Dobrý den, prprosil bych o kontrolu LOGu.. obcas se zasekne prohlizeni web.stranek ale nic vazneho..
Logfile of random's system information tool 1.07 (written by random/random)
Run by David at 2010-05-06 13:45:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (10%) free of 76 GB
Total RAM: 735 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:13, on 6.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Plocha\RSIT.exe
C:\Program Files\trend micro\David.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CORSAIR_PLUtil] C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\DOCUME~1\David\LOCALS~1\Temp\15765656.dll,W
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8031 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2007-11-29 187504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-23 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-23 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2010-04-05 140880]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"CORSAIR_PLUtil"=C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe [2004-11-11 90112]
"PLFFAP"=C:\WINDOWS\System32\HotfixQ0306270.exe [2003-08-05 45056]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-01 196608]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2007-07-11 53248]
"CyberLat Ram Cleaner"=C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe [2006-02-10 142848]
"ASUS Probe"=C:\Program Files\ASUS\Asus Probe\AsusProb.exe [2002-12-06 617984]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Configuring"=C:\DOCUME~1\David\LOCALS~1\Temp\15765656.dll [2010-04-19 16779]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VideoAcceleratorService"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-20 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0
"MemCheckBoxInRunDlg"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\FreeCall\freecall.exe"="C:\Program Files\FreeCall\freecall.exe:*:Enabled:FreeCall"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-05-03 19:52:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\eboostr
2010-05-03 19:52:24 ----D---- C:\Program Files\eBoostr
2010-05-03 19:50:49 ----D---- C:\Program Files\GameOS
2010-04-28 18:40:29 ----D---- C:\Documents and Settings\David\Data aplikací\PC Updater
2010-04-28 18:40:22 ----D---- C:\Program Files\PC Updater
2010-04-27 22:41:07 ----D---- C:\softpaq
2010-04-27 22:27:47 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-21 21:56:35 ----D---- C:\SWSetup
2010-04-21 21:54:14 ----A---- C:\WINDOWS\system32\VTTimer.exe
2010-04-21 21:54:14 ----A---- C:\WINDOWS\system32\VTovrlay.dll
2010-04-21 21:54:14 ----A---- C:\WINDOWS\system32\VTInfo2.dll
2010-04-21 21:54:13 ----A---- C:\WINDOWS\system32\VTGamma2.dll
2010-04-21 21:54:13 ----A---- C:\WINDOWS\system32\VTDisply.dll
2010-04-21 21:54:09 ----A---- C:\WINDOWS\system32\vticd.dll
2010-04-21 21:54:08 ----A---- C:\WINDOWS\system32\vtdisp.dll
2010-04-21 21:35:43 ----A---- C:\WINDOWS\imsins.BAK
2010-04-21 21:24:50 ----D---- C:\Drivers
2010-04-19 21:33:03 ----A---- C:\WINDOWS\system32\kabaker.dll
2010-04-13 14:12:06 ----D---- C:\rsit
2010-04-12 23:29:21 ----D---- C:\Program Files\FileHippo.com
2010-04-12 19:30:25 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2010-04-12 19:30:25 ----A---- C:\WINDOWS\system32\SMMedia.dll
2010-04-12 19:30:25 ----A---- C:\WINDOWS\SynthCoreA.Dll
2010-04-12 19:30:25 ----A---- C:\WINDOWS\SynCor.exe
2010-04-12 19:30:24 ----D---- C:\WINDOWS\VirtualEar
2010-04-12 19:30:24 ----A---- C:\WINDOWS\system32\SynthCore11Resources.dll
2010-04-12 19:30:24 ----A---- C:\WINDOWS\system32\Syncor11.dll
2010-04-12 19:30:24 ----A---- C:\WINDOWS\system32\S11thk32.dll
2010-04-12 19:30:24 ----A---- C:\WINDOWS\system32\DSndUp.exe
2010-04-12 19:30:24 ----A---- C:\WINDOWS\system32\CleanUp.exe
2010-04-12 19:30:24 ----A---- C:\WINDOWS\system32\Audio3d.dll
2010-04-12 18:56:49 ----D---- C:\Documents and Settings\David\Data aplikací\Malwarebytes
2010-04-12 18:56:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-12 18:56:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-11 16:21:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
2010-04-11 16:19:57 ----D---- C:\Program Files\PC Drivers HeadQuarters
2010-04-11 16:01:38 ----D---- C:\Program Files\XPC Tools
2010-04-11 15:52:30 ----D---- C:\Program Files\Carambis
2010-04-10 19:38:20 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-04-10 19:38:20 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-04-10 19:38:19 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-04-10 19:38:19 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-04-10 19:38:18 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-04-10 19:38:17 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-04-10 19:38:13 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-04-10 19:38:13 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-04-10 19:38:12 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-04-10 19:38:11 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-04-10 19:38:10 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-04-10 19:38:09 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-04-10 19:38:09 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-04-10 19:38:09 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-04-10 19:38:08 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-04-10 19:38:08 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-04-10 19:38:07 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-04-10 19:38:07 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-04-10 19:38:06 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-04-10 19:38:06 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-04-10 19:38:05 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-04-10 19:38:05 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-04-10 19:38:05 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-04-10 19:38:04 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-04-10 19:38:04 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-04-10 19:38:03 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-04-10 19:38:03 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-04-10 19:38:03 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-04-10 19:38:03 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-04-10 19:38:03 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-04-10 19:38:02 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-04-10 19:38:01 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-04-10 19:38:01 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-04-10 19:38:01 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-04-10 19:38:01 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-04-10 19:38:00 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-04-10 19:38:00 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-04-10 19:38:00 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-04-10 19:37:59 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-04-10 19:37:59 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-04-10 19:37:58 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-04-10 19:37:58 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-04-10 19:37:58 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-04-10 19:37:57 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-04-10 19:37:57 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-04-10 19:37:56 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-04-10 19:37:56 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-04-10 19:37:55 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-04-10 19:37:54 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-04-10 19:37:52 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-04-10 19:37:52 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-04-10 19:37:51 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-04-10 19:35:20 ----D---- C:\WINDOWS\Logs
2010-04-10 17:47:03 ----A---- C:\WINDOWS\Ascd_tmp.ini
2010-04-10 17:38:38 ----D---- C:\Program Files\IObit
2010-04-10 17:38:17 ----D---- C:\Program Files\GameGain
2010-04-10 15:33:05 ----D---- C:\Documents and Settings\David\Data aplikací\Auslogics
2010-04-10 15:32:22 ----D---- C:\Program Files\Auslogics
2010-04-09 23:26:26 ----D---- C:\WINDOWS\system32\oodag
2010-04-08 23:09:28 ----D---- C:\Program Files\Defraggler
======List of files/folders modified in the last 1 months======
2010-05-06 13:45:23 ----D---- C:\Program Files\Trend Micro
2010-05-06 13:41:50 ----D---- C:\WINDOWS\Prefetch
2010-05-06 13:40:27 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-06 13:39:49 ----D---- C:\Program Files\Mozilla Firefox
2010-05-06 13:10:21 ----D---- C:\WINDOWS\temp
2010-05-05 15:47:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-05 07:14:49 ----AC---- C:\WINDOWS\win.ini
2010-05-05 07:14:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-04 14:33:57 ----D---- C:\WINDOWS\system32\drivers
2010-05-03 20:16:10 ----AC---- C:\WINDOWS\system.ini
2010-05-03 19:52:24 ----RD---- C:\Program Files
2010-05-03 16:14:25 ----D---- C:\Documents and Settings\David\Data aplikací\AdobeUM
2010-05-02 13:46:08 ----D---- C:\WINDOWS
2010-05-01 16:52:51 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-04-30 15:33:17 ----ASH---- C:\boot.ini
2010-04-28 18:59:05 ----D---- C:\WINDOWS\system32
2010-04-28 18:56:11 ----SHD---- C:\WINDOWS\Installer
2010-04-28 18:56:11 ----D---- C:\Config.Msi
2010-04-28 18:56:06 ----D---- C:\WINDOWS\Help
2010-04-28 18:40:33 ----HD---- C:\WINDOWS\inf
2010-04-27 22:41:29 ----D---- C:\Program Files\VIA
