zdravim,po odinstalovani AVG antiviru nejdou hacky ani carky,mala pismena s hacky tez nejdou,jsou tam jen cislice
Logfile of random's system information tool 1.06 (written by random/random)
Run by user10 at 2010-02-12 21:02:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:24, on 12.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Kalendar\kalendar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user10\Dokumenty\Stažené soubory\RSIT.exe
G:\user10.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Kalendar] C:\Program Files\Kalendar\kalendar.exe
O4 - HKCU\..\Run: [Organizér] C:\Program Files\Fireluke\Organizer\Organizer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7383176750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7383252765
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 5590 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}]
FlpLauncher Class - C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll [2000-08-21 61440]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"=C:\Program Files\Kalendar\kalendar.exe [2005-11-09 580608]
"Organizér"=C:\Program Files\Fireluke\Organizer\Organizer.exe [2009-05-12 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoResolveTrack"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveTrack"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MC2\Sniper Elite\SniperElite.exe"="C:\Program Files\MC2\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Silent Hunter Wolves of the Pacific\sh4.exe"="C:\Program Files\Silent Hunter Wolves of the Pacific\sh4.exe:*:Enabled:Silent Hunter IV"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Ubi Soft\IL2 Sturmovik\il2.exe"="C:\Program Files\Ubi Soft\IL2 Sturmovik\il2.exe:*:Enabled:il2"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\EA Sports\UEFA EURO 2008\EURO08.exe"="C:\Program Files\EA Sports\UEFA EURO 2008\EURO08.exe:*:Enabled:EURO08"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"G:\antivir,spyware,trojan atd\setup.exe"="G:\antivir,spyware,trojan atd\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-12 21:02:17 ----D---- C:\rsit
2010-02-12 20:53:39 ----D---- C:\Program Files\Mozilla Firefox
2010-02-12 20:11:38 ----SHD---- C:\RECYCLER
2010-02-12 19:42:24 ----D---- C:\WINDOWS\ERDNT
2010-02-12 18:24:30 ----D---- C:\Program Files\ESET
2010-02-12 18:24:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-02-12 18:06:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-12 12:18:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-02-12 10:49:02 ----D---- C:\Documents and Settings\user10\Data aplikací\DivX
2010-02-12 08:38:12 ----D---- C:\Documents and Settings\user10\Data aplikací\Mra
2010-02-12 08:35:10 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-02-12 08:35:10 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-02-11 21:51:15 ----D---- C:\Documents and Settings\user10\Data aplikací\skypePM
2010-02-11 16:47:33 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-11 16:13:15 ----HD---- C:\WINDOWS\PIF
2010-02-11 15:17:00 ----D---- C:\Documents and Settings\user10\Data aplikací\ScanSpyware
2010-02-10 21:37:47 ----D---- C:\Program Files\Microsoft Games
2010-02-10 15:08:08 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-10 08:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 08:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 08:44:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 08:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 08:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 08:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 08:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 08:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 08:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-09 08:03:46 ----D---- C:\Downloads
2010-02-08 08:28:42 ----D---- C:\Program Files\DAEMON Tools Lite
2010-02-07 16:31:18 ----D---- C:\WINDOWS\system32\AGEIA
2010-02-06 23:37:28 ----D---- C:\WINDOWS\setup.pss
2010-02-06 20:34:48 ----D---- C:\WINDOWS\system32\Nexus Radio
2010-02-06 20:34:48 ----D---- C:\Program Files\Nexus Radio
2010-02-06 13:02:03 ----D---- C:\Program Files\BitComet
2010-02-06 12:52:29 ----D---- C:\Documents and Settings\user10\Data aplikací\Opera
2010-02-05 22:24:10 ----D---- C:\Documents and Settings\user10\Data aplikací\RigNRoll
2010-02-05 17:42:12 ----D---- C:\Program Files\German Truck Simulator
2010-02-05 17:03:08 ----D---- C:\Program Files\Loaris
2010-02-05 16:48:57 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-02-05 16:47:37 ----D---- C:\WINDOWS\system32\DirectX
2010-02-05 16:46:30 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-02-05 16:45:56 ----D---- C:\Program Files\ATI Technologies
2010-02-05 14:49:33 ----D---- C:\Program Files\Euro Truck Simulator
2010-02-05 14:39:58 ----D---- C:\Program Files\AnvSoft
2010-02-05 11:24:00 ----D---- C:\Documents and Settings\user10\Data aplikací\DAEMON Tools Pro
2010-02-05 11:00:37 ----D---- C:\Documents and Settings\user10\Data aplikací\DAEMON Tools Lite
2010-02-04 09:45:38 ----D---- C:\Documents and Settings\user10\Data aplikací\TrojanHunter
2010-02-04 09:04:58 ----D---- C:\Program Files\TrojanHunter 4.7
2010-02-03 22:23:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\SITEguard
2010-02-01 21:56:50 ----D---- C:\Documents and Settings\user10\Data aplikací\Registry Booster
2010-02-01 10:50:10 ----D---- C:\Documents and Settings\user10\Data aplikací\TuneUp Software
2010-02-01 01:31:32 ----DC---- C:\Documents and Settings\All Users\Data aplikací\{4E1B117F-A681-406A-88B5-AF868CF9CB04}
2010-02-01 01:30:14 ----DC---- C:\Documents and Settings\All Users\Data aplikací\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
2010-02-01 01:29:45 ----DC---- C:\Documents and Settings\All Users\Data aplikací\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-01-31 13:51:00 ----D---- C:\Documents and Settings\user10\Data aplikací\flightgear.org
2010-01-30 14:42:38 ----D---- C:\Documents and Settings\user10\Data aplikací\ChemTable Software
2010-01-30 13:02:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVS4YOU
2010-01-30 13:02:20 ----D---- C:\Documents and Settings\user10\Data aplikací\AVS4YOU
2010-01-30 13:01:39 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-01-30 11:59:13 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-01-30 10:46:16 ----RA---- C:\WINDOWS\system32\ATIODE.exe.manifest
2010-01-30 10:46:16 ----RA---- C:\WINDOWS\system32\ATIODCLI.exe.manifest
2010-01-30 10:46:15 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-01-30 10:46:10 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2010-01-29 17:11:19 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2010-01-29 00:32:21 ----D---- C:\WINDOWS\pss
2010-01-28 23:53:09 ----D---- C:\Documents and Settings\user10\Data aplikací\ATI
2010-01-28 22:26:51 ----N---- C:\WINDOWS\Updreg.EXE
2010-01-28 22:26:51 ----N---- C:\WINDOWS\system32\SFCVRT32.DLL
2010-01-28 22:26:51 ----N---- C:\WINDOWS\CTRES.DLL
2010-01-28 22:26:51 ----N---- C:\WINDOWS\CTCCW.DLL
2010-01-28 22:26:51 ----N---- C:\WINDOWS\AC3API.INI
2010-01-28 22:26:50 ----N---- C:\WINDOWS\system32\INETWH32.DLL
2010-01-28 22:26:50 ----N---- C:\WINDOWS\system32\CTWFLT32.DLL
2010-01-28 22:26:50 ----N---- C:\WINDOWS\system32\CTL3D.DLL
2010-01-28 22:26:15 ----A---- C:\WINDOWS\system32\Emu10kx.ini
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\sfms32.dll
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\regplib.exe
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\piaproxy.dll
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\killapps.exe
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\kill.ini
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\eaxac3.dll
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\CTSBLFX.DLL
2010-01-28 22:26:12 ----A---- C:\WINDOWS\system32\ctosuser.dll
2010-01-28 22:26:12 ----A---- C:\WINDOWS\READREG.EXE
2010-01-28 22:26:12 ----A---- C:\WINDOWS\PSCONV.EXE
2010-01-28 22:26:12 ----A---- C:\WINDOWS\MIDIDEF.EXE
2010-01-28 22:26:12 ----A---- C:\WINDOWS\DEVREG.DLL
2010-01-28 22:26:12 ----A---- C:\WINDOWS\CTDCRES.DLL
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\ctemupia.dll
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\ctdproxy.dll
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\CTDEVCON.DLL
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\ctasio.dll
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\ctagent.dll
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\COMMONFX.DLL
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\ac3api.dll
2010-01-28 22:26:11 ----A---- C:\WINDOWS\system32\a3d.dll
2010-01-28 22:25:46 ----N---- C:\WINDOWS\system32\AHQCpURes.dll
2010-01-28 22:24:58 ----D---- C:\Program Files\Creative
2010-01-28 21:38:20 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-01-28 19:57:16 ----D---- C:\Documents and Settings\user10\Data aplikací\Creative
2010-01-28 18:43:36 ----D---- C:\Program Files\RegCure
2010-01-28 18:37:38 ----D---- C:\Documents and Settings\user10\Data aplikací\URSoft
2010-01-28 18:01:34 ----D---- C:\Documents and Settings\user10\Data aplikací\Macromedia
2010-01-28 17:04:17 ----A---- C:\WINDOWS\system32\udaprop.dll
2010-01-28 17:04:17 ----A---- C:\WINDOWS\system32\Audio3D.dll
2010-01-28 17:04:02 ----A---- C:\WINDOWS\mixerdef.ini
2010-01-28 16:33:41 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-01-28 15:30:59 ----N---- C:\WINDOWS\cmaudio.ini
2010-01-27 15:31:16 ----D---- C:\Documents and Settings\user10\Data aplikací\Uniblue
2010-01-24 17:02:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\vsosdk
2010-01-24 15:11:37 ----D---- C:\Documents and Settings\user10\Data aplikací\AnvSoft
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\sipr3260.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\Pncrt.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\drv43260.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\drv33260.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\drv23260.dll
