04:58 ----D---- C:\Windows\system32\catroot2
2010-01-24 17:09:35 ----A---- C:\Windows\win.ini
2010-01-24 15:51:23 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 15:31:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-24 12:24:56 ----D---- C:\Windows\Debug
2010-01-24 11:38:16 ----A---- C:\Windows\ged61.ini
2010-01-23 12:14:39 ----D---- C:\Windows\system32\migration
2010-01-23 12:14:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:14:29 ----D---- C:\Windows\winsxs
2010-01-20 20:42:21 ----D---- C:\Windows\Tasks
2010-01-20 20:42:21 ----D---- C:\Windows\system32\Tasks
2010-01-20 17:05:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 13:17:35 ----D---- C:\ProgramData\Adobe
2010-01-18 13:17:35 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 00:12:25 ----D---- C:\Program Files\Windows Mail
2010-01-12 17:01:29 ----D---- C:\Program Files\ATI
2010-01-12 16:58:34 ----D---- C:\Program Files\ATI Technologies
2010-01-12 16:37:19 ----D---- C:\Computer
2010-01-08 16:00:55 ----RSD---- C:\Windows\Fonts
2010-01-08 15:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-08 15:57:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-08 14:17:56 ----D---- C:\Program Files\Ubisoft
2010-01-06 13:23:27 ----D---- C:\film
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-31 22:08:24 ----D---- C:\Users\Oem\AppData\Roaming\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-24 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-24 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-24 74328]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-01-25 142592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-09-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-09-21 25888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-11 16608]
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 533888]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-24 723632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-11 215104]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-23 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-23 218608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-20 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-24 306432]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Ray;Ray; C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [2002-10-11 69632]
-----------------EOF-----------------
jeste sem si vzpomnel na program mwav tem mi pise ve Virus log info:
Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Oem at 2010-01-26 17:57:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 48 GB (11%) free of 426 GB
Total RAM: 3582 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:44, on 26.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Oem\Desktop\RSIT.exe
D:\Download\Oem.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 5772 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2450520333-1999450610-3651769405-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{9119EC9C-285C-436E-9927-7DCC29BD0CF4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-01-15 1230184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-19 144792]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-01-24 1800464]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-25 2166784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Oem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
C:\Windows\PixArt\PAP7501\GUCI_AVS.exe [2007-12-10 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-21 306088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-08 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-12-23 472568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Program Files\Warcraft III\w3dr.exe [2008-08-03 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.82.lnk]
C:\Users\Oem\Desktop\FREERA~1.82\frd.exe -m []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Oem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE Gamer HUD.lnk]
C:\PROGRA~1\GIGABYTE\GAMERH~1\HUD.exe [2008-06-26 1940992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-01-26 17:48:02 ----D---- C:\rsit
2010-01-26 12:36:13 ----D---- C:\Windows\temp
2010-01-26 12:35:20 ----SHD---- C:\$RECYCLE.BIN
2010-01-26 01:28:02 ----A---- C:\Windows\MBR.exe
2010-01-26 00:04:02 ----D---- C:\Users\Oem\AppData\Roaming\PeerNetworking
2010-01-25 23:47:34 ----HD---- C:\Windows\PIF
2010-01-25 21:14:35 ----D---- C:\Program Files\SpeedFan
2010-01-25 19:42:17 ----D---- C:\ProgramData\Kaspersky Lab
2010-01-25 14:36:24 ----D---- C:\Program Files\WinClamAVShield
2010-01-25 14:22:39 ----D---- C:\Program Files\Crawler
2010-01-25 14:16:23 ----D---- C:\Users\Oem\AppData\Roaming\Spyware Terminator
2010-01-25 14:16:15 ----D---- C:\ProgramData\Spyware Terminator
2010-01-25 14:16:11 ----D---- C:\Program Files\Spyware Terminator
2010-01-24 18:54:43 ----D---- C:\ProgramData\Comodo
2010-01-24 18:54:42 ----A---- C:\Windows\system32\guard32.dll
2010-01-24 12:29:07 ----AD---- C:\Windows\VDLL.DLL
2010-01-24 12:29:07 ----AD---- C:\Windows\RUNDL132.EXE
2010-01-24 12:29:07 ----AD---- C:\Windows\logo_1.exe
2010-01-24 12:27:37 ----A---- C:\Windows\system32\eEmpty.exe
2010-01-24 12:23:06 ----D---- C:\Program Files\CCleaner