2010-04-27 22:34:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-27 22:17:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-27 22:17:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-21 21:36:27 ----D---- C:\WINDOWS\Cursors
2010-04-15 00:03:03 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-04-14 15:45:16 ----D---- C:\Install
2010-04-13 21:16:37 ----D---- C:\Hry
2010-04-13 18:05:23 ----D---- C:\Documents and Settings
2010-04-13 00:48:38 ----RSD---- C:\WINDOWS\Fonts
2010-04-12 23:26:26 ----D---- C:\Program Files\CCleaner
2010-04-12 19:30:24 ----D---- C:\WINDOWS\system
2010-04-12 19:30:23 ----AC---- C:\WINDOWS\system32\msssc.dll
2010-04-12 18:40:53 ----D---- C:\WINDOWS\twain_32
2010-04-12 18:40:53 ----D---- C:\WINDOWS\system32\DirectX
2010-04-12 18:40:43 ----SHD---- C:\WINDOWS\CSC
2010-04-11 16:21:14 ----RSD---- C:\WINDOWS\assembly
2010-04-11 16:19:38 ----D---- C:\WINDOWS\system32\config
2010-04-11 16:10:13 ----AC---- C:\WINDOWS\system32\BASSMOD.dll
2010-04-09 23:11:39 ----D---- C:\Program Files\OO Software
2010-04-08 22:48:22 ----AC---- C:\WINDOWS\wincmd.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\System32\drivers\SSHDRV65.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [2007-03-12 271360]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [2007-03-12 18048]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-01-02 223128]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\System32\drivers\AWRTPD.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2008-03-05 17480]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-08-21 11264]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-28 47360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2004-09-03 53248]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-06-05 561152]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-23 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-01-09 355584]
S4 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
S4 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2010-04-05 300656]
-----------------EOF-----------------
Díky predem
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka 6.5.2010
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka 6.5.2010
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka 6.5.2010
Provedeno, tu je LOG:
ComboFix 10-05-06.04 - David 07.05.2010 13:28:38.11.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.513 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\olepro32.dll
c:\windows\system32\csftxctl.ocx
c:\windows\system32\kabaker.dll
c:\windows\system32\msssc.dll
c:\windows\system32\VB6KO.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-06 15:39 . 2010-05-06 15:39 1370 ----a-w- C:\cc_20100506_173919.reg
2010-05-06 15:26 . 1998-07-30 10:47 363892 ----a-w- c:\windows\ISUN16.EXE
2010-05-06 15:26 . 1995-07-13 15:43 26768 ----a-w- c:\windows\system\CTL3D.DLL
2010-05-03 17:50 . 2010-05-06 15:39 -------- d-----w- c:\program files\GameOS
2010-04-30 13:10 . 2010-04-30 13:10 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-28 16:40 . 2010-04-28 16:51 -------- d-----w- c:\program files\PC Updater
2010-04-27 20:41 . 2010-04-27 20:41 -------- d-----w- C:\softpaq
2010-04-21 19:56 . 2010-04-21 19:56 -------- d-----w- C:\SWSetup
2010-04-21 19:54 . 2003-06-03 09:07 311296 ----a-r- c:\windows\system32\VTovrlay.dll
2010-04-21 19:54 . 2003-06-02 18:15 229376 ----a-r- c:\windows\system32\VTInfo2.dll
2010-04-21 19:54 . 2003-05-07 08:32 36864 ----a-r- c:\windows\system32\VTTimer.exe
2010-04-21 19:54 . 2003-06-03 08:53 303104 ----a-r- c:\windows\system32\VTGamma2.dll
2010-04-21 19:54 . 2003-06-02 18:41 397312 ----a-r- c:\windows\system32\VTDisply.dll
2010-04-21 19:54 . 2004-01-27 14:02 2311624 ----a-r- c:\windows\system32\vticd.dll
2010-04-21 19:54 . 2003-06-07 08:43 258944 ----a-r- c:\windows\system32\drivers\vtmini.sys
2010-04-21 19:54 . 2003-06-07 08:43 1517440 ----a-r- c:\windows\system32\vtdisp.dll
2010-04-21 19:24 . 2010-04-21 19:24 -------- d-----w- C:\Drivers
2010-04-20 19:06 . 2010-04-20 19:06 -------- d-----w- c:\documents and settings\Mamka\WINDOWS
2010-04-19 14:11 . 2010-04-19 14:11 3310 ----a-w- C:\cc_20100419_161100.reg
2010-04-13 12:12 . 2010-04-13 12:12 -------- d-----w- C:\rsit
2010-04-12 21:29 . 2010-04-12 21:29 -------- d-----w- c:\program files\FileHippo.com
2010-04-12 21:29 . 2010-04-12 21:29 6702 ----a-w- C:\cc_20100412_232901.reg
2010-04-12 17:30 . 2003-05-12 14:55 978944 ----a-w- c:\windows\SynthCoreA.Dll
2010-04-12 17:30 . 2002-08-30 11:59 380928 ----a-w- c:\windows\SynCor.exe
2010-04-12 17:30 . 2001-09-11 16:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-04-12 17:30 . 2001-09-11 14:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-04-12 17:30 . 2010-04-12 17:30 -------- d-----w- c:\windows\VirtualEar
2010-04-12 17:30 . 2003-06-16 06:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-04-12 17:30 . 2002-11-06 20:23 49152 ----a-w- c:\windows\system32\S11thk32.dll
2010-04-12 17:30 . 2002-11-06 18:00 40820 ----a-w- c:\windows\system32\Syncor11.dll
2010-04-12 17:30 . 2002-07-24 13:06 45056 ----a-w- c:\windows\system32\SynthCore11Resources.dll
2010-04-12 17:30 . 2002-04-17 14:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-04-12 17:30 . 2001-09-19 12:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-04-12 17:30 . 2001-09-19 12:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-04-12 16:56 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 16:56 . 2010-04-12 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 16:56 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 14:19 . 2010-04-11 14:19 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-04-11 14:01 . 2010-04-11 14:01 -------- d-----w- c:\program files\XPC Tools
2010-04-11 13:52 . 2010-04-11 14:00 -------- d-----w- c:\program files\Carambis
2010-04-10 17:37 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-04-10 17:35 . 2010-04-10 17:35 -------- d-----w- c:\windows\Logs
2010-04-10 15:51 . 2003-07-15 14:00 578368 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-04-10 15:51 . 2003-04-08 09:30 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-04-10 15:51 . 2002-04-01 12:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-04-10 15:48 . 2002-12-27 02:41 26880 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-04-10 15:38 . 2010-04-10 15:38 -------- d-----w- c:\program files\IObit
2010-04-10 15:38 . 2010-04-10 16:07 -------- d-----w- c:\program files\GameGain
2010-04-10 13:32 . 2010-04-10 14:07 -------- d-----w- c:\program files\Auslogics
2010-04-09 21:26 . 2010-04-10 14:15 -------- d-----w- c:\windows\system32\oodag
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\program files\Defraggler
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 15:11 . 2006-04-25 14:41 2512 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 11:45 . 2009-03-28 16:49 -------- d-----w- c:\program files\Trend Micro
2010-04-27 20:41 . 2006-04-26 11:38 -------- d-----w- c:\program files\VIA
2010-04-27 20:34 . 2005-11-04 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 22:03 . 2007-09-04 16:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-12 21:26 . 2007-03-09 13:49 -------- d-----w- c:\program files\CCleaner
2010-04-09 21:11 . 2007-10-11 05:04 -------- d-----w- c:\program files\OO Software
2010-04-06 12:29 . 2008-08-26 21:43 -------- d-----w- c:\program files\DAP
2010-04-05 19:07 . 2010-04-05 19:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-04-05 07:19 . 2008-06-26 13:21 -------- d-----w- c:\program files\Opera
2010-04-01 12:00 . 2010-04-01 12:00 103590 ----a-w- C:\cc_20100401_140019.reg
2010-03-30 14:35 . 2007-11-28 16:49 -------- d-----w- c:\program files\BSplayer
2010-03-28 19:37 . 2007-03-12 12:15 240856 -c--a-w- c:\windows\War3Unin.dat
2010-03-28 06:54 . 2001-10-25 14:00 392918 -c--a-w- c:\windows\system32\perfh005.dat
2010-03-28 06:54 . 2001-10-25 14:00 69926 -c--a-w- c:\windows\system32\perfc005.dat
2010-03-27 21:17 . 2006-04-14 09:32 -------- d-----w- c:\program files\DivX
2010-03-27 21:15 . 2010-01-21 15:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-26 16:10 . 2007-11-08 15:22 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-03-21 14:22 . 2002-03-25 20:02 12400 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-21 14:13 . 2006-02-18 18:14 1048 -c--a-w- c:\windows\eReg.dat
2010-03-21 13:35 . 2010-03-21 13:35 -------- d-----w- c:\program files\UBISOFT
2010-03-13 08:54 . 2010-03-13 08:54 -------- d-----w- c:\program files\GIMP-2.0
2010-03-11 22:36 . 2010-03-11 22:36 -------- d-----w- c:\program files\VoipBuster.com
2010-03-11 17:11 . 2010-03-11 17:10 -------- d-----w- c:\program files\VDownloader 1.13
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-23 18:29 . 2010-02-23 18:30 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2006-12-15 14:51 . 2006-11-11 20:46 2313 -c--a-w- c:\program files\SimFero.lnk
2006-12-02 17:31 . 2005-11-30 13:57 803 -c--a-w- c:\program files\Windows Media Player.lnk
2006-11-03 21:22 . 2006-11-03 21:22 502 -c--a-w- c:\program files\fgbe.lnk
2006-09-27 19:36 . 2006-09-27 19:36 661 -c--a-w- c:\program files\guide.lnk
2006-09-12 12:50 . 2006-09-12 12:50 704 -c--a-w- c:\program files\project dogwaffle.LNK
2005-11-30 13:58 . 2005-11-30 13:58 738 -c--a-w- c:\program files\Outlook Express.lnk
2005-11-30 13:58 . 2005-11-30 13:58 767 -c--a-w- c:\program files\Internet Explorer.lnk
2005-11-04 08:28 . 2005-11-30 13:57 1599 -c--a-w- c:\program files\Vzdálená pomoc.lnk
2004-10-01 14:00 . 2007-02-16 14:27 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2010-04-05 18:58 . 2008-08-26 21:44 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2005-06-22 06:37 . 2006-05-24 18:37 45568 -csha-r- c:\windows\system32\cygz.dll
.