2010-01-24 15:09:11 ----A---- C:\WINDOWS\system32\cook3260.dll
2010-01-23 14:20:53 ----D---- C:\Documents and Settings\user10\Data aplikací\WinRAR
2010-01-23 11:17:03 ----D---- C:\Documents and Settings\user10\Data aplikací\Ashampoo
2010-01-23 11:16:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\ashampoo
2010-01-23 11:11:32 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-23 11:11:08 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-13 08:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-12 21:01:35 ----D---- C:\WINDOWS\Temp
2010-02-12 20:57:14 ----D---- C:\WINDOWS\Prefetch
2010-02-12 20:53:39 ----RD---- C:\Program Files
2010-02-12 20:37:34 ----AD---- C:\WINDOWS\system32
2010-02-12 20:37:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-12 20:33:30 ----SHD---- C:\System Volume Information
2010-02-12 20:33:30 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 20:33:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 20:32:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 20:29:33 ----D---- C:\Program Files\Eurotran 2003
2010-02-12 20:17:12 ----D---- C:\WINDOWS
2010-02-12 19:49:39 ----SD---- C:\WINDOWS\Tasks
2010-02-12 19:48:51 ----A---- C:\WINDOWS\system.ini
2010-02-12 19:47:25 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 19:47:25 ----D---- C:\WINDOWS\AppPatch
2010-02-12 19:47:21 ----D---- C:\Program Files\Common Files
2010-02-12 19:05:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-12 19:04:16 ----DC---- C:\WINDOWS\system32\dllcache
2010-02-12 19:04:13 ----HD---- C:\WINDOWS\inf
2010-02-12 19:04:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-12 19:02:51 ----SHD---- C:\WINDOWS\Installer
2010-02-12 18:20:31 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-02-12 17:30:15 ----SD---- C:\Documents and Settings\user10\Data aplikací\Microsoft
2010-02-12 08:34:25 ----RSD---- C:\WINDOWS\assembly
2010-02-11 17:47:21 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-02-11 17:15:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-11 15:24:23 ----A---- C:\WINDOWS\ScanSpyware.INI
2010-02-11 11:43:23 ----D---- C:\WINDOWS\system32\config
2010-02-10 23:17:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-10 10:40:38 ----D---- C:\WINDOWS\Debug
2010-02-10 08:47:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-09 20:25:53 ----A---- C:\WINDOWS\wincmd.ini
2010-02-09 17:59:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2010-02-09 17:57:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-02-09 17:56:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\MAGIX
2010-02-09 10:33:04 ----RSD---- C:\WINDOWS\Fonts
2010-02-09 10:32:12 ----D---- C:\Program Files\OpenOffice.org 3
2010-02-07 15:50:43 ----D---- C:\Documents and Settings\user10\Data aplikací\Vso
2010-02-06 14:17:50 ----D---- C:\Program Files\VSO
2010-02-05 22:45:54 ----D---- C:\Program Files\Common Files\Adobe
2010-02-05 22:45:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-02-05 22:45:34 ----D---- C:\Program Files\Adobe
2010-02-05 17:21:11 ----R---- C:\WINDOWS\system32\streamhlp.dll
2010-02-05 16:52:02 ----D---- C:\WINDOWS\WinSxS
2010-02-05 16:46:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-05 16:46:47 ----RD---- C:\WINDOWS\Web
2010-02-05 16:35:27 ----A---- C:\WINDOWS\wininit.ini
2010-02-05 14:52:28 ----D---- C:\WINDOWS\system32\wbem
2010-02-05 14:52:27 ----D---- C:\WINDOWS\Registration
2010-02-05 14:40:07 ----D---- C:\Program Files\RapidDown
2010-02-04 11:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-03 15:30:23 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-02-02 22:47:17 ----D---- C:\Program Files\Krtecek
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-01 09:31:16 ----D---- C:\Program Files\IObit
2010-01-30 12:00:44 ----D---- C:\WINDOWS\system32\Side 9 Screensaver dir
2010-01-30 10:11:12 ----D---- C:\WINDOWS\Help
2010-01-30 09:58:58 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-29 18:43:11 ----A---- C:\Documents and Settings\user10\Data aplikací\inst.exe
2010-01-29 18:40:54 ----D---- C:\Program Files\Ashampoo
2010-01-28 22:26:51 ----A---- C:\WINDOWS\sbwin.ini
2010-01-28 22:26:50 ----D---- C:\WINDOWS\system32\Defaults
2010-01-28 22:26:16 ----D---- C:\WINDOWS\system32\Data
2010-01-28 22:25:46 ----D---- C:\WINDOWS\Media
2010-01-28 20:54:06 ----D---- C:\WINDOWS\security
2010-01-28 20:02:35 ----D---- C:\Program Files\RadioSure
2010-01-28 19:57:02 ----D---- C:\WINDOWS\system
2010-01-28 19:28:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-27 21:06:58 ----D---- C:\Program Files\Call of Duty
2010-01-27 17:20:37 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-26 12:14:20 ----D---- C:\Documents and Settings\user10\Data aplikací\Ahead
2010-01-24 20:54:50 ----D---- C:\Documents and Settings\user10\Data aplikací\EBookSys
2010-01-24 09:33:22 ----D---- C:\WINDOWS\UbiSoft
2010-01-24 09:29:01 ----D---- C:\Documents and Settings\user10\Data aplikací\Adobe
2010-01-23 16:03:36 ----D---- C:\WINDOWS\system32\spool
2010-01-23 15:26:06 ----D---- C:\Documents and Settings\user10\Data aplikací\Mozilla
2010-01-23 14:08:28 ----D---- C:\Program Files\Windows Media Player
2010-01-22 10:17:42 ----D---- C:\Program Files\Internet Explorer
2010-01-22 10:17:34 ----D---- C:\WINDOWS\ie8updates
2010-01-13 17:18:24 ----D---- C:\Program Files\Any Audio Converter
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-03-19 184576]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-09-11 31752]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 BT848;AVerMedia, AVerTV WDM Video Capture; C:\WINDOWS\system32\drivers\BT848.sys [2001-07-16 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner; C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-07-16 21504]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 12416]
S3 at8pzs9g;at8pzs9g; C:\WINDOWS\system32\drivers\at8pzs9g.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOCUME~1\user10\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-06-23 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-06-23 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-06-23 189464]
S3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-21 47360]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-30 152984]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-18 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-04 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
klavesnice nejdou hacky a carky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
Toto znáte: G:\user10.exe? Pokud ne, otestujte online na www.virustotal.com .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
no to G: je externi hhdisk zapomel jsem ho odpojit,mam tam ulozene progamy apod.
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.12 -
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.12 -
Avast 4.8.1351.0 2010.02.12 -
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.12 -
CAT-QuickHeal 10.00 2010.02.12 -
ClamAV 0.96.0.0-git 2010.02.12 -
Comodo 3914 2010.02.12 -
DrWeb 5.0.1.12222 2010.02.12 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.12 -
Fortinet 4.0.14.0 2010.02.12 -
GData 19 2010.02.12 -
Ikarus T3.1.1.80.0 2010.02.12 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.12 -
McAfee 5890 2010.02.12 -
McAfee+Artemis 5890 2010.02.12 -
McAfee-GW-Edition 6.8.5 2010.02.12 -
Microsoft 1.5406 2010.02.12 -
NOD32 4861 2010.02.12 -
Norman 6.04.08 2010.02.12 -
nProtect 2009.1.8.0 2010.02.12 -
Panda 10.0.2.2 2010.02.12 -
PCTools 7.0.3.5 2010.02.12 -
Prevx 3.0 2010.02.12 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.12 -
Sunbelt 5671 2010.02.11 -
Symantec 20091.2.0.41 2010.02.12 -
TheHacker 6.5.1.3.191 2010.02.12 -
TrendMicro 9.120.0.1004 2010.02.12 -
VBA32 3.12.12.2 2010.02.12 -
ViRobot 2010.2.12.2184 2010.02.12 -
VirusBuster 5.0.21.0 2010.02.12 -
Rozšiřující informace
File size: 35278 bytes
MD5...: 2a5c48cb73f809ea97b780d7008fd72e
SHA1..: 990031274214dcbe4e1ddb20f5ca89780e6a2181
SHA256: 0155abfd6b249033fca16ebc72f0ccfdf4e1420c0461210525ee329a5347516a
ssdeep: 384:6JOKIkQjjy5ANXH7Cnr5T530j9AEl1QuiiKRYNpzBpl4aHN5s2UMNRqjPl6A
:AsNQ5kj9AEl1QuzrzbBDNsjPkA
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.12 -
AhnLab-V3 5.0.0.2 2010.02.12 -
AntiVir 7.9.1.160 2010.02.12 -
Antiy-AVL 2.0.3.7 2010.02.11 -
Authentium 5.2.0.5 2010.02.12 -
Avast 4.8.1351.0 2010.02.12 -
AVG 9.0.0.730 2010.02.12 -
BitDefender 7.2 2010.02.12 -
CAT-QuickHeal 10.00 2010.02.12 -
ClamAV 0.96.0.0-git 2010.02.12 -
Comodo 3914 2010.02.12 -
DrWeb 5.0.1.12222 2010.02.12 -
eSafe 7.0.17.0 2010.02.11 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.12 -
F-Secure 9.0.15370.0 2010.02.12 -
Fortinet 4.0.14.0 2010.02.12 -
GData 19 2010.02.12 -
Ikarus T3.1.1.80.0 2010.02.12 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.12 -
McAfee 5890 2010.02.12 -
McAfee+Artemis 5890 2010.02.12 -
McAfee-GW-Edition 6.8.5 2010.02.12 -
Microsoft 1.5406 2010.02.12 -
NOD32 4861 2010.02.12 -
Norman 6.04.08 2010.02.12 -
nProtect 2009.1.8.0 2010.02.12 -
Panda 10.0.2.2 2010.02.12 -
PCTools 7.0.3.5 2010.02.12 -
Prevx 3.0 2010.02.12 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.12 -
Sunbelt 5671 2010.02.11 -
Symantec 20091.2.0.41 2010.02.12 -
TheHacker 6.5.1.3.191 2010.02.12 -
TrendMicro 9.120.0.1004 2010.02.12 -
VBA32 3.12.12.2 2010.02.12 -
ViRobot 2010.2.12.2184 2010.02.12 -
VirusBuster 5.0.21.0 2010.02.12 -
Rozšiřující informace
File size: 35278 bytes
MD5...: 2a5c48cb73f809ea97b780d7008fd72e
SHA1..: 990031274214dcbe4e1ddb20f5ca89780e6a2181
SHA256: 0155abfd6b249033fca16ebc72f0ccfdf4e1420c0461210525ee329a5347516a
ssdeep: 384:6JOKIkQjjy5ANXH7Cnr5T530j9AEl1QuiiKRYNpzBpl4aHN5s2UMNRqjPl6A
:AsNQ5kj9AEl1QuzrzbBDNsjPkA
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
Ten soubor je OK. Nemáte v PC nainstalován keylogger?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
nemam,klavesnice na jinem pc jde v pohode,zacaly padat hry,spatne se nacita pc i zobrazani pri nacitani blbne,to vse zacalo po odinstalaci AVG antivirus programu vcera,do te doby bez problemu .