2010-01-23 12:13:10 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 12:13:08 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 12:13:06 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 12:13:05 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\occache.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 12:13:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 12:13:03 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\iernonce.dll
2010-01-23 12:13:02 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-18 13:17:31 ----D---- C:\Program Files\Adobe
2010-01-13 00:10:03 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 00:10:02 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 17:01:07 ----D---- C:\ProgramData\ATI
2010-01-11 16:12:14 ----D---- C:\ProgramData\WOP
2010-01-11 15:04:37 ----D---- C:\Program Files\ThirdWire
2010-01-10 18:08:05 ----D---- C:\ProgramData\PopCap Games
2010-01-10 18:07:10 ----D---- C:\Program Files\Plants vs. Zombies
2010-01-08 16:02:30 ----D---- C:\Program Files\Children of the Nile - Enhanced Edition
2010-01-08 15:57:23 ----D---- C:\Program Files\G2 Games
2010-01-08 14:57:32 ----D---- C:\Program Files\3000AD
======List of files/folders modified in the last 1 months======
2010-01-26 17:57:44 ----D---- C:\Windows\Prefetch
2010-01-26 17:57:40 ----D---- C:\Windows\System32
2010-01-26 17:57:40 ----D---- C:\Windows\inf
2010-01-26 17:57:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-26 17:45:19 ----D---- C:\Windows
2010-01-26 17:41:18 ----D---- C:\Windows\system32\drivers
2010-01-26 17:36:13 ----D---- C:\ProgramData
2010-01-26 17:36:13 ----D---- C:\Program Files\Common Files
2010-01-26 17:14:21 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 16:54:56 ----D---- C:\Program Files\Steam
2010-01-26 15:56:41 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-26 15:56:33 ----SHD---- C:\System Volume Information
2010-01-26 15:48:07 ----D---- C:\hry
2010-01-26 15:32:36 ----SHD---- C:\Windows\Installer
2010-01-26 15:32:23 ----D---- C:\Program Files\Electronic Arts
2010-01-26 15:28:13 ----RD---- C:\Program Files
2010-01-26 15:08:24 ----D---- C:\Windows\ShellNew
2010-01-26 15:07:04 ----D---- C:\Program Files\Warcraft III
2010-01-26 12:51:20 ----D---- C:\Windows\Minidump
2010-01-26 12:33:47 ----A---- C:\Windows\system.ini
2010-01-26 12:30:43 ----D---- C:\Windows\AppPatch
2010-01-24 22:40:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 18:56:05 ----D---- C:\Windows\system32\catroot
2010-01-24 18:54:42 ----D---- C:\Program Files\COMODO
2010-01-24 18:05:45 ----RSD---- C:\Windows\assembly
2010-01-24 18:04:58 ----D---- C:\Windows\system32\catroot2
2010-01-24 17:09:35 ----A---- C:\Windows\win.ini
2010-01-24 15:51:23 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-01-24 15:31:17 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-24 12:24:56 ----D---- C:\Windows\Debug
2010-01-24 11:38:16 ----A---- C:\Windows\ged61.ini
2010-01-23 12:14:39 ----D---- C:\Windows\system32\migration
2010-01-23 12:14:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:14:29 ----D---- C:\Windows\winsxs
2010-01-20 20:42:21 ----D---- C:\Windows\Tasks
2010-01-20 20:42:21 ----D---- C:\Windows\system32\Tasks
2010-01-20 17:05:46 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 13:17:35 ----D---- C:\ProgramData\Adobe
2010-01-18 13:17:35 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 00:12:25 ----D---- C:\Program Files\Windows Mail
2010-01-12 17:01:29 ----D---- C:\Program Files\ATI
2010-01-12 16:58:34 ----D---- C:\Program Files\ATI Technologies
2010-01-12 16:37:19 ----D---- C:\Computer
2010-01-08 16:00:55 ----RSD---- C:\Windows\Fonts
2010-01-08 15:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-08 15:57:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-08 14:17:56 ----D---- C:\Program Files\Ubisoft
2010-01-06 13:23:27 ----D---- C:\film
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-31 22:08:24 ----D---- C:\Users\Oem\AppData\Roaming\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-24 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-24 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-24 74328]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-01-25 142592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-09-21 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-09-21 25888]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 103440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 ET5Drv;ET5Drv; \??\C:\Windows\system32\Drivers\ET5Drv.sys [2007-10-11 30008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-12-11 16608]
S3 GUCI_AVS;iSlim 320; C:\Windows\system32\DRIVERS\GUCI_AVS.sys [2008-03-31 533888]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-24 723632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-04 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-11 215104]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-12-23 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-12-23 218608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-20 316664]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-24 306432]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Ray;Ray; C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B18\rayserver.exe [2002-10-11 69632]
-----------------EOF-----------------