------- Sigcheck -------
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberLat Ram Cleaner"="c:\program files\CyberLat\CyberLat RAM Cleaner 2" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CORSAIR_PLUtil"="c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2004-11-11 90112]
"PLFFAP"="c:\windows\System32\HotfixQ0306270.exe" [2003-08-05 45056]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-07-11 53248]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"VTTimer"="VTTimer.exe" [2003-05-07 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VideoAcceleratorService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Hry\\AoE 2\\empires2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downlaoder
"6999:TCP"= 6999:TCP:Blizzard Downlaoder
R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [25.12.2005 10:55 7424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [30.3.2007 18:22 120320]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2006 16:47 721904]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [30.4.2010 15:10 23456]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-05-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Baixar com o Rapidown...
IE: Baixar tudo com o Rapidown...
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout vše pomocí &Net Transportu
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{1537E842-0000-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0001-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0000-11D2-8059-111111111111} - {1537E842-0E00-11D2-8059-000000000000} -
IE: {{1537E842-0001-11D2-8059-111111111111} - {1537E842-0E01-11D2-8059-000000000000} -
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\op7kl1m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\documents and settings\David\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
AddRemove-Tank Arena - h:\555\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 13:34
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.08]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,5e,37,e9,b1,93,32,dd,b7,0d,04,a9,3a,86,99,67,1f,f1,7a,93,55,
10,92,7e,20,7a,4b,a2,e9,26,6e,2b,67,e1,c8,82,93,d5,db,c6,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c31aa4b0-6446-4be7-be71-1f3308a8fbf5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:00000015
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BE16BA102A964DFC63262C5C3D63818195EB84B8E3FDC447CB9DB4085236E2A73BD456C440D986728CD4DC6C385D34F6B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DB2C58FF460DDC7389774F7B80F090F290A866103DE5058A188983101AC5D64A4BD146CD197E06F1641679EC9AF0FBD8731451A47EEA4029791F7749D890A896184C2E908087240FACC5501B03523FB81A1CE82495933233B5751432E446C96424D1F3CA0B2337A463A54F40AEE003FD8BA2537D4D7ED844EB32E1E50A4D1CAA892DE682B8964F39A436224751D8011110EABA83A986986553BFCDA2665A6793C0197C73A75EF92DF51DF109673278DF166AC1A50BEE01A9AAE12A154B47F0965794488645262D340819009159C98E688BDD523EC5FB0C52B09A06E85B693F5D313462D43F06948ABA71D379CB49CE223C3B930EE04DC23D675C413E7023CCE7916608A77945B14D44A11935CCDA1D9D75B4B00362C0962B3D4FD352B2179378B8039CAA274AE6E33A45EEF09EBB7B9FD9C6627A6C881C39A3CAC4B8693EDE605035CEAEABD7EA582A2586CD9089383B153C58DA9BFB29F29F3982433CC60272305B93DFB118C18C06A39010A8F0FCBD37E8DEDACEAAE5EBF77EBDF6E33BB59699E24E70582BBBAB1CF9A78D8E3263C87D1C1D99E1AABFE0479B3727A238EEF9C1ED4E4369794155C5EFD710B59FA13B4344B33758D0213DFDC64A59CE98CF2C7836481C7CE42450C5448DEE73A50A009C2F8B2297C32C27FB953169ECA0CFCB90653DE741715F94FA3C206BA41904AF3CCFAE3B6105D46545D3B344EFC09BC038F06737BD580F8F9749704D321490AA9D367271F6648EC13493AC57DACA077793B42891E601D98A3A0D846060029EB2191B72F66915D19B5B052E181779602395CB53E240526C52635F910A97308929870C8849418AAC0F7FCEAF63470D2492079EC04D604FC02217754F79A0C5B328E8FDB033973E1EDDCC94DC4729FDE4BCE49DD2086102360F7DBA268B7494314C844175AE091D9402868A8601F7F691DAC3B5EAB85D1C20AD20D87A1651FFD964D94848EA2550BE7E35C8FB19EFEC6646470A9152964263A9A6A86348A78F22AE8BC8FF6171415ACDC5F78775B80ECDC623FE09ECDD93E4280868788123229D32E2B8ABE5B97B767245DBCC044DC7756D8AF065DD0349D8477A657D76E9BCEADEC84AB668E1F5B888F761C73485E2334BF00013B95EB7EFB35C526B3117BB3E4C1A00BC1555B0890B68037C75FC255EC50229CF6026DBAB2359388FBF10A4DB906892779D9F26B17788217CA81BE948B883A09A08119524AB771F6690DF434835A0060084800D84574B923DB2DF70C31"
"OODEFRAG11.00.00.01WORKSTATION"="0F5104407FD6006B46215D5ABB0D0FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D14079DB7CE019D40AA5C03AB4B4130C1AA2C72803D09C40526A434009BCB6B0DAEE325F8C2A455D625DB3069946B00C732FA5C3CAD92B140230838A2740844B2A1920AF468B442CE2BEED32155F555BBE7472A31C2417E634EB8595C41BFA74A0783D62A020C7B7F3B4408A43CF6958F9BC9D399EEDA7E1846F00CEE5B07F3D7F68F1F0569B20BE381761BA74C049A59AB0004927828F52C44AC7980EE78FB039C5528D35431729CC0E390435CB8B0CF0FA71B1DFCF42093122E7C9CFC310816B73869CB4718236ECB321DF2163618D1CDC52C1FEB122CE08CF9A6B1DAD3D17E1A5D13031BF9083F8BC5AD18F91F08DF0724FDE1895539CF2759BB90B00588D1AD2E84757E6CFC9C7B4C5EF6D89BA79D6A4C0D936B165F3F68D8B5EF7A6F5045EA5A550173894F352CB18337DA571454BD8F09C380B029AFE9CBBF6C0A40BDB3E253CD6B4FF2C5DD41AC23E579015FF15A03D4E8850712C55AC3BA8184A85F9B37CEEA5A3BC7188E74B2F773064D0D072E7E085D90FC8E4EFA9D3C1462DE31A12147DE5AB631EF6111FDEFB320F398C7B81DEE5D887C83B523738B68701C280C6BFB105A12D7701977102D5FC0AF6C8D90BE8889286FCB0D3D29A42A4F9EA9C474EC962E73EC2B979CA9079232406B55600908698149B40C47E13A68F22713DC3062C10CD421AA6508D3084E936A6940E1E35565767D000CD3862F92257C3084A565111004AAE82ED5D7EE77D675AF93697A8C493F84E40A87461C0382E6C6936FC3BAB9A1C6D542B7472DD4422CFB365B3E7B49685B8BA89E114E71FBB50D853F9028EC25315615EFF26A93F1DE7EB630E1A6F8518315AE671CC47D56B92D79552278EF572EC2BE58F2014554E05DC6F55EC652AC008F04C160B6A8294847310B91FA6FD604667BDCA27EDB2C8AAFB8CDF04533835904B7271B0AD9E3BBEE15CABDB57A157E822B7CA12732903704086D9744DBB11F6BFA204E5C5B44F0A82E94C7E382D76AC8D0CDD17083EA465BD01E17937366DDB3A5CA3E7EDB60CAF12D7A9770E1B79AE294F65B046FFB9BAA52BB783F81262E3F2FD9F3F36EA12EB96425D57FD2A3E6ED4435A8C27CD49E5A73B987FEF34825E33714BCF687C404E0CACE7164F3DDA9F6CC5969BC915D3BC7BC9B54441D77E26BFDD2AA7203D83A4079479C2AC87B4184444790B97BCE6044DA7BB2B131B485156B8511071F4443A23271CC8D3A65100E62F555B3E93A03949E853B1FCAD3B11188AC8B0B7DBF154756443D0192DBFC7E01F3B35A72809971FCFC4A19657C918602DF740526572860ECCCEA2902EDF237A2DFE80F"
"OODEFRAG12.00.00.01PROFESSIONAL"="A3ACB9793A2C6163653A8CBE0AAC01BD56E9703B0E5663E5AE43FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA2D97226D213B555A2D97226D213B5550577F9987666221BEDACBA16FE6F10C36F4E2DF906CB3A6A629BA2876F9CB6DD44FEC0AA89E4C473BB70D5D35494B9DD37234FB3EE5AEFC1978432B68252D3A5E713AE65C5F8772F2978397E917AB92EADFB40EF86C27AF881C4621BB4EE65196AE8436AEB7F46C7684D66B18261EDBCDAD8A1E73DC9A9C6256F16A9455DCC396749C20A22A5C22CCF0F233ED25DB704704B5A8AEC08CF51A72CF40D535A6B7A211136CE716F00BC5AEE77A896D7FCF2BF7C13F8506C43B5D738E92563F9A947FB326973C7B618D02333302AC38EA7EC3FA7BB8686B85E0423E324035CA2F3FB80B1EBE67625A6B2EEB6E02EB590A5478B1B06BF928201BF9F1296ED0D1039E8DAA992CC32BB4D1E22E6DBD5A9C3675062B96760DCB30DE0833DF85F254F6DD3DDC6F4FB154E31C746C7BCF5C2E0E2C3277C9ADAAF8969D42CEF4687B84588F5FD49EF029B84F8548A6DDD96867493D6DFEC1DD2BA168078984B3DC7BF2705FBD288A31CA8D9535F4003637460DF74AF38AC3225123FC124EC83E1B79800E2069BEBF240801DEEF4DCC7B0009E5689E9FE6C5E5C2C3F1E9CF0E07A20802EA6AB36F108934CF38297FA0C6E5EF1E1D61328746DBB65230D1F10BF12811E66D7F2292BCCF29A56C43DD7B88B6673DEE5AF489F6C377DCC0A5B5B8F780DF9AC81DA1DBCF26D5C0D73D0D54538261CFE45379BDEAE7995F193F585D4C0A9FEDEB3536061EDC7663BCEAFFAC1E9DD4A468793023349E0389C2B85672942F1FDA982426164F6F772539CAC70505902C08CBFA3FB3517FCCD2B58197CB717B3AC10848037A888A99E1CA40D842783BB257F0ABAB290B51428CEA5AC65C09E732368D45A19A2E3BCEAB2338AAA0F2A6603A082206F8307A0780DA1376498FD655BDE1591E4DA0E453E079953F5695392C8444B0EA261324F58BF5F9FE2A799F43971685B1BF04D0A615CAB8AA2A5C58547138935DD13A101C194F4C16C6A1FC0FEF27560E014AE878149C2C48CCA10B7B58868B6D791024C150E7DEE30F07A1CD50AE83D7F0A026BAF3C3B8CB7F30455AF78942B6D6D457A948117E983DFE20CC932710363AC5C1B62F276E048CDB4BE31843F9C1C4A230A6818E3EA5D6E4CCC4BB8C3389DE894ADF102D832891D7E899F271E8B865D952A9B518C9DD8EAF2CBAEC296D3623FC76D1DD0C967E8B57AFC3E2DECE87475D9421EFC3A23B7B3572BACC426C48BC656DB849AB659F7838D163AB5659CCF6EF26BC2C19B105CBDB9C1E08AB2EA952763AB2CF09158EB04DA859F38CD81283D2672C01A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-05-07 13:37:56