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
Udělejte sken ComboFix a dejte log.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
ComboFix 10-02-12.01 - user10 13.02.2010 11:55:40.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1598 [GMT 1:00]
Spuštěný z: c:\documents and settings\user10\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\zts2.exe
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\system32\systems.txt
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\rundll16.exe
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\rundl132.dll
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\logo1_.exe
2010-02-13 09:59 . 2010-02-13 09:59 28672 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-13 09:59 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-02-13 09:59 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-02-13 09:47 . 2010-02-13 09:47 -------- d-----w- C:\$AVG
2010-02-13 09:47 . 2010-02-13 09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-13 09:47 . 2010-02-13 09:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-13 09:47 . 2010-02-13 09:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-13 09:47 . 2010-02-13 09:47 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-13 09:47 . 2010-02-13 09:49 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-13 09:47 . 2010-02-13 09:47 -------- d-----w- c:\program files\AVG
2010-02-12 21:17 . 2010-02-12 21:17 -------- d-----w- c:\program files\trend micro
2010-02-12 20:02 . 2010-02-12 20:02 -------- d-----w- C:\rsit
2010-02-12 07:35 . 2010-02-12 07:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-12 07:35 . 2010-02-12 07:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-11 15:13 . 2010-02-11 15:13 -------- d--h--w- c:\windows\PIF
2010-02-10 20:37 . 2010-02-10 20:37 -------- d-----w- c:\program files\Microsoft Games
2010-02-09 07:03 . 2010-02-09 16:44 -------- d-----w- C:\Downloads
2010-02-08 07:28 . 2010-02-09 06:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-07 15:31 . 2010-02-07 15:31 -------- d-----w- c:\windows\system32\AGEIA
2010-02-06 19:34 . 2010-02-13 08:35 -------- d-----w- c:\program files\Nexus Radio
2010-02-06 19:34 . 2010-02-06 19:34 -------- d-----w- c:\windows\system32\Nexus Radio
2010-02-06 12:02 . 2010-02-10 14:10 -------- d-----w- c:\program files\BitComet
2010-02-05 16:42 . 2010-02-05 16:43 -------- d-----w- c:\program files\German Truck Simulator
2010-02-05 16:03 . 2010-02-05 16:03 -------- d-----w- c:\program files\Loaris
2010-02-05 15:48 . 2010-02-05 15:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-05 15:46 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-05 15:45 . 2010-02-12 18:06 -------- d-----w- c:\program files\ATI Technologies
2010-02-05 13:52 . 2010-02-05 13:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 13:49 . 2010-02-05 13:51 -------- d-----w- c:\program files\Euro Truck Simulator
2010-02-05 13:39 . 2010-02-05 13:39 -------- d-----w- c:\program files\AnvSoft
2010-02-04 08:04 . 2010-02-05 16:22 -------- d-----w- c:\program files\TrojanHunter 4.7
2010-01-30 12:01 . 2009-06-30 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-30 10:59 . 2005-12-10 02:06 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-30 09:46 . 2009-02-25 21:09 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-30 09:46 . 2009-02-25 21:42 442368 ----a-r- c:\windows\system32\ATIDEMGX.dll
2010-01-30 09:46 . 2009-02-25 20:58 887724 ----a-r- c:\windows\system32\ativva6x.dat
2010-01-30 09:46 . 2009-02-25 20:58 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2010-01-30 09:46 . 2009-01-26 17:55 182995 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-30 09:12 . 2010-01-30 09:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-29 00:08 . 2010-02-13 10:52 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-29 00:08 . 2010-02-13 10:52 24 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-28 21:25 . 2001-05-28 12:47 12288 ------w- c:\windows\system32\AHQCpURes.dll
2010-01-28 21:24 . 2010-01-31 20:19 -------- d-----w- c:\program files\Creative
2010-01-28 21:24 . 1999-12-17 00:00 6752 ------w- c:\windows\system32\PFMODNT.SYS
2010-01-28 19:52 . 2001-08-17 19:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-01-28 19:52 . 2001-08-17 19:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-01-28 17:43 . 2010-01-28 17:48 -------- d-----w- c:\program files\RegCure
2010-01-28 16:04 . 2005-05-12 13:39 1287296 ----a-w- c:\windows\system32\drivers\cmudax.sys
2010-01-28 16:04 . 2004-02-18 13:19 16384 ----a-w- c:\windows\system32\udaprop.dll
2010-01-28 16:04 . 2002-04-29 14:04 917504 ----a-w- c:\windows\system\cmids3d.dll
2010-01-28 16:04 . 2001-11-23 11:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2010-01-27 15:36 . 2010-01-29 19:54 -------- d-----w- c:\documents and settings\user10\Data aplikaci
2010-01-24 14:09 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-24 14:09 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-24 14:09 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-24 14:09 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-24 14:09 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-24 14:09 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-24 14:09 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-23 17:35 . 2010-02-13 09:47 -------- d-----w- c:\documents and settings\All Users\Plocha
2010-01-23 13:12 . 2010-01-23 13:12 -------- d--h--w- c:\documents and settings\user10\Okolní síť
2010-01-23 10:11 . 2010-01-23 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 10:57 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-02-13 10:57 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 18:05 . 2009-03-18 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 16:50 . 2009-11-21 11:02 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-09 13:14 . 2009-12-25 07:48 67296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-09 09:32 . 2009-11-05 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-06 13:17 . 2009-12-21 15:34 -------- d-----w- c:\program files\VSO
2010-02-05 21:45 . 2009-10-05 12:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 13:40 . 2009-07-22 16:44 -------- d-----w- c:\program files\RapidDown
2010-02-02 21:47 . 2009-12-31 08:56 -------- d-----w- c:\program files\Krtecek
2010-02-01 08:31 . 2009-11-23 10:27 -------- d-----w- c:\program files\IObit
2010-01-29 17:40 . 2010-01-12 17:46 -------- d-----w- c:\program files\Ashampoo
2010-01-28 19:02 . 2009-12-30 21:40 -------- d-----w- c:\program files\RadioSure
2010-01-27 20:06 . 2009-11-02 14:25 -------- d-----w- c:\program files\Call of Duty
2010-01-13 16:18 . 2009-08-01 12:30 -------- d-----w- c:\program files\Any Audio Converter
2010-01-10 12:46 . 2010-01-10 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2010-01-10 12:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-10 12:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 13:01 . 2009-11-13 17:27 -------- d-----w- c:\program files\Silent Hunter Wolves of the Pacific
2009-12-31 16:50 . 2004-08-18 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-25 11:48 . 2009-12-25 11:48 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 15:54 . 2009-10-28 18:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-18 22:16 . 2009-12-18 22:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-18 15:18 . 2009-12-18 15:17 -------- d-----w- c:\program files\Kalendar
2009-12-17 07:42 . 2009-03-18 12:48 343552 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-10 14:45 . 2009-12-10 14:45 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 10:22 . 2003-03-19 11:05 106496 ------w- c:\windows\system32\ATL71.DLL
2009-12-04 18:22 . 2004-08-18 12:00 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-25 10:19 . 2009-12-30 11:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 12:30 . 2009-11-19 12:30 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-15 11:58 . 2009-11-15 11:58 53248 ----a-w- c:\windows\unrar.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Organizér"="c:\program files\Fireluke\Organizer\Organizer.exe" [2009-05-12 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-13 09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"CTHelper"=CTHELPER.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Silent Hunter Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"g:\\antivir,spyware,trojan atd\\setup.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25402:TCP"= 25402:TCP:BitComet 25402 TCP
"25402:UDP"= 25402:UDP:BitComet 25402 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [18.3.2009 14:02 72192]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.2.2010 10:47 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.2.2010 10:47 360584]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:47 691696]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5.10.2009 14:45 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [5.10.2009 14:46 21504]
S2 ioloFileInfoList;iolo FileInfoList Service; [x]
S2 ioloSystemService;iolo System Service; [x]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [28.1.2010 17:04 1287296]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25.1.2007 22:45 6784]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13.2.2010 10:47 906520]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.2.2010 10:47 285392]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