ComboFix-quarantined-files.txt 2010-05-07 11:37
Před spuštěním: 7 808 929 792
Po spuštění: 7 750 381 568
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D82171F65D0576E1225997A74943CF4B
ComboFix 10-05-06.04 - David 07.05.2010 13:28:38.11.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.513 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\olepro32.dll
c:\windows\system32\csftxctl.ocx
c:\windows\system32\kabaker.dll
c:\windows\system32\msssc.dll
c:\windows\system32\VB6KO.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-06 15:39 . 2010-05-06 15:39 1370 ----a-w- C:\cc_20100506_173919.reg
2010-05-06 15:26 . 1998-07-30 10:47 363892 ----a-w- c:\windows\ISUN16.EXE
2010-05-06 15:26 . 1995-07-13 15:43 26768 ----a-w- c:\windows\system\CTL3D.DLL
2010-05-03 17:50 . 2010-05-06 15:39 -------- d-----w- c:\program files\GameOS
2010-04-30 13:10 . 2010-04-30 13:10 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-28 16:40 . 2010-04-28 16:51 -------- d-----w- c:\program files\PC Updater
2010-04-27 20:41 . 2010-04-27 20:41 -------- d-----w- C:\softpaq
2010-04-21 19:56 . 2010-04-21 19:56 -------- d-----w- C:\SWSetup
2010-04-21 19:54 . 2003-06-03 09:07 311296 ----a-r- c:\windows\system32\VTovrlay.dll
2010-04-21 19:54 . 2003-06-02 18:15 229376 ----a-r- c:\windows\system32\VTInfo2.dll
2010-04-21 19:54 . 2003-05-07 08:32 36864 ----a-r- c:\windows\system32\VTTimer.exe
2010-04-21 19:54 . 2003-06-03 08:53 303104 ----a-r- c:\windows\system32\VTGamma2.dll
2010-04-21 19:54 . 2003-06-02 18:41 397312 ----a-r- c:\windows\system32\VTDisply.dll
2010-04-21 19:54 . 2004-01-27 14:02 2311624 ----a-r- c:\windows\system32\vticd.dll
2010-04-21 19:54 . 2003-06-07 08:43 258944 ----a-r- c:\windows\system32\drivers\vtmini.sys
2010-04-21 19:54 . 2003-06-07 08:43 1517440 ----a-r- c:\windows\system32\vtdisp.dll
2010-04-21 19:24 . 2010-04-21 19:24 -------- d-----w- C:\Drivers
2010-04-20 19:06 . 2010-04-20 19:06 -------- d-----w- c:\documents and settings\Mamka\WINDOWS
2010-04-19 14:11 . 2010-04-19 14:11 3310 ----a-w- C:\cc_20100419_161100.reg
2010-04-13 12:12 . 2010-04-13 12:12 -------- d-----w- C:\rsit
2010-04-12 21:29 . 2010-04-12 21:29 -------- d-----w- c:\program files\FileHippo.com
2010-04-12 21:29 . 2010-04-12 21:29 6702 ----a-w- C:\cc_20100412_232901.reg
2010-04-12 17:30 . 2003-05-12 14:55 978944 ----a-w- c:\windows\SynthCoreA.Dll
2010-04-12 17:30 . 2002-08-30 11:59 380928 ----a-w- c:\windows\SynCor.exe
2010-04-12 17:30 . 2001-09-11 16:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-04-12 17:30 . 2001-09-11 14:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-04-12 17:30 . 2010-04-12 17:30 -------- d-----w- c:\windows\VirtualEar
2010-04-12 17:30 . 2003-06-16 06:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-04-12 17:30 . 2002-11-06 20:23 49152 ----a-w- c:\windows\system32\S11thk32.dll
2010-04-12 17:30 . 2002-11-06 18:00 40820 ----a-w- c:\windows\system32\Syncor11.dll
2010-04-12 17:30 . 2002-07-24 13:06 45056 ----a-w- c:\windows\system32\SynthCore11Resources.dll
2010-04-12 17:30 . 2002-04-17 14:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-04-12 17:30 . 2001-09-19 12:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-04-12 17:30 . 2001-09-19 12:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-04-12 16:56 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 16:56 . 2010-04-12 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 16:56 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 14:19 . 2010-04-11 14:19 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-04-11 14:01 . 2010-04-11 14:01 -------- d-----w- c:\program files\XPC Tools
2010-04-11 13:52 . 2010-04-11 14:00 -------- d-----w- c:\program files\Carambis
2010-04-10 17:37 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-04-10 17:35 . 2010-04-10 17:35 -------- d-----w- c:\windows\Logs
2010-04-10 15:51 . 2003-07-15 14:00 578368 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-04-10 15:51 . 2003-04-08 09:30 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-04-10 15:51 . 2002-04-01 12:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-04-10 15:48 . 2002-12-27 02:41 26880 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-04-10 15:38 . 2010-04-10 15:38 -------- d-----w- c:\program files\IObit
2010-04-10 15:38 . 2010-04-10 16:07 -------- d-----w- c:\program files\GameGain
2010-04-10 13:32 . 2010-04-10 14:07 -------- d-----w- c:\program files\Auslogics
2010-04-09 21:26 . 2010-04-10 14:15 -------- d-----w- c:\windows\system32\oodag
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\program files\Defraggler
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 15:11 . 2006-04-25 14:41 2512 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 11:45 . 2009-03-28 16:49 -------- d-----w- c:\program files\Trend Micro
2010-04-27 20:41 . 2006-04-26 11:38 -------- d-----w- c:\program files\VIA
2010-04-27 20:34 . 2005-11-04 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 22:03 . 2007-09-04 16:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-12 21:26 . 2007-03-09 13:49 -------- d-----w- c:\program files\CCleaner
2010-04-09 21:11 . 2007-10-11 05:04 -------- d-----w- c:\program files\OO Software
2010-04-06 12:29 . 2008-08-26 21:43 -------- d-----w- c:\program files\DAP
2010-04-05 19:07 . 2010-04-05 19:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-04-05 07:19 . 2008-06-26 13:21 -------- d-----w- c:\program files\Opera
2010-04-01 12:00 . 2010-04-01 12:00 103590 ----a-w- C:\cc_20100401_140019.reg
2010-03-30 14:35 . 2007-11-28 16:49 -------- d-----w- c:\program files\BSplayer
2010-03-28 19:37 . 2007-03-12 12:15 240856 -c--a-w- c:\windows\War3Unin.dat
2010-03-28 06:54 . 2001-10-25 14:00 392918 -c--a-w- c:\windows\system32\perfh005.dat
2010-03-28 06:54 . 2001-10-25 14:00 69926 -c--a-w- c:\windows\system32\perfc005.dat
2010-03-27 21:17 . 2006-04-14 09:32 -------- d-----w- c:\program files\DivX
2010-03-27 21:15 . 2010-01-21 15:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-26 16:10 . 2007-11-08 15:22 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-03-21 14:22 . 2002-03-25 20:02 12400 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-21 14:13 . 2006-02-18 18:14 1048 -c--a-w- c:\windows\eReg.dat
2010-03-21 13:35 . 2010-03-21 13:35 -------- d-----w- c:\program files\UBISOFT
2010-03-13 08:54 . 2010-03-13 08:54 -------- d-----w- c:\program files\GIMP-2.0
2010-03-11 22:36 . 2010-03-11 22:36 -------- d-----w- c:\program files\VoipBuster.com
2010-03-11 17:11 . 2010-03-11 17:10 -------- d-----w- c:\program files\VDownloader 1.13
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-23 18:29 . 2010-02-23 18:30 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2006-12-15 14:51 . 2006-11-11 20:46 2313 -c--a-w- c:\program files\SimFero.lnk
2006-12-02 17:31 . 2005-11-30 13:57 803 -c--a-w- c:\program files\Windows Media Player.lnk
2006-11-03 21:22 . 2006-11-03 21:22 502 -c--a-w- c:\program files\fgbe.lnk
2006-09-27 19:36 . 2006-09-27 19:36 661 -c--a-w- c:\program files\guide.lnk
2006-09-12 12:50 . 2006-09-12 12:50 704 -c--a-w- c:\program files\project dogwaffle.LNK
2005-11-30 13:58 . 2005-11-30 13:58 738 -c--a-w- c:\program files\Outlook Express.lnk
2005-11-30 13:58 . 2005-11-30 13:58 767 -c--a-w- c:\program files\Internet Explorer.lnk
2005-11-04 08:28 . 2005-11-30 13:57 1599 -c--a-w- c:\program files\Vzdálená pomoc.lnk
2004-10-01 14:00 . 2007-02-16 14:27 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2010-04-05 18:58 . 2008-08-26 21:44 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2005-06-22 06:37 . 2006-05-24 18:37 45568 -csha-r- c:\windows\system32\cygz.dll
.