2010-01-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\documents and settings\user10\Data aplikací\Mozilla\Firefox\Profiles\o9ouvsh9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 12:00
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
[HKEY_USERS\S-1-5-21-1957994488-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CBABBE75B9BD523F18FCD963615923D7CE0C1575EBEC7A23649566C114CCCDE8915D3D515066D5F8F938E756A7515EB3231ED27B4AEB7199BED51639888944F1442A514511B30076562CD48C0374D61E7C10A137C9B8E5E6AF0EB84C54BCEABFA95E2F571089FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794D817F06DDAB86AE04BA12BBA56F87B150CB14F6BA5582B80AB20BC256E17A5D86EF54C7E1A7A9D0B02D3A37272F3CEB80261DE66105A4C4A49538B4394BA25889B7A6C98B9AAD0D195E716D728BAF2D0731C5694AC6867D225D2E9E02D33A72034C80B3179AC7B6C75A8C2D064A8F1588D7696ECB477BB784B1980285DAF45FDC165B3418B07A7DB48C5B94906BF6E0DB5E957EBD320A0D9F90A4A453D022642813C47C697E4F561E7D261AE61221BF10050A3112C20FD5D25E916685D1F89D2619BFBC2B9159A83E0C67374BD9841D0386B5ADE5256D1A7756209C6BEA1C05988B3D83CFE8BD90AF5FEFC91D88E3CB1DBDFAD5E4FC8AB27457F9A18D7C6B342CD1E3BBC6B5D91861CB7617FE1147D661EB6A399A020340CA335961A12715BBE3FD3545075C530497C16D43EFCDC0800E55A1822B6AAA1C9D4579C0ECBA6C6C31CB2288909A5B8E875A262CE42C074564D1DBA0AF6574319519F20365690180B59FD907E05FCC23F97C5E6B9BC3CEF0522328B6ABABC7976432B6ADCF87D85901F5B39C83BF4796AA85294876DEF396B6833E3DD4E9138A00B7B954FEC5F5897CAD5A30574579CCCA37970C8C89DA6ABD59AED84F2350B1CBA7791DB604B71A2EBDC24566A93FD8C3452560FB5AD1EADD44BA7015E260F339CE5225AF57C40FCC8BF64E1CCBC86933CD97172102E9D9B840864FCB80CF36E2975E09FC2CE4CB357375F50BE08B110D16E458BA94C35E5B679CAA11FAD7FA112B7370C51C62F96C55E68CFD5D28D75BE5427F945DD09BEF12C56A1A3F80C5D39A2E67E9F87193CF431A1139F9ABCF7FE32BFE09A5A501E7090542D4A7E06FC370E02DA9F5DC9FBF71485CE9803F81245138FE5D6DBD93F22FA68FE8BF26E1BD7B8700B37B49AF498CBDFBCB5D18B04776765B419250320A8248AD0552FDA171A446F7C412072075384D29ADCF255CC2E0268FB7598C1055BA7836288B0F51731B30D9D8AD5D1D7574CD1A96A744835381A136D733E1DF3C20672797A97F9028473AF64D5ADC9D08A93A6B02B0BEB46154C313F90C1B3B91FA54B5A74A93B84314F0C495828029E05336D78E38BDA4DFB16E6AD3C7333E363CBD3D3B1CF9D0E06F8AF493DE6B2B2146416CECB71465ED6DB28775A47624635A6283365951A530585F8E4222E2CC1B6C5E7840D5CEFCEC066"
"OODEFRAG11.00.00.01WORKSTATION"="3A9ABEA354DD0B205D72385863050C6A0A6EDDD772974DF63A1048EFCE92C61C28705FD3A412188C0A7E1D4C73A0B450A9C8A479B9055FCEB9E0232B89AC76EB14C889B9D6A3122E2D6E8B81261AF0FCED3E766004F732EB5141D6CACC06E48F50C76C6AC225DF6C2CA9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794B3B50493C45FDCA9BA91D43B1E0199247F4929A6912E6ACBCEBC06D2052EA611FB0A48060E762F93D5AFBD835C1230E46A3C0CD7599EB0D7181669A7AE56EFD7FBC8291B8AA720DE99EA8D5643E3DA71688FF5F73EF8762CA6C7D2B932392B61FA36F28D2CB9FACB6933965B71B677489DFADEC22E9653A878F37EF4E86BBF8DF4FE469859979CD9E15CFE427D6DFBAC619B91F709F1EF72C01F7A4C2221AD039A3018806ED0F951CD9CC0BD6C90EEA5BCF0ACDA24AC09F1E8B3AB321FB4852B523B31893A179ABBAF112985BCCB6EFE6EE0A3B3C88CEED10BFE4A2196A37031B3782E7CFE4298E53D37D852DCEEA946E832BB4D34F9890476B162943110A50889A18028754E25E3DF7348E2326E66D0539290781703CF3B2FE1D28C0EBF756356D4ECDEC557818B350EBE7C92617AB40811118716565070EC88CE0F3E1EC13ECD948AF4122306750F305B624D0453CC942480D24BCAAB5F1B836025493680D359474845EB161E02F16B8E621F36F1383D21F4B643D718885A13E0D9283BBB26143765AB593DC85198B2A0493EFCE9DA77C7D8917E9BDDB0FBDD013F4984137A5014F78B5745184B6F5BA86951FD64DBEC366BC6F2D6D9DE88EC44688D0AB6D990ED6849D483361898A3951AF4871C267EF0C0C088EC7F5FBBAE046FCCE96E128EBC72CFB26D5BA769A9A9B63A87E1673CE13C671DE8D1C285F1E970D0671333B6DA288CC91ED82CEB717A9CA3931A95EED41CAD0276EADC08EEF60C55E7959329066D70E4D4119ADCE0F12F29623EE50F79ED047B6677C51CBC7E670F7375CA3B61FB7143F3FA2E2F454CD438CF58534C649365422E3A5A4DDA29AAA2BA4B37F472DF091703A3E3074C9C782F5C8A1F098EC44B04E607BAD928F1812B8E3FF892A4F835872C28FE3E8A4808E32C88C95BD38C35624C48C936ECA79E36E311F685457EF6AF3EBC04E1F60A779C869A9B0FF54929F0407A318A5170B5C4D59159EF08F6559F2D293FB4ED6FBC17571CA02117ADABB9C72FDBB0E142004D22298CAE0340D7D80FC7BD2B2D5852812F7FA7C5C0BF4BB90C0CFA3A1068383B2A50C2C9AF8B8E53200851EED97C3702C0C6C2E0E0DB15E158498168B284A1EAF3167084ECDB0A7ABC6D91DEF866EC2EE48B498FC4AF1F979F35A835820AFE30299C4F527D0C5F2C6A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1440)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-13 12:02:31
ComboFix-quarantined-files.txt 2010-02-13 11:02
Před spuštěním: Volných bajtů: 35 782 455 296
Po spuštění: Volných bajtů: 35 833 925 632
- - End Of File - - AB5EF6694C67AD6A48247A217B2DC3BB
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1598 [GMT 1:00]
Spuštěný z: c:\documents and settings\user10\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\zts2.exe
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\system32\systems.txt
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\rundll16.exe
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\rundl132.dll
2010-02-13 10:02 . 2010-02-13 10:02 -------- d---a-w- c:\windows\logo1_.exe
2010-02-13 09:59 . 2010-02-13 09:59 28672 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-13 09:59 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-02-13 09:59 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-02-13 09:47 . 2010-02-13 09:47 -------- d-----w- C:\$AVG
2010-02-13 09:47 . 2010-02-13 09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-13 09:47 . 2010-02-13 09:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-13 09:47 . 2010-02-13 09:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-13 09:47 . 2010-02-13 09:47 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-13 09:47 . 2010-02-13 09:49 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-13 09:47 . 2010-02-13 09:47 -------- d-----w- c:\program files\AVG
2010-02-12 21:17 . 2010-02-12 21:17 -------- d-----w- c:\program files\trend micro
2010-02-12 20:02 . 2010-02-12 20:02 -------- d-----w- C:\rsit
2010-02-12 07:35 . 2010-02-12 07:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-12 07:35 . 2010-02-12 07:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-11 15:13 . 2010-02-11 15:13 -------- d--h--w- c:\windows\PIF
2010-02-10 20:37 . 2010-02-10 20:37 -------- d-----w- c:\program files\Microsoft Games
2010-02-09 07:03 . 2010-02-09 16:44 -------- d-----w- C:\Downloads
2010-02-08 07:28 . 2010-02-09 06:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-07 15:31 . 2010-02-07 15:31 -------- d-----w- c:\windows\system32\AGEIA
2010-02-06 19:34 . 2010-02-13 08:35 -------- d-----w- c:\program files\Nexus Radio
2010-02-06 19:34 . 2010-02-06 19:34 -------- d-----w- c:\windows\system32\Nexus Radio
2010-02-06 12:02 . 2010-02-10 14:10 -------- d-----w- c:\program files\BitComet
2010-02-05 16:42 . 2010-02-05 16:43 -------- d-----w- c:\program files\German Truck Simulator
2010-02-05 16:03 . 2010-02-05 16:03 -------- d-----w- c:\program files\Loaris
2010-02-05 15:48 . 2010-02-05 15:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-05 15:46 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-05 15:45 . 2010-02-12 18:06 -------- d-----w- c:\program files\ATI Technologies
2010-02-05 13:52 . 2010-02-05 13:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 13:49 . 2010-02-05 13:51 -------- d-----w- c:\program files\Euro Truck Simulator
2010-02-05 13:39 . 2010-02-05 13:39 -------- d-----w- c:\program files\AnvSoft
2010-02-04 08:04 . 2010-02-05 16:22 -------- d-----w- c:\program files\TrojanHunter 4.7
2010-01-30 12:01 . 2009-06-30 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-30 10:59 . 2005-12-10 02:06 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-30 09:46 . 2009-02-25 21:09 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-30 09:46 . 2009-02-25 21:42 442368 ----a-r- c:\windows\system32\ATIDEMGX.dll
2010-01-30 09:46 . 2009-02-25 20:58 887724 ----a-r- c:\windows\system32\ativva6x.dat
2010-01-30 09:46 . 2009-02-25 20:58 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2010-01-30 09:46 . 2009-01-26 17:55 182995 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-30 09:12 . 2010-01-30 09:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-29 00:08 . 2010-02-13 10:52 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-29 00:08 . 2010-02-13 10:52 24 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-28 21:25 . 2001-05-28 12:47 12288 ------w- c:\windows\system32\AHQCpURes.dll
2010-01-28 21:24 . 2010-01-31 20:19 -------- d-----w- c:\program files\Creative
2010-01-28 21:24 . 1999-12-17 00:00 6752 ------w- c:\windows\system32\PFMODNT.SYS
2010-01-28 19:52 . 2001-08-17 19:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-01-28 19:52 . 2001-08-17 19:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-01-28 17:43 . 2010-01-28 17:48 -------- d-----w- c:\program files\RegCure
2010-01-28 16:04 . 2005-05-12 13:39 1287296 ----a-w- c:\windows\system32\drivers\cmudax.sys
2010-01-28 16:04 . 2004-02-18 13:19 16384 ----a-w- c:\windows\system32\udaprop.dll
2010-01-28 16:04 . 2002-04-29 14:04 917504 ----a-w- c:\windows\system\cmids3d.dll
2010-01-28 16:04 . 2001-11-23 11:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2010-01-27 15:36 . 2010-01-29 19:54 -------- d-----w- c:\documents and settings\user10\Data aplikaci