------- Sigcheck -------
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberLat Ram Cleaner"="c:\program files\CyberLat\CyberLat RAM Cleaner 2" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CORSAIR_PLUtil"="c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2004-11-11 90112]
"PLFFAP"="c:\windows\System32\HotfixQ0306270.exe" [2003-08-05 45056]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-07-11 53248]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"VTTimer"="VTTimer.exe" [2003-05-07 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VideoAcceleratorService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Hry\\AoE 2\\empires2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downlaoder
"6999:TCP"= 6999:TCP:Blizzard Downlaoder
R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [25.12.2005 10:55 7424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [30.3.2007 18:22 120320]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2006 16:47 721904]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [30.4.2010 15:10 23456]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-05-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Baixar com o Rapidown...
IE: Baixar tudo com o Rapidown...
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout vše pomocí &Net Transportu
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{1537E842-0000-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0001-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0000-11D2-8059-111111111111} - {1537E842-0E00-11D2-8059-000000000000} -
IE: {{1537E842-0001-11D2-8059-111111111111} - {1537E842-0E01-11D2-8059-000000000000} -
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\op7kl1m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\documents and settings\David\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
AddRemove-Tank Arena - h:\555\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 13:34
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.08]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,5e,37,e9,b1,93,32,dd,b7,0d,04,a9,3a,86,99,67,1f,f1,7a,93,55,
10,92,7e,20,7a,4b,a2,e9,26,6e,2b,67,e1,c8,82,93,d5,db,c6,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c31aa4b0-6446-4be7-be71-1f3308a8fbf5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:00000015
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BE16BA102A964DFC63262C5C3D63818195EB84B8E3FDC447CB9DB4085236E2A73BD456C440D986728CD4DC6C385D34F6B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DB2C58FF460DDC7389774F7B80F090F290A866103DE5058A188983101AC5D64A4BD146CD197E06F1641679EC9AF0FBD8731451A47EEA4029791F7749D890A896184C2E908087240FACC5501B03523FB81A1CE82495933233B5751432E446C96424D1F3CA0B2337A463A54F40AEE003FD8BA2537D4D7ED844EB32E1E50A4D1CAA892DE682B8964F39A436224751D8011110EABA83A986986553BFCDA2665A6793C0197C73A75EF92DF51DF109673278DF166AC1A50BEE01A9AAE12A154B47F0965794488645262D340819009159C98E688BDD523EC5FB0C52B09A06E85B693F5D313462D43F06948ABA71D379CB49CE223C3B930EE04DC23D675C413E7023CCE7916608A77945B14D44A11935CCDA1D9D75B4B00362C0962B3D4FD352B2179378B8039CAA274AE6E33A45EEF09EBB7B9FD9C6627A6C881C39A3CAC4B8693EDE605035CEAEABD7EA582A2586CD9089383B153C58DA9BFB29F29F3982433CC60272305B93DFB118C18C06A39010A8F0FCBD37E8DEDACEAAE5EBF77EBDF6E33BB59699E24E70582BBBAB1CF9A78D8E3263C87D1C1D99E1AABFE0479B3727A238EEF9C1ED4E4369794155C5EFD710B59FA13B4344B33758D0213DFDC64A59CE98CF2C7836481C7CE42450C5448DEE73A50A009C2F8B2297C32C27FB953169ECA0CFCB90653DE741715F94FA3C206BA41904AF3CCFAE3B6105D46545D3B344EFC09BC038F06737BD580F8F9749704D321490AA9D367271F6648EC13493AC57DACA077793B42891E601D98A3A0D846060029EB2191B72F66915D19B5B052E181779602395CB53E240526C52635F910A97308929870C8849418AAC0F7FCEAF63470D2492079EC04D604FC02217754F79A0C5B328E8FDB033973E1EDDCC94DC4729FDE4BCE49DD2086102360F7DBA268B7494314C844175AE091D9402868A8601F7F691DAC3B5EAB85D1C20AD20D87A1651FFD964D94848EA2550BE7E35C8FB19EFEC6646470A9152964263A9A6A86348A78F22AE8BC8FF6171415ACDC5F78775B80ECDC623FE09ECDD93E4280868788123229D32E2B8ABE5B97B767245DBCC044DC7756D8AF065DD0349D8477A657D76E9BCEADEC84AB668E1F5B888F761C73485E2334BF00013B95EB7EFB35C526B3117BB3E4C1A00BC1555B0890B68037C75FC255EC50229CF6026DBAB2359388FBF10A4DB906892779D9F26B17788217CA81BE948B883A09A08119524AB771F6690DF434835A0060084800D84574B923DB2DF70C31"
"OODEFRAG11.00.00.01WORKSTATION"="0F5104407FD6006B46215D5ABB0D0FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D14079DB7CE019D40AA5C03AB4B4130C1AA2C72803D09C40526A434009BCB6B0DAEE325F8C2A455D625DB3069946B00C732FA5C3CAD92B140230838A2740844B2A1920AF468B442CE2BEED32155F555BBE7472A31C2417E634EB8595C41BFA74A0783D62A020C7B7F3B4408A43CF6958F9BC9D399EEDA7E1846F00CEE5B07F3D7F68F1F0569B20BE381761BA74C049A59AB0004927828F52C44AC7980EE78FB039C5528D35431729CC0E390435CB8B0CF0FA71B1DFCF42093122E7C9CFC310816B73869CB4718236ECB321DF2163618D1CDC52C1FEB122CE08CF9A6B1DAD3D17E1A5D13031BF9083F8BC5AD18F91F08DF0724FDE1895539CF2759BB90B00588D1AD2E84757E6CFC9C7B4C5EF6D89BA79D6A4C0D936B165F3F68D8B5EF7A6F5045EA5A550173894F352CB18337DA571454BD8F09C380B029AFE9CBBF6C0A40BDB3E253CD6B4FF2C5DD41AC23E579015FF15A03D4E8850712C55AC3BA8184A85F9B37CEEA5A3BC7188E74B2F773064D0D072E7E085D90FC8E4EFA9D3C1462DE31A12147DE5AB631EF6111FDEFB320F398C7B81DEE5D887C83B523738B68701C280C6BFB105A12D7701977102D5FC0AF6C8D90BE8889286FCB0D3D29A42A4F9EA9C474EC962E73EC2B979CA9079232406B55600908698149B40C47E13A68F22713DC3062C10CD421AA6508D3084E936A6940E1E35565767D000CD3862F92257C3084A565111004AAE82ED5D7EE77D675AF93697A8C493F84E40A87461C0382E6C6936FC3BAB9A1C6D542B7472DD4422CFB365B3E7B49685B8BA89E114E71FBB50D853F9028EC25315615EFF26A93F1DE7EB630E1A6F8518315AE671CC47D56B92D79552278EF572EC2BE58F2014554E05DC6F55EC652AC008F04C160B6A8294847310B91FA6FD604667BDCA27EDB2C8AAFB8CDF04533835904B7271B0AD9E3BBEE15CABDB57A157E822B7CA12732903704086D9744DBB11F6BFA204E5C5B44F0A82E94C7E382D76AC8D0CDD17083EA465BD01E17937366DDB3A5CA3E7EDB60CAF12D7A9770E1B79AE294F65B046FFB9BAA52BB783F81262E3F2FD9F3F36EA12EB96425D57FD2A3E6ED4435A8C27CD49E5A73B987FEF34825E33714BCF687C404E0CACE7164F3DDA9F6CC5969BC915D3BC7BC9B54441D77E26BFDD2AA7203D83A4079479C2AC87B4184444790B97BCE6044DA7BB2B131B485156B8511071F4443A23271CC8D3A65100E62F555B3E93A03949E853B1FCAD3B11188AC8B0B7DBF154756443D0192DBFC7E01F3B35A72809971FCFC4A19657C918602DF740526572860ECCCEA2902EDF237A2DFE80F"
"OODEFRAG12.00.00.01PROFESSIONAL"="A3ACB9793A2C6163653A8CBE0AAC01BD56E9703B0E5663E5AE43FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA2D97226D213B555A2D97226D213B5550577F9987666221BEDACBA16FE6F10C36F4E2DF906CB3A6A629BA2876F9CB6DD44FEC0AA89E4C473BB70D5D35494B9DD37234FB3EE5AEFC1978432B68252D3A5E713AE65C5F8772F2978397E917AB92EADFB40EF86C27AF881C4621BB4EE65196AE8436AEB7F46C7684D66B18261EDBCDAD8A1E73DC9A9C6256F16A9455DCC396749C20A22A5C22CCF0F233ED25DB704704B5A8AEC08CF51A72CF40D535A6B7A211136CE716F00BC5AEE77A896D7FCF2BF7C13F8506C43B5D738E92563F9A947FB326973C7B618D02333302AC38EA7EC3FA7BB8686B85E0423E324035CA2F3FB80B1EBE67625A6B2EEB6E02EB590A5478B1B06BF928201BF9F1296ED0D1039E8DAA992CC32BB4D1E22E6DBD5A9C3675062B96760DCB30DE0833DF85F254F6DD3DDC6F4FB154E31C746C7BCF5C2E0E2C3277C9ADAAF8969D42CEF4687B84588F5FD49EF029B84F8548A6DDD96867493D6DFEC1DD2BA168078984B3DC7BF2705FBD288A31CA8D9535F4003637460DF74AF38AC3225123FC124EC83E1B79800E2069BEBF240801DEEF4DCC7B0009E5689E9FE6C5E5C2C3F1E9CF0E07A20802EA6AB36F108934CF38297FA0C6E5EF1E1D61328746DBB65230D1F10BF12811E66D7F2292BCCF29A56C43DD7B88B6673DEE5AF489F6C377DCC0A5B5B8F780DF9AC81DA1DBCF26D5C0D73D0D54538261CFE45379BDEAE7995F193F585D4C0A9FEDEB3536061EDC7663BCEAFFAC1E9DD4A468793023349E0389C2B85672942F1FDA982426164F6F772539CAC70505902C08CBFA3FB3517FCCD2B58197CB717B3AC10848037A888A99E1CA40D842783BB257F0ABAB290B51428CEA5AC65C09E732368D45A19A2E3BCEAB2338AAA0F2A6603A082206F8307A0780DA1376498FD655BDE1591E4DA0E453E079953F5695392C8444B0EA261324F58BF5F9FE2A799F43971685B1BF04D0A615CAB8AA2A5C58547138935DD13A101C194F4C16C6A1FC0FEF27560E014AE878149C2C48CCA10B7B58868B6D791024C150E7DEE30F07A1CD50AE83D7F0A026BAF3C3B8CB7F30455AF78942B6D6D457A948117E983DFE20CC932710363AC5C1B62F276E048CDB4BE31843F9C1C4A230A6818E3EA5D6E4CCC4BB8C3389DE894ADF102D832891D7E899F271E8B865D952A9B518C9DD8EAF2CBAEC296D3623FC76D1DD0C967E8B57AFC3E2DECE87475D9421EFC3A23B7B3572BACC426C48BC656DB849AB659F7838D163AB5659CCF6EF26BC2C19B105CBDB9C1E08AB2EA952763AB2CF09158EB04DA859F38CD81283D2672C01A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-05-07 13:37:56
ComboFix-quarantined-files.txt 2010-05-07 11:37
Před spuštěním: 7 808 929 792
Po spuštění: 7 750 381 568
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D82171F65D0576E1225997A74943CF4B
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka 6.5.2010
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. Cf se spustí a vykoná příkazy ze skriptu.Collect::
C:\DOCUME~1\David\LOCALS~1\Temp\15765656.dll
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Configuring"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka 6.5.2010
Provedeno, soubor CFScript.txt zmizel z plochy ale v logu nevidim ze by se neco smazalo..
ComboFix 10-05-06.04 - David 08.05.2010 10:28:17.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.506 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.
2010-05-06 15:39 . 2010-05-06 15:39 1370 ----a-w- C:\cc_20100506_173919.reg
2010-05-06 15:26 . 1998-07-30 10:47 363892 ----a-w- c:\windows\ISUN16.EXE
2010-05-06 15:26 . 1995-07-13 15:43 26768 ----a-w- c:\windows\system\CTL3D.DLL
2010-05-03 17:50 . 2010-05-06 15:39 -------- d-----w- c:\program files\GameOS
2010-04-30 13:10 . 2010-04-30 13:10 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-28 16:40 . 2010-04-28 16:51 -------- d-----w- c:\program files\PC Updater
2010-04-27 20:41 . 2010-04-27 20:41 -------- d-----w- C:\softpaq
2010-04-21 19:56 . 2010-04-21 19:56 -------- d-----w- C:\SWSetup
2010-04-21 19:54 . 2003-06-03 09:07 311296 ----a-r- c:\windows\system32\VTovrlay.dll
2010-04-21 19:54 . 2003-06-02 18:15 229376 ----a-r- c:\windows\system32\VTInfo2.dll
2010-04-21 19:54 . 2003-05-07 08:32 36864 ----a-r- c:\windows\system32\VTTimer.exe
2010-04-21 19:54 . 2003-06-03 08:53 303104 ----a-r- c:\windows\system32\VTGamma2.dll
2010-04-21 19:54 . 2003-06-02 18:41 397312 ----a-r- c:\windows\system32\VTDisply.dll
2010-04-21 19:54 . 2004-01-27 14:02 2311624 ----a-r- c:\windows\system32\vticd.dll
2010-04-21 19:54 . 2003-06-07 08:43 258944 ----a-r- c:\windows\system32\drivers\vtmini.sys
2010-04-21 19:54 . 2003-06-07 08:43 1517440 ----a-r- c:\windows\system32\vtdisp.dll
2010-04-21 19:24 . 2010-04-21 19:24 -------- d-----w- C:\Drivers
2010-04-20 19:06 . 2010-04-20 19:06 -------- d-----w- c:\documents and settings\Mamka\WINDOWS
2010-04-19 14:11 . 2010-04-19 14:11 3310 ----a-w- C:\cc_20100419_161100.reg
2010-04-13 12:12 . 2010-04-13 12:12 -------- d-----w- C:\rsit
2010-04-12 21:29 . 2010-04-12 21:29 -------- d-----w- c:\program files\FileHippo.com
2010-04-12 21:29 . 2010-04-12 21:29 6702 ----a-w- C:\cc_20100412_232901.reg
2010-04-12 17:30 . 2003-05-12 14:55 978944 ----a-w- c:\windows\SynthCoreA.Dll
2010-04-12 17:30 . 2002-08-30 11:59 380928 ----a-w- c:\windows\SynCor.exe
2010-04-12 17:30 . 2001-09-11 16:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-04-12 17:30 . 2001-09-11 14:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-04-12 17:30 . 2010-04-12 17:30 -------- d-----w- c:\windows\VirtualEar
2010-04-12 17:30 . 2003-06-16 06:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-04-12 17:30 . 2002-11-06 20:23 49152 ----a-w- c:\windows\system32\S11thk32.dll
2010-04-12 17:30 . 2002-11-06 18:00 40820 ----a-w- c:\windows\system32\Syncor11.dll
2010-04-12 17:30 . 2002-07-24 13:06 45056 ----a-w- c:\windows\system32\SynthCore11Resources.dll
2010-04-12 17:30 . 2002-04-17 14:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-04-12 17:30 . 2001-09-19 12:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-04-12 17:30 . 2001-09-19 12:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-04-12 16:56 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 16:56 . 2010-04-12 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 16:56 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 14:19 . 2010-04-11 14:19 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-04-11 14:01 . 2010-04-11 14:01 -------- d-----w- c:\program files\XPC Tools
2010-04-11 13:52 . 2010-04-11 14:00 -------- d-----w- c:\program files\Carambis
2010-04-10 17:37 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-04-10 17:35 . 2010-04-10 17:35 -------- d-----w- c:\windows\Logs
2010-04-10 15:51 . 2003-07-15 14:00 578368 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-04-10 15:51 . 2003-04-08 09:30 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-04-10 15:51 . 2002-04-01 12:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-04-10 15:48 . 2002-12-27 02:41 26880 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-04-10 15:38 . 2010-04-10 15:38 -------- d-----w- c:\program files\IObit
2010-04-10 15:38 . 2010-04-10 16:07 -------- d-----w- c:\program files\GameGain
2010-04-10 13:32 . 2010-04-10 14:07 -------- d-----w- c:\program files\Auslogics
2010-04-09 21:26 . 2010-04-10 14:15 -------- d-----w- c:\windows\system32\oodag