2010-01-24 14:09 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-24 14:09 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-24 14:09 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-24 14:09 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-24 14:09 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-24 14:09 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-24 14:09 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-23 17:35 . 2010-02-13 09:47 -------- d-----w- c:\documents and settings\All Users\Plocha
2010-01-23 13:12 . 2010-01-23 13:12 -------- d--h--w- c:\documents and settings\user10\Okolní síť
2010-01-23 10:11 . 2010-01-23 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 10:57 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-02-13 10:57 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 18:05 . 2009-03-18 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 16:50 . 2009-11-21 11:02 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-09 13:14 . 2009-12-25 07:48 67296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-09 09:32 . 2009-11-05 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-06 13:17 . 2009-12-21 15:34 -------- d-----w- c:\program files\VSO
2010-02-05 21:45 . 2009-10-05 12:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 13:40 . 2009-07-22 16:44 -------- d-----w- c:\program files\RapidDown
2010-02-02 21:47 . 2009-12-31 08:56 -------- d-----w- c:\program files\Krtecek
2010-02-01 08:31 . 2009-11-23 10:27 -------- d-----w- c:\program files\IObit
2010-01-29 17:40 . 2010-01-12 17:46 -------- d-----w- c:\program files\Ashampoo
2010-01-28 19:02 . 2009-12-30 21:40 -------- d-----w- c:\program files\RadioSure
2010-01-27 20:06 . 2009-11-02 14:25 -------- d-----w- c:\program files\Call of Duty
2010-01-13 16:18 . 2009-08-01 12:30 -------- d-----w- c:\program files\Any Audio Converter
2010-01-10 12:46 . 2010-01-10 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2010-01-10 12:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-10 12:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 13:01 . 2009-11-13 17:27 -------- d-----w- c:\program files\Silent Hunter Wolves of the Pacific
2009-12-31 16:50 . 2004-08-18 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-25 11:48 . 2009-12-25 11:48 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 15:54 . 2009-10-28 18:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-18 22:16 . 2009-12-18 22:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-18 15:18 . 2009-12-18 15:17 -------- d-----w- c:\program files\Kalendar
2009-12-17 07:42 . 2009-03-18 12:48 343552 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-10 14:45 . 2009-12-10 14:45 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 10:22 . 2003-03-19 11:05 106496 ------w- c:\windows\system32\ATL71.DLL
2009-12-04 18:22 . 2004-08-18 12:00 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-25 10:19 . 2009-12-30 11:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 12:30 . 2009-11-19 12:30 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-15 11:58 . 2009-11-15 11:58 53248 ----a-w- c:\windows\unrar.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Organizér"="c:\program files\Fireluke\Organizer\Organizer.exe" [2009-05-12 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-13 09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"CTHelper"=CTHELPER.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Silent Hunter Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"g:\\antivir,spyware,trojan atd\\setup.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25402:TCP"= 25402:TCP:BitComet 25402 TCP
"25402:UDP"= 25402:UDP:BitComet 25402 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [18.3.2009 14:02 72192]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.2.2010 10:47 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.2.2010 10:47 360584]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:47 691696]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5.10.2009 14:45 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [5.10.2009 14:46 21504]
S2 ioloFileInfoList;iolo FileInfoList Service; [x]
S2 ioloSystemService;iolo System Service; [x]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [28.1.2010 17:04 1287296]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25.1.2007 22:45 6784]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13.2.2010 10:47 906520]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13.2.2010 10:47 285392]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
2010-01-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\documents and settings\user10\Data aplikací\Mozilla\Firefox\Profiles\o9ouvsh9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 12:00
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
[HKEY_USERS\S-1-5-21-1957994488-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CBABBE75B9BD523F18FCD963615923D7CE0C1575EBEC7A23649566C114CCCDE8915D3D515066D5F8F938E756A7515EB3231ED27B4AEB7199BED51639888944F1442A514511B30076562CD48C0374D61E7C10A137C9B8E5E6AF0EB84C54BCEABFA95E2F571089FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794D817F06DDAB86AE04BA12BBA56F87B150CB14F6BA5582B80AB20BC256E17A5D86EF54C7E1A7A9D0B02D3A37272F3CEB80261DE66105A4C4A49538B4394BA25889B7A6C98B9AAD0D195E716D728BAF2D0731C5694AC6867D225D2E9E02D33A72034C80B3179AC7B6C75A8C2D064A8F1588D7696ECB477BB784B1980285DAF45FDC165B3418B07A7DB48C5B94906BF6E0DB5E957EBD320A0D9F90A4A453D022642813C47C697E4F561E7D261AE61221BF10050A3112C20FD5D25E916685D1F89D2619BFBC2B9159A83E0C67374BD9841D0386B5ADE5256D1A7756209C6BEA1C05988B3D83CFE8BD90AF5FEFC91D88E3CB1DBDFAD5E4FC8AB27457F9A18D7C6B342CD1E3BBC6B5D91861CB7617FE1147D661EB6A399A020340CA335961A12715BBE3FD3545075C530497C16D43EFCDC0800E55A1822B6AAA1C9D4579C0ECBA6C6C31CB2288909A5B8E875A262CE42C074564D1DBA0AF6574319519F20365690180B59FD907E05FCC23F97C5E6B9BC3CEF0522328B6ABABC7976432B6ADCF87D85901F5B39C83BF4796AA85294876DEF396B6833E3DD4E9138A00B7B954FEC5F5897CAD5A30574579CCCA37970C8C89DA6ABD59AED84F2350B1CBA7791DB604B71A2EBDC24566A93FD8C3452560FB5AD1EADD44BA7015E260F339CE5225AF57C40FCC8BF64E1CCBC86933CD97172102E9D9B840864FCB80CF36E2975E09FC2CE4CB357375F50BE08B110D16E458BA94C35E5B679CAA11FAD7FA112B7370C51C62F96C55E68CFD5D28D75BE5427F945DD09BEF12C56A1A3F80C5D39A2E67E9F87193CF431A1139F9ABCF7FE32BFE09A5A501E7090542D4A7E06FC370E02DA9F5DC9FBF71485CE9803F81245138FE5D6DBD93F22FA68FE8BF26E1BD7B8700B37B49AF498CBDFBCB5D18B04776765B419250320A8248AD0552FDA171A446F7C412072075384D29ADCF255CC2E0268FB7598C1055BA7836288B0F51731B30D9D8AD5D1D7574CD1A96A744835381A136D733E1DF3C20672797A97F9028473AF64D5ADC9D08A93A6B02B0BEB46154C313F90C1B3B91FA54B5A74A93B84314F0C495828029E05336D78E38BDA4DFB16E6AD3C7333E363CBD3D3B1CF9D0E06F8AF493DE6B2B2146416CECB71465ED6DB28775A47624635A6283365951A530585F8E4222E2CC1B6C5E7840D5CEFCEC066"
"OODEFRAG11.00.00.01WORKSTATION"="3A9ABEA354DD0B205D72385863050C6A0A6EDDD772974DF63A1048EFCE92C61C28705FD3A412188C0A7E1D4C73A0B450A9C8A479B9055FCEB9E0232B89AC76EB14C889B9D6A3122E2D6E8B81261AF0FCED3E766004F732EB5141D6CACC06E48F50C76C6AC225DF6C2CA9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794B3B50493C45FDCA9BA91D43B1E0199247F4929A6912E6ACBCEBC06D2052EA611FB0A48060E762F93D5AFBD835C1230E46A3C0CD7599EB0D7181669A7AE56EFD7FBC8291B8AA720DE99EA8D5643E3DA71688FF5F73EF8762CA6C7D2B932392B61FA36F28D2CB9FACB6933965B71B677489DFADEC22E9653A878F37EF4E86BBF8DF4FE469859979CD9E15CFE427D6DFBAC619B91F709F1EF72C01F7A4C2221AD039A3018806ED0F951CD9CC0BD6C90EEA5BCF0ACDA24AC09F1E8B3AB321FB4852B523B31893A179ABBAF112985BCCB6EFE6EE0A3B3C88CEED10BFE4A2196A37031B3782E7CFE4298E53D37D852DCEEA946E832BB4D34F9890476B162943110A50889A18028754E25E3DF7348E2326E66D0539290781703CF3B2FE1D28C0EBF756356D4ECDEC557818B350EBE7C92617AB40811118716565070EC88CE0F3E1EC13ECD948AF4122306750F305B624D0453CC942480D24BCAAB5F1B836025493680D359474845EB161E02F16B8E621F36F1383D21F4B643D718885A13E0D9283BBB26143765AB593DC85198B2A0493EFCE9DA77C7D8917E9BDDB0FBDD013F4984137A5014F78B5745184B6F5BA86951FD64DBEC366BC6F2D6D9DE88EC44688D0AB6D990ED6849D483361898A3951AF4871C267EF0C0C088EC7F5FBBAE046FCCE96E128EBC72CFB26D5BA769A9A9B63A87E1673CE13C671DE8D1C285F1E970D0671333B6DA288CC91ED82CEB717A9CA3931A95EED41CAD0276EADC08EEF60C55E7959329066D70E4D4119ADCE0F12F29623EE50F79ED047B6677C51CBC7E670F7375CA3B61FB7143F3FA2E2F454CD438CF58534C649365422E3A5A4DDA29AAA2BA4B37F472DF091703A3E3074C9C782F5C8A1F098EC44B04E607BAD928F1812B8E3FF892A4F835872C28FE3E8A4808E32C88C95BD38C35624C48C936ECA79E36E311F685457EF6AF3EBC04E1F60A779C869A9B0FF54929F0407A318A5170B5C4D59159EF08F6559F2D293FB4ED6FBC17571CA02117ADABB9C72FDBB0E142004D22298CAE0340D7D80FC7BD2B2D5852812F7FA7C5C0BF4BB90C0CFA3A1068383B2A50C2C9AF8B8E53200851EED97C3702C0C6C2E0E0DB15E158498168B284A1EAF3167084ECDB0A7ABC6D91DEF866EC2EE48B498FC4AF1F979F35A835820AFE30299C4F527D0C5F2C6A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1440)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-13 12:02:31
ComboFix-quarantined-files.txt 2010-02-13 11:02
Před spuštěním: Volných bajtů: 35 782 455 296
Po spuštění: Volných bajtů: 35 833 925 632
- - End Of File - - AB5EF6694C67AD6A48247A217B2DC3BB
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
combo fix a scan hotovo,co bych ted mela delat 
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
Ótevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Driver::
ioloFileInfoList
ioloSystemService
Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
tady je log.