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\program files\Defraggler
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 15:11 . 2006-04-25 14:41 2512 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 11:45 . 2009-03-28 16:49 -------- d-----w- c:\program files\Trend Micro
2010-04-27 20:41 . 2006-04-26 11:38 -------- d-----w- c:\program files\VIA
2010-04-27 20:34 . 2005-11-04 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 22:03 . 2007-09-04 16:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-12 21:26 . 2007-03-09 13:49 -------- d-----w- c:\program files\CCleaner
2010-04-09 21:11 . 2007-10-11 05:04 -------- d-----w- c:\program files\OO Software
2010-04-06 12:29 . 2008-08-26 21:43 -------- d-----w- c:\program files\DAP
2010-04-05 19:07 . 2010-04-05 19:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-04-05 07:19 . 2008-06-26 13:21 -------- d-----w- c:\program files\Opera
2010-04-01 12:00 . 2010-04-01 12:00 103590 ----a-w- C:\cc_20100401_140019.reg
2010-03-30 14:35 . 2007-11-28 16:49 -------- d-----w- c:\program files\BSplayer
2010-03-28 19:37 . 2007-03-12 12:15 240856 -c--a-w- c:\windows\War3Unin.dat
2010-03-28 06:54 . 2001-10-25 14:00 392918 -c--a-w- c:\windows\system32\perfh005.dat
2010-03-28 06:54 . 2001-10-25 14:00 69926 -c--a-w- c:\windows\system32\perfc005.dat
2010-03-27 21:17 . 2006-04-14 09:32 -------- d-----w- c:\program files\DivX
2010-03-27 21:15 . 2010-01-21 15:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-26 16:10 . 2007-11-08 15:22 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-03-21 14:22 . 2002-03-25 20:02 12400 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-21 14:13 . 2006-02-18 18:14 1048 -c--a-w- c:\windows\eReg.dat
2010-03-21 13:35 . 2010-03-21 13:35 -------- d-----w- c:\program files\UBISOFT
2010-03-13 08:54 . 2010-03-13 08:54 -------- d-----w- c:\program files\GIMP-2.0
2010-03-11 22:36 . 2010-03-11 22:36 -------- d-----w- c:\program files\VoipBuster.com
2010-03-11 17:11 . 2010-03-11 17:10 -------- d-----w- c:\program files\VDownloader 1.13
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-23 18:29 . 2010-02-23 18:30 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2006-12-15 14:51 . 2006-11-11 20:46 2313 -c--a-w- c:\program files\SimFero.lnk
2006-12-02 17:31 . 2005-11-30 13:57 803 -c--a-w- c:\program files\Windows Media Player.lnk
2006-11-03 21:22 . 2006-11-03 21:22 502 -c--a-w- c:\program files\fgbe.lnk
2006-09-27 19:36 . 2006-09-27 19:36 661 -c--a-w- c:\program files\guide.lnk
2006-09-12 12:50 . 2006-09-12 12:50 704 -c--a-w- c:\program files\project dogwaffle.LNK
2005-11-30 13:58 . 2005-11-30 13:58 738 -c--a-w- c:\program files\Outlook Express.lnk
2005-11-30 13:58 . 2005-11-30 13:58 767 -c--a-w- c:\program files\Internet Explorer.lnk
2005-11-04 08:28 . 2005-11-30 13:57 1599 -c--a-w- c:\program files\Vzdálená pomoc.lnk
2004-10-01 14:00 . 2007-02-16 14:27 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2010-04-05 18:58 . 2008-08-26 21:44 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2005-06-22 06:37 . 2006-05-24 18:37 45568 -csha-r- c:\windows\system32\cygz.dll
.
------- Sigcheck -------
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberLat Ram Cleaner"="c:\program files\CyberLat\CyberLat RAM Cleaner 2" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CORSAIR_PLUtil"="c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2004-11-11 90112]
"PLFFAP"="c:\windows\System32\HotfixQ0306270.exe" [2003-08-05 45056]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-07-11 53248]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"VTTimer"="VTTimer.exe" [2003-05-07 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VideoAcceleratorService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Hry\\AoE 2\\empires2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downlaoder
"6999:TCP"= 6999:TCP:Blizzard Downlaoder
R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [25.12.2005 10:55 7424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [30.3.2007 18:22 120320]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2006 16:47 721904]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [30.4.2010 15:10 23456]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-05-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Baixar com o Rapidown...
IE: Baixar tudo com o Rapidown...
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout vše pomocí &Net Transportu
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{1537E842-0000-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0001-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0000-11D2-8059-111111111111} - {1537E842-0E00-11D2-8059-000000000000} -
IE: {{1537E842-0001-11D2-8059-111111111111} - {1537E842-0E01-11D2-8059-000000000000} -
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\op7kl1m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\documents and settings\David\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 10:33
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.08]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,5e,37,e9,b1,93,32,dd,b7,0d,04,a9,3a,86,99,67,1f,f1,7a,93,55,
10,92,7e,20,7a,4b,a2,e9,26,6e,2b,67,e1,c8,82,93,d5,db,c6,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c31aa4b0-6446-4be7-be71-1f3308a8fbf5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:00000015
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BE16BA102A964DFC63262C5C3D63818195EB84B8E3FDC447CB9DB4085236E2A73BD456C440D986728CD4DC6C385D34F6B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DB2C58FF460DDC7389774F7B80F090F290A866103DE5058A188983101AC5D64A4BD146CD197E06F1641679EC9AF0FBD8731451A47EEA4029791F7749D890A896184C2E908087240FACC5501B03523FB81A1CE82495933233B5751432E446C96424D1F3CA0B2337A463A54F40AEE003FD8BA2537D4D7ED844EB32E1E50A4D1CAA892DE682B8964F39A436224751D8011110EABA83A986986553BFCDA2665A6793C0197C73A75EF92DF51DF109673278DF166AC1A50BEE01A9AAE12A154B47F0965794488645262D340819009159C98E688BDD523EC5FB0C52B09A06E85B693F5D313462D43F06948ABA71D379CB49CE223C3B930EE04DC23D675C413E7023CCE7916608A77945B14D44A11935CCDA1D9D75B4B00362C0962B3D4FD352B2179378B8039CAA274AE6E33A45EEF09EBB7B9FD9C6627A6C881C39A3CAC4B8693EDE605035CEAEABD7EA582A2586CD9089383B153C58DA9BFB29F29F3982433CC60272305B93DFB118C18C06A39010A8F0FCBD37E8DEDACEAAE5EBF77EBDF6E33BB59699E24E70582BBBAB1CF9A78D8E3263C87D1C1D99E1AABFE0479B3727A238EEF9C1ED4E4369794155C5EFD710B59FA13B4344B33758D0213DFDC64A59CE98CF2C7836481C7CE42450C5448DEE73A50A009C2F8B2297C32C27FB953169ECA0CFCB90653DE741715F94FA3C206BA41904AF3CCFAE3B6105D46545D3B344EFC09BC038F06737BD580F8F9749704D321490AA9D367271F6648EC13493AC57DACA077793B42891E601D98A3A0D846060029EB2191B72F66915D19B5B052E181779602395CB53E240526C52635F910A97308929870C8849418AAC0F7FCEAF63470D2492079EC04D604FC02217754F79A0C5B328E8FDB033973E1EDDCC94DC4729FDE4BCE49DD2086102360F7DBA268B7494314C844175AE091D9402868A8601F7F691DAC3B5EAB85D1C20AD20D87A1651FFD964D94848EA2550BE7E35C8FB19EFEC6646470A9152964263A9A6A86348A78F22AE8BC8FF6171415ACDC5F78775B80ECDC623FE09ECDD93E4280868788123229D32E2B8ABE5B97B767245DBCC044DC7756D8AF065DD0349D8477A657D76E9BCEADEC84AB668E1F5B888F761C73485E2334BF00013B95EB7EFB35C526B3117BB3E4C1A00BC1555B0890B68037C75FC255EC50229CF6026DBAB2359388FBF10A4DB906892779D9F26B17788217CA81BE948B883A09A08119524AB771F6690DF434835A0060084800D84574B923DB2DF70C31"