ComboFix 10-02-12.01 - user10 13.02.2010 18:47:02.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1650 [GMT 1:00]
Spuštěný z: c:\documents and settings\user10\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user10\Plocha\CFScript.txt..txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IOLOFILEINFOLIST
-------\Legacy_IOLOSYSTEMSERVICE
-------\Service_ioloFileInfoList
-------\Service_ioloSystemService
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 13:43 . 2010-02-13 13:43 -------- d-----w- c:\program files\PowerQuest
2010-02-13 11:28 . 2010-02-13 11:28 -------- d-----w- c:\program files\ESET
2010-02-13 09:59 . 2010-02-13 09:59 28672 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-12 07:35 . 2010-02-12 07:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-12 07:35 . 2010-02-12 07:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-11 15:13 . 2010-02-11 15:13 -------- d--h--w- c:\windows\PIF
2010-02-10 20:37 . 2010-02-10 20:37 -------- d-----w- c:\program files\Microsoft Games
2010-02-08 07:28 . 2010-02-09 06:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-07 15:31 . 2010-02-07 15:31 -------- d-----w- c:\windows\system32\AGEIA
2010-02-06 19:34 . 2010-02-13 08:35 -------- d-----w- c:\program files\Nexus Radio
2010-02-06 19:34 . 2010-02-06 19:34 -------- d-----w- c:\windows\system32\Nexus Radio
2010-02-06 12:02 . 2010-02-10 14:10 -------- d-----w- c:\program files\BitComet
2010-02-05 16:42 . 2010-02-05 16:43 -------- d-----w- c:\program files\German Truck Simulator
2010-02-05 16:03 . 2010-02-05 16:03 -------- d-----w- c:\program files\Loaris
2010-02-05 15:48 . 2010-02-05 15:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-05 15:46 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-05 15:45 . 2010-02-12 18:06 -------- d-----w- c:\program files\ATI Technologies
2010-02-05 13:52 . 2010-02-05 13:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 13:49 . 2010-02-05 13:51 -------- d-----w- c:\program files\Euro Truck Simulator
2010-02-05 13:39 . 2010-02-05 13:39 -------- d-----w- c:\program files\AnvSoft
2010-02-04 08:04 . 2010-02-05 16:22 -------- d-----w- c:\program files\TrojanHunter 4.7
2010-01-30 12:01 . 2009-06-30 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-30 10:59 . 2005-12-10 02:06 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-30 09:46 . 2009-02-25 21:09 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-30 09:46 . 2009-02-25 21:42 442368 ----a-r- c:\windows\system32\ATIDEMGX.dll
2010-01-30 09:46 . 2009-02-25 20:58 887724 ----a-r- c:\windows\system32\ativva6x.dat
2010-01-30 09:46 . 2009-02-25 20:58 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2010-01-30 09:46 . 2009-01-26 17:55 182995 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-30 09:12 . 2010-01-30 09:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-29 00:08 . 2010-02-13 17:52 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-29 00:08 . 2010-02-13 17:52 24 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-28 21:25 . 2001-05-28 12:47 12288 ------w- c:\windows\system32\AHQCpURes.dll
2010-01-28 21:24 . 2010-01-31 20:19 -------- d-----w- c:\program files\Creative
2010-01-28 21:24 . 1999-12-17 00:00 6752 ------w- c:\windows\system32\PFMODNT.SYS
2010-01-28 19:52 . 2001-08-17 19:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-01-28 19:52 . 2001-08-17 19:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-01-28 17:43 . 2010-01-28 17:48 -------- d-----w- c:\program files\RegCure
2010-01-28 16:04 . 2005-05-12 13:39 1287296 ----a-w- c:\windows\system32\drivers\cmudax.sys
2010-01-28 16:04 . 2004-02-18 13:19 16384 ----a-w- c:\windows\system32\udaprop.dll
2010-01-28 16:04 . 2002-04-29 14:04 917504 ----a-w- c:\windows\system\cmids3d.dll
2010-01-28 16:04 . 2001-11-23 11:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2010-01-27 15:36 . 2010-01-29 19:54 -------- d-----w- c:\documents and settings\user10\Data aplikaci
2010-01-24 14:09 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-24 14:09 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-24 14:09 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-24 14:09 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-24 14:09 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-24 14:09 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-24 14:09 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-23 17:35 . 2010-02-13 11:21 -------- d-----w- c:\documents and settings\All Users\Plocha
2010-01-23 13:12 . 2010-01-23 13:12 -------- d--h--w- c:\documents and settings\user10\Okolní síť
2010-01-23 10:11 . 2010-01-23 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 17:57 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-02-13 17:57 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 18:05 . 2009-03-18 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 16:50 . 2009-11-21 11:02 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-09 13:14 . 2009-12-25 07:48 67296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-09 09:32 . 2009-11-05 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-06 13:17 . 2009-12-21 15:34 -------- d-----w- c:\program files\VSO
2010-02-05 21:45 . 2009-10-05 12:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 13:40 . 2009-07-22 16:44 -------- d-----w- c:\program files\RapidDown
2010-02-02 21:47 . 2009-12-31 08:56 -------- d-----w- c:\program files\Krtecek
2010-02-01 08:31 . 2009-11-23 10:27 -------- d-----w- c:\program files\IObit
2010-01-29 17:40 . 2010-01-12 17:46 -------- d-----w- c:\program files\Ashampoo
2010-01-28 19:02 . 2009-12-30 21:40 -------- d-----w- c:\program files\RadioSure
2010-01-27 20:06 . 2009-11-02 14:25 -------- d-----w- c:\program files\Call of Duty
2010-01-13 16:18 . 2009-08-01 12:30 -------- d-----w- c:\program files\Any Audio Converter
2010-01-10 12:46 . 2010-01-10 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2010-01-10 12:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-10 12:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 13:01 . 2009-11-13 17:27 -------- d-----w- c:\program files\Silent Hunter Wolves of the Pacific
2009-12-31 16:50 . 2004-08-18 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-25 11:48 . 2009-12-25 11:48 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 15:54 . 2009-10-28 18:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-18 22:16 . 2009-12-18 22:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-18 15:18 . 2009-12-18 15:17 -------- d-----w- c:\program files\Kalendar
2009-12-17 07:42 . 2009-03-18 12:48 343552 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-10 14:45 . 2009-12-10 14:45 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 10:22 . 2003-03-19 11:05 106496 ------w- c:\windows\system32\ATL71.DLL
2009-12-04 18:22 . 2004-08-18 12:00 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-25 10:19 . 2009-12-30 11:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 12:30 . 2009-11-19 12:30 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-16 08:06 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Organizér"="c:\program files\Fireluke\Organizer\Organizer.exe" [2009-05-12 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"CTHelper"=CTHELPER.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Silent Hunter Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25402:TCP"= 25402:TCP:BitComet 25402 TCP
"25402:UDP"= 25402:UDP:BitComet 25402 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:47 691696]
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [18.3.2009 14:02 72192]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5.10.2009 14:45 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [5.10.2009 14:46 21504]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [28.1.2010 17:04 1287296]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25.1.2007 22:45 6784]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
2010-01-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\documents and settings\user10\Data aplikací\Mozilla\Firefox\Profiles\o9ouvsh9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 18:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwj.sys >>UNKNOWN [0x8A77D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf7b23bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b30a21
SendHandler -> NDIS.sys @ 0xf7b0e87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
[HKEY_USERS\S-1-5-21-1957994488-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CBABBE75B9BD523F18FCD963615923D7CE0C1575EBEC7A23649566C114CCCDE8915D3D515066D5F8F938E756A7515EB3231ED27B4AEB7199BED51639888944F1442A514511B30076562CD48C0374D61E7C10A137C9B8E5E6AF0EB84C54BCEABFA95E2F571089FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794D817F06DDAB86AE04BA12BBA56F87B150CB14F6BA5582B80AB20BC256E17A5D86EF54C7E1A7A9D0B02D3A37272F3CEB80261DE66105A4C4A49538B4394BA25889B7A6C98B9AAD0D195E716D728BAF2D0731C5694AC6867D225D2E9E02D33A72034C80B3179AC7B6C75A8C2D064A8F1588D7696ECB477BB784B1980285DAF45FDC165B3418B07A7DB48C5B94906BF6E0DB5E957EBD320A0D9F90A4A453D022642813C47C697E4F561E7D261AE61221BF10050A3112C20FD5D25E916685D1F89D2619BFBC2B9159A83E0C67374BD9841D0386B5ADE5256D1A7756209C6BEA1C05988B3D83CFE8BD90AF5FEFC91D88E3CB1DBDFAD5E4FC8AB27457F9A18D7C6B342CD1E3BBC6B5D91861CB7617FE1147D661EB6A399A020340CA335961A12715BBE3FD3545075C530497C16D43EFCDC0800E55A1822B6AAA1C9D4579C0ECBA6C6C31CB2288909A5B8E875A262CE42C074564D1DBA0AF6574319519F20365690180B59FD907E05FCC23F97C5E6B9BC3CEF0522328B6ABABC7976432B6ADCF87D85901F5B39C83BF4796AA85294876DEF396B6833E3DD4E9138A00B7B954FEC5F5897CAD5A30574579CCCA37970C8C89DA6ABD59AED84F2350B1CBA7791DB604B71A2EBDC24566A93FD8C3452560FB5AD1EADD44BA7015E260F339CE5225AF57C40FCC8BF64E1CCBC86933CD97172102E9D9B840864FCB80CF36E2975E09FC2CE4CB357375F50BE08B110D16E458BA94C35E5B679CAA11FAD7FA112B7370C51C62F96C55E68CFD5D28D75BE5427F945DD09BEF12C56A1A3F80C5D39A2E67E9F87193CF431A1139F9ABCF7FE32BFE09A5A501E7090542D4A7E06FC370E02DA9F5DC9FBF71485CE9803F81245138FE5D6DBD93F22FA68FE8BF26E1BD7B8700B37B49AF498CBDFBCB5D18B04776765B419250320A8248AD0552FDA171A446F7C412072075384D29ADCF255CC2E0268FB7598C1055BA7836288B0F51731B30D9D8AD5D1D7574CD1A96A744835381A136D733E1DF3C20672797A97F9028473AF64D5ADC9D08A93A6B02B0BEB46154C313F90C1B3B91FA54B5A74A93B84314F0C495828029E05336D78E38BDA4DFB16E6AD3C7333E363CBD3D3B1CF9D0E06F8AF493DE6B2B2146416CECB71465ED6DB28775A47624635A6283365951A530585F8E4222E2CC1B6C5E7840D5CEFCEC066"
"OODEFRAG11.00.00.01WORKSTATION"="3A9ABEA354DD0B205D72385863050C6A0A6EDDD772974DF63A1048EFCE92C61C28705FD3A412188C0A7E1D4C73A0B450A9C8A479B9055FCEB9E0232B89AC76EB14C889B9D6A3122E2D6E8B81261AF0FCED3E766004F732EB5141D6CACC06E48F50C76C6AC225DF6C2CA9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794B3B50493C45FDCA9BA91D43B1E0199247F4929A6912E6ACBCEBC06D2052EA611FB0A48060E762F93D5AFBD835C1230E46A3C0CD7599EB0D7181669A7AE56EFD7FBC8291B8AA720DE99EA8D5643E3DA71688FF5F73EF8762CA6C7D2B932392B61FA36F28D2CB9FACB6933965B71B677489DFADEC22E9653A878F37EF4E86BBF8DF4FE469859979CD9E15CFE427D6DFBAC619B91F709F1EF72C01F7A4C2221AD039A3018806ED0F951CD9CC0BD6C90EEA5BCF0ACDA24AC09F1E8B3AB321FB4852B523B31893A179ABBAF112985BCCB6EFE6EE0A3B3C88CEED10BFE4A2196A37031B3782E7CFE4298E53D37D852DCEEA946E832BB4D34F9890476B162943110A50889A18028754E25E3DF7348E2326E66D0539290781703CF3B2FE1D28C0EBF756356D4ECDEC557818B350EBE7C92617AB40811118716565070EC88CE0F3E1EC13ECD948AF4122306750F305B624D0453CC942480D24BCAAB5F1B836025493680D359474845EB161E02F16B8E621F36F1383D21F4B643D718885A13E0D9283BBB26143765AB593DC85198B2A0493EFCE9DA77C7D8917E9BDDB0FBDD013F4984137A5014F78B5745184B6F5BA86951FD64DBEC366BC6F2D6D9DE88EC44688D0AB6D990ED6849D483361898A3951AF4871C267EF0C0C088EC7F5FBBAE046FCCE96E128EBC72CFB26D5BA769A9A9B63A87E1673CE13C671DE8D1C285F1E970D0671333B6DA288CC91ED82CEB717A9CA3931A95EED41CAD0276EADC08EEF60C55E7959329066D70E4D4119ADCE0F12F29623EE50F79ED047B6677C51CBC7E670F7375CA3B61FB7143F3FA2E2F454CD438CF58534C649365422E3A5A4DDA29AAA2BA4B37F472DF091703A3E3074C9C782F5C8A1F098EC44B04E607BAD928F1812B8E3FF892A4F835872C28FE3E8A4808E32C88C95BD38C35624C48C936ECA79E36E311F685457EF6AF3EBC04E1F60A779C869A9B0FF54929F0407A318A5170B5C4D59159EF08F6559F2D293FB4ED6FBC17571CA02117ADABB9C72FDBB0E142004D22298CAE0340D7D80FC7BD2B2D5852812F7FA7C5C0BF4BB90C0CFA3A1068383B2A50C2C9AF8B8E53200851EED97C3702C0C6C2E0E0DB15E158498168B284A1EAF3167084ECDB0A7ABC6D91DEF866EC2EE48B498FC4AF1F979F35A835820AFE30299C4F527D0C5F2C6A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-13 18:59:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-13 17:59
Před spuštěním: Volných bajtů: 35 826 196 480
Po spuštění: Volných bajtů: 35 673 092 096
- - End Of File - - 0DC8B4EC190239C362D7D1CF75179DB5
ComboFix 10-02-12.01 - user10 13.02.2010 18:47:02.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1650 [GMT 1:00]
Spuštěný z: c:\documents and settings\user10\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user10\Plocha\CFScript.txt..txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IOLOFILEINFOLIST
-------\Legacy_IOLOSYSTEMSERVICE
-------\Service_ioloFileInfoList
-------\Service_ioloSystemService
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 13:43 . 2010-02-13 13:43 -------- d-----w- c:\program files\PowerQuest
2010-02-13 11:28 . 2010-02-13 11:28 -------- d-----w- c:\program files\ESET
2010-02-13 09:59 . 2010-02-13 09:59 28672 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-12 07:35 . 2010-02-12 07:35 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-12 07:35 . 2010-02-12 07:35 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-11 15:13 . 2010-02-11 15:13 -------- d--h--w- c:\windows\PIF
2010-02-10 20:37 . 2010-02-10 20:37 -------- d-----w- c:\program files\Microsoft Games
2010-02-08 07:28 . 2010-02-09 06:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-07 15:31 . 2010-02-07 15:31 -------- d-----w- c:\windows\system32\AGEIA
2010-02-06 19:34 . 2010-02-13 08:35 -------- d-----w- c:\program files\Nexus Radio
2010-02-06 19:34 . 2010-02-06 19:34 -------- d-----w- c:\windows\system32\Nexus Radio
2010-02-06 12:02 . 2010-02-10 14:10 -------- d-----w- c:\program files\BitComet
2010-02-05 16:42 . 2010-02-05 16:43 -------- d-----w- c:\program files\German Truck Simulator
2010-02-05 16:03 . 2010-02-05 16:03 -------- d-----w- c:\program files\Loaris
2010-02-05 15:48 . 2010-02-05 15:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-05 15:46 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-05 15:45 . 2010-02-12 18:06 -------- d-----w- c:\program files\ATI Technologies
2010-02-05 13:52 . 2010-02-05 13:52 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-05 13:49 . 2010-02-05 13:51 -------- d-----w- c:\program files\Euro Truck Simulator
2010-02-05 13:39 . 2010-02-05 13:39 -------- d-----w- c:\program files\AnvSoft
2010-02-04 08:04 . 2010-02-05 16:22 -------- d-----w- c:\program files\TrojanHunter 4.7
2010-01-30 12:01 . 2009-06-30 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-30 10:59 . 2005-12-10 02:06 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-30 09:46 . 2009-02-25 21:09 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-01-30 09:46 . 2009-02-25 21:42 442368 ----a-r- c:\windows\system32\ATIDEMGX.dll
2010-01-30 09:46 . 2009-02-25 20:58 887724 ----a-r- c:\windows\system32\ativva6x.dat
2010-01-30 09:46 . 2009-02-25 20:58 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2010-01-30 09:46 . 2009-01-26 17:55 182995 ----a-r- c:\windows\system32\atiicdxx.dat
2010-01-30 09:12 . 2010-01-30 09:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-29 00:08 . 2010-02-13 17:52 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-29 00:08 . 2010-02-13 17:52 24 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80641102}.dat
2010-01-28 21:25 . 2001-05-28 12:47 12288 ------w- c:\windows\system32\AHQCpURes.dll
2010-01-28 21:24 . 2010-01-31 20:19 -------- d-----w- c:\program files\Creative
2010-01-28 21:24 . 1999-12-17 00:00 6752 ------w- c:\windows\system32\PFMODNT.SYS
2010-01-28 19:52 . 2001-08-17 19:19 3712 -c--a-w- c:\windows\system32\dllcache\ctljystk.sys
2010-01-28 19:52 . 2001-08-17 19:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2010-01-28 17:43 . 2010-01-28 17:48 -------- d-----w- c:\program files\RegCure
2010-01-28 16:04 . 2005-05-12 13:39 1287296 ----a-w- c:\windows\system32\drivers\cmudax.sys
2010-01-28 16:04 . 2004-02-18 13:19 16384 ----a-w- c:\windows\system32\udaprop.dll
2010-01-28 16:04 . 2002-04-29 14:04 917504 ----a-w- c:\windows\system\cmids3d.dll
2010-01-28 16:04 . 2001-11-23 11:08 712704 ----a-w- c:\windows\system32\Audio3D.dll
2010-01-27 15:36 . 2010-01-29 19:54 -------- d-----w- c:\documents and settings\user10\Data aplikaci
2010-01-24 14:09 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-24 14:09 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-24 14:09 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-24 14:09 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-24 14:09 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-24 14:09 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-24 14:09 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-23 17:35 . 2010-02-13 11:21 -------- d-----w- c:\documents and settings\All Users\Plocha
2010-01-23 13:12 . 2010-01-23 13:12 -------- d--h--w- c:\documents and settings\user10\Okolní síť
2010-01-23 10:11 . 2010-01-23 17:39 -------- d-----w- c:\program files\Windows Media Connect 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 17:57 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-02-13 17:57 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 18:05 . 2009-03-18 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 16:50 . 2009-11-21 11:02 520192 ----a-w- c:\windows\system32\Side 9 Screensaver.scr
2010-02-09 13:14 . 2009-12-25 07:48 67296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-09 09:32 . 2009-11-05 19:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-06 13:17 . 2009-12-21 15:34 -------- d-----w- c:\program files\VSO
2010-02-05 21:45 . 2009-10-05 12:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 13:40 . 2009-07-22 16:44 -------- d-----w- c:\program files\RapidDown
2010-02-02 21:47 . 2009-12-31 08:56 -------- d-----w- c:\program files\Krtecek
2010-02-01 08:31 . 2009-11-23 10:27 -------- d-----w- c:\program files\IObit
2010-01-29 17:40 . 2010-01-12 17:46 -------- d-----w- c:\program files\Ashampoo
2010-01-28 19:02 . 2009-12-30 21:40 -------- d-----w- c:\program files\RadioSure
2010-01-27 20:06 . 2009-11-02 14:25 -------- d-----w- c:\program files\Call of Duty
2010-01-13 16:18 . 2009-08-01 12:30 -------- d-----w- c:\program files\Any Audio Converter
2010-01-10 12:46 . 2010-01-10 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2010-01-10 12:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-10 12:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 13:01 . 2009-11-13 17:27 -------- d-----w- c:\program files\Silent Hunter Wolves of the Pacific
2009-12-31 16:50 . 2004-08-18 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-25 11:48 . 2009-12-25 11:48 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-21 19:08 . 2004-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 15:54 . 2009-10-28 18:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-18 22:16 . 2009-12-18 22:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-18 15:18 . 2009-12-18 15:17 -------- d-----w- c:\program files\Kalendar
2009-12-17 07:42 . 2009-03-18 12:48 343552 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-10 14:45 . 2009-12-10 14:45 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 10:22 . 2003-03-19 11:05 106496 ------w- c:\windows\system32\ATL71.DLL
2009-12-04 18:22 . 2004-08-18 12:00 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-25 10:19 . 2009-12-30 11:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 12:30 . 2009-11-19 12:30 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-16 08:06 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalendar"="c:\program files\Kalendar\kalendar.exe" [2005-11-09 580608]
"Organizér"="c:\program files\Fireluke\Organizer\Organizer.exe" [2009-05-12 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"CTHelper"=CTHELPER.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Silent Hunter Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25402:TCP"= 25402:TCP:BitComet 25402 TCP
"25402:UDP"= 25402:UDP:BitComet 25402 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:47 691696]
R0 viaraid;viaraid;c:\windows\system32\drivers\viaraid.sys [18.3.2009 14:02 72192]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 9:04 735960]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5.10.2009 14:45 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [5.10.2009 14:46 21504]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [28.1.2010 17:04 1287296]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [23.6.2009 13:34 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [23.6.2009 13:34 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [23.6.2009 13:35 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [23.6.2009 13:34 566296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25.1.2007 22:45 6784]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
2010-01-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 02:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
FF - ProfilePath - c:\documents and settings\user10\Data aplikací\Mozilla\Firefox\Profiles\o9ouvsh9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 18:54
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwj.sys >>UNKNOWN [0x8A77D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf7b23bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7b30a21
SendHandler -> NDIS.sys @ 0xf7b0e87b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,54,fc,04,83,59,61,4b,ab,fc,5c,\
[HKEY_USERS\S-1-5-21-1957994488-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CBABBE75B9BD523F18FCD963615923D7CE0C1575EBEC7A23649566C114CCCDE8915D3D515066D5F8F938E756A7515EB3231ED27B4AEB7199BED51639888944F1442A514511B30076562CD48C0374D61E7C10A137C9B8E5E6AF0EB84C54BCEABFA95E2F571089FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794D817F06DDAB86AE04BA12BBA56F87B150CB14F6BA5582B80AB20BC256E17A5D86EF54C7E1A7A9D0B02D3A37272F3CEB80261DE66105A4C4A49538B4394BA25889B7A6C98B9AAD0D195E716D728BAF2D0731C5694AC6867D225D2E9E02D33A72034C80B3179AC7B6C75A8C2D064A8F1588D7696ECB477BB784B1980285DAF45FDC165B3418B07A7DB48C5B94906BF6E0DB5E957EBD320A0D9F90A4A453D022642813C47C697E4F561E7D261AE61221BF10050A3112C20FD5D25E916685D1F89D2619BFBC2B9159A83E0C67374BD9841D0386B5ADE5256D1A7756209C6BEA1C05988B3D83CFE8BD90AF5FEFC91D88E3CB1DBDFAD5E4FC8AB27457F9A18D7C6B342CD1E3BBC6B5D91861CB7617FE1147D661EB6A399A020340CA335961A12715BBE3FD3545075C530497C16D43EFCDC0800E55A1822B6AAA1C9D4579C0ECBA6C6C31CB2288909A5B8E875A262CE42C074564D1DBA0AF6574319519F20365690180B59FD907E05FCC23F97C5E6B9BC3CEF0522328B6ABABC7976432B6ADCF87D85901F5B39C83BF4796AA85294876DEF396B6833E3DD4E9138A00B7B954FEC5F5897CAD5A30574579CCCA37970C8C89DA6ABD59AED84F2350B1CBA7791DB604B71A2EBDC24566A93FD8C3452560FB5AD1EADD44BA7015E260F339CE5225AF57C40FCC8BF64E1CCBC86933CD97172102E9D9B840864FCB80CF36E2975E09FC2CE4CB357375F50BE08B110D16E458BA94C35E5B679CAA11FAD7FA112B7370C51C62F96C55E68CFD5D28D75BE5427F945DD09BEF12C56A1A3F80C5D39A2E67E9F87193CF431A1139F9ABCF7FE32BFE09A5A501E7090542D4A7E06FC370E02DA9F5DC9FBF71485CE9803F81245138FE5D6DBD93F22FA68FE8BF26E1BD7B8700B37B49AF498CBDFBCB5D18B04776765B419250320A8248AD0552FDA171A446F7C412072075384D29ADCF255CC2E0268FB7598C1055BA7836288B0F51731B30D9D8AD5D1D7574CD1A96A744835381A136D733E1DF3C20672797A97F9028473AF64D5ADC9D08A93A6B02B0BEB46154C313F90C1B3B91FA54B5A74A93B84314F0C495828029E05336D78E38BDA4DFB16E6AD3C7333E363CBD3D3B1CF9D0E06F8AF493DE6B2B2146416CECB71465ED6DB28775A47624635A6283365951A530585F8E4222E2CC1B6C5E7840D5CEFCEC066"
"OODEFRAG11.00.00.01WORKSTATION"="3A9ABEA354DD0B205D72385863050C6A0A6EDDD772974DF63A1048EFCE92C61C28705FD3A412188C0A7E1D4C73A0B450A9C8A479B9055FCEB9E0232B89AC76EB14C889B9D6A3122E2D6E8B81261AF0FCED3E766004F732EB5141D6CACC06E48F50C76C6AC225DF6C2CA9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808BA7FD869164D6794B3B50493C45FDCA9BA91D43B1E0199247F4929A6912E6ACBCEBC06D2052EA611FB0A48060E762F93D5AFBD835C1230E46A3C0CD7599EB0D7181669A7AE56EFD7FBC8291B8AA720DE99EA8D5643E3DA71688FF5F73EF8762CA6C7D2B932392B61FA36F28D2CB9FACB6933965B71B677489DFADEC22E9653A878F37EF4E86BBF8DF4FE469859979CD9E15CFE427D6DFBAC619B91F709F1EF72C01F7A4C2221AD039A3018806ED0F951CD9CC0BD6C90EEA5BCF0ACDA24AC09F1E8B3AB321FB4852B523B31893A179ABBAF112985BCCB6EFE6EE0A3B3C88CEED10BFE4A2196A37031B3782E7CFE4298E53D37D852DCEEA946E832BB4D34F9890476B162943110A50889A18028754E25E3DF7348E2326E66D0539290781703CF3B2FE1D28C0EBF756356D4ECDEC557818B350EBE7C92617AB40811118716565070EC88CE0F3E1EC13ECD948AF4122306750F305B624D0453CC942480D24BCAAB5F1B836025493680D359474845EB161E02F16B8E621F36F1383D21F4B643D718885A13E0D9283BBB26143765AB593DC85198B2A0493EFCE9DA77C7D8917E9BDDB0FBDD013F4984137A5014F78B5745184B6F5BA86951FD64DBEC366BC6F2D6D9DE88EC44688D0AB6D990ED6849D483361898A3951AF4871C267EF0C0C088EC7F5FBBAE046FCCE96E128EBC72CFB26D5BA769A9A9B63A87E1673CE13C671DE8D1C285F1E970D0671333B6DA288CC91ED82CEB717A9CA3931A95EED41CAD0276EADC08EEF60C55E7959329066D70E4D4119ADCE0F12F29623EE50F79ED047B6677C51CBC7E670F7375CA3B61FB7143F3FA2E2F454CD438CF58534C649365422E3A5A4DDA29AAA2BA4B37F472DF091703A3E3074C9C782F5C8A1F098EC44B04E607BAD928F1812B8E3FF892A4F835872C28FE3E8A4808E32C88C95BD38C35624C48C936ECA79E36E311F685457EF6AF3EBC04E1F60A779C869A9B0FF54929F0407A318A5170B5C4D59159EF08F6559F2D293FB4ED6FBC17571CA02117ADABB9C72FDBB0E142004D22298CAE0340D7D80FC7BD2B2D5852812F7FA7C5C0BF4BB90C0CFA3A1068383B2A50C2C9AF8B8E53200851EED97C3702C0C6C2E0E0DB15E158498168B284A1EAF3167084ECDB0A7ABC6D91DEF866EC2EE48B498FC4AF1F979F35A835820AFE30299C4F527D0C5F2C6A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-13 18:59:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-13 17:59
Před spuštěním: Volných bajtů: 35 826 196 480
Po spuštění: Volných bajtů: 35 673 092 096
- - End Of File - - 0DC8B4EC190239C362D7D1CF75179DB5
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
Smazáno. Ještě zkontrolujeme MBR pomocí: http://www2.gmer.net/mbr/mbr.exe . Dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
MBR je OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Cervenacek
- Návštěvník
- Příspěvky: 24
- Registrován: 15 led 2008 21:48
- Bydliště: Vysočina
Re: klavesnice nejdou hacky a carky
bohuzel problem pretrvava .
-
Rudy
- Site Admin
- Příspěvky: 119402
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: klavesnice nejdou hacky a carky
Zkuste obnovu systému k datu, kdy korektně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?