"OODEFRAG11.00.00.01WORKSTATION"="0F5104407FD6006B46215D5ABB0D0FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D14079DB7CE019D40AA5C03AB4B4130C1AA2C72803D09C40526A434009BCB6B0DAEE325F8C2A455D625DB3069946B00C732FA5C3CAD92B140230838A2740844B2A1920AF468B442CE2BEED32155F555BBE7472A31C2417E634EB8595C41BFA74A0783D62A020C7B7F3B4408A43CF6958F9BC9D399EEDA7E1846F00CEE5B07F3D7F68F1F0569B20BE381761BA74C049A59AB0004927828F52C44AC7980EE78FB039C5528D35431729CC0E390435CB8B0CF0FA71B1DFCF42093122E7C9CFC310816B73869CB4718236ECB321DF2163618D1CDC52C1FEB122CE08CF9A6B1DAD3D17E1A5D13031BF9083F8BC5AD18F91F08DF0724FDE1895539CF2759BB90B00588D1AD2E84757E6CFC9C7B4C5EF6D89BA79D6A4C0D936B165F3F68D8B5EF7A6F5045EA5A550173894F352CB18337DA571454BD8F09C380B029AFE9CBBF6C0A40BDB3E253CD6B4FF2C5DD41AC23E579015FF15A03D4E8850712C55AC3BA8184A85F9B37CEEA5A3BC7188E74B2F773064D0D072E7E085D90FC8E4EFA9D3C1462DE31A12147DE5AB631EF6111FDEFB320F398C7B81DEE5D887C83B523738B68701C280C6BFB105A12D7701977102D5FC0AF6C8D90BE8889286FCB0D3D29A42A4F9EA9C474EC962E73EC2B979CA9079232406B55600908698149B40C47E13A68F22713DC3062C10CD421AA6508D3084E936A6940E1E35565767D000CD3862F92257C3084A565111004AAE82ED5D7EE77D675AF93697A8C493F84E40A87461C0382E6C6936FC3BAB9A1C6D542B7472DD4422CFB365B3E7B49685B8BA89E114E71FBB50D853F9028EC25315615EFF26A93F1DE7EB630E1A6F8518315AE671CC47D56B92D79552278EF572EC2BE58F2014554E05DC6F55EC652AC008F04C160B6A8294847310B91FA6FD604667BDCA27EDB2C8AAFB8CDF04533835904B7271B0AD9E3BBEE15CABDB57A157E822B7CA12732903704086D9744DBB11F6BFA204E5C5B44F0A82E94C7E382D76AC8D0CDD17083EA465BD01E17937366DDB3A5CA3E7EDB60CAF12D7A9770E1B79AE294F65B046FFB9BAA52BB783F81262E3F2FD9F3F36EA12EB96425D57FD2A3E6ED4435A8C27CD49E5A73B987FEF34825E33714BCF687C404E0CACE7164F3DDA9F6CC5969BC915D3BC7BC9B54441D77E26BFDD2AA7203D83A4079479C2AC87B4184444790B97BCE6044DA7BB2B131B485156B8511071F4443A23271CC8D3A65100E62F555B3E93A03949E853B1FCAD3B11188AC8B0B7DBF154756443D0192DBFC7E01F3B35A72809971FCFC4A19657C918602DF740526572860ECCCEA2902EDF237A2DFE80F"
"OODEFRAG12.00.00.01PROFESSIONAL"="A3ACB9793A2C6163653A8CBE0AAC01BD56E9703B0E5663E5AE43FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA2D97226D213B555A2D97226D213B5550577F9987666221BEDACBA16FE6F10C36F4E2DF906CB3A6A629BA2876F9CB6DD44FEC0AA89E4C473BB70D5D35494B9DD37234FB3EE5AEFC1978432B68252D3A5E713AE65C5F8772F2978397E917AB92EADFB40EF86C27AF881C4621BB4EE65196AE8436AEB7F46C7684D66B18261EDBCDAD8A1E73DC9A9C6256F16A9455DCC396749C20A22A5C22CCF0F233ED25DB704704B5A8AEC08CF51A72CF40D535A6B7A211136CE716F00BC5AEE77A896D7FCF2BF7C13F8506C43B5D738E92563F9A947FB326973C7B618D02333302AC38EA7EC3FA7BB8686B85E0423E324035CA2F3FB80B1EBE67625A6B2EEB6E02EB590A5478B1B06BF928201BF9F1296ED0D1039E8DAA992CC32BB4D1E22E6DBD5A9C3675062B96760DCB30DE0833DF85F254F6DD3DDC6F4FB154E31C746C7BCF5C2E0E2C3277C9ADAAF8969D42CEF4687B84588F5FD49EF029B84F8548A6DDD96867493D6DFEC1DD2BA168078984B3DC7BF2705FBD288A31CA8D9535F4003637460DF74AF38AC3225123FC124EC83E1B79800E2069BEBF240801DEEF4DCC7B0009E5689E9FE6C5E5C2C3F1E9CF0E07A20802EA6AB36F108934CF38297FA0C6E5EF1E1D61328746DBB65230D1F10BF12811E66D7F2292BCCF29A56C43DD7B88B6673DEE5AF489F6C377DCC0A5B5B8F780DF9AC81DA1DBCF26D5C0D73D0D54538261CFE45379BDEAE7995F193F585D4C0A9FEDEB3536061EDC7663BCEAFFAC1E9DD4A468793023349E0389C2B85672942F1FDA982426164F6F772539CAC70505902C08CBFA3FB3517FCCD2B58197CB717B3AC10848037A888A99E1CA40D842783BB257F0ABAB290B51428CEA5AC65C09E732368D45A19A2E3BCEAB2338AAA0F2A6603A082206F8307A0780DA1376498FD655BDE1591E4DA0E453E079953F5695392C8444B0EA261324F58BF5F9FE2A799F43971685B1BF04D0A615CAB8AA2A5C58547138935DD13A101C194F4C16C6A1FC0FEF27560E014AE878149C2C48CCA10B7B58868B6D791024C150E7DEE30F07A1CD50AE83D7F0A026BAF3C3B8CB7F30455AF78942B6D6D457A948117E983DFE20CC932710363AC5C1B62F276E048CDB4BE31843F9C1C4A230A6818E3EA5D6E4CCC4BB8C3389DE894ADF102D832891D7E899F271E8B865D952A9B518C9DD8EAF2CBAEC296D3623FC76D1DD0C967E8B57AFC3E2DECE87475D9421EFC3A23B7B3572BACC426C48BC656DB849AB659F7838D163AB5659CCF6EF26BC2C19B105CBDB9C1E08AB2EA952763AB2CF09158EB04DA859F38CD81283D2672C01A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-05-08 10:36:42
ComboFix-quarantined-files.txt 2010-05-08 08:36
ComboFix2.txt 2010-05-07 11:37
Před spuštěním: 7 341 527 040
Po spuštění: 7 282 196 480
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 748DF154CB0EB3F03D97962783CE300F
ComboFix 10-05-06.04 - David 08.05.2010 10:28:17.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.735.506 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.
2010-05-06 15:39 . 2010-05-06 15:39 1370 ----a-w- C:\cc_20100506_173919.reg
2010-05-06 15:26 . 1998-07-30 10:47 363892 ----a-w- c:\windows\ISUN16.EXE
2010-05-06 15:26 . 1995-07-13 15:43 26768 ----a-w- c:\windows\system\CTL3D.DLL
2010-05-03 17:50 . 2010-05-06 15:39 -------- d-----w- c:\program files\GameOS
2010-04-30 13:10 . 2010-04-30 13:10 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-28 16:40 . 2010-04-28 16:51 -------- d-----w- c:\program files\PC Updater
2010-04-27 20:41 . 2010-04-27 20:41 -------- d-----w- C:\softpaq
2010-04-21 19:56 . 2010-04-21 19:56 -------- d-----w- C:\SWSetup
2010-04-21 19:54 . 2003-06-03 09:07 311296 ----a-r- c:\windows\system32\VTovrlay.dll
2010-04-21 19:54 . 2003-06-02 18:15 229376 ----a-r- c:\windows\system32\VTInfo2.dll
2010-04-21 19:54 . 2003-05-07 08:32 36864 ----a-r- c:\windows\system32\VTTimer.exe
2010-04-21 19:54 . 2003-06-03 08:53 303104 ----a-r- c:\windows\system32\VTGamma2.dll
2010-04-21 19:54 . 2003-06-02 18:41 397312 ----a-r- c:\windows\system32\VTDisply.dll
2010-04-21 19:54 . 2004-01-27 14:02 2311624 ----a-r- c:\windows\system32\vticd.dll
2010-04-21 19:54 . 2003-06-07 08:43 258944 ----a-r- c:\windows\system32\drivers\vtmini.sys
2010-04-21 19:54 . 2003-06-07 08:43 1517440 ----a-r- c:\windows\system32\vtdisp.dll
2010-04-21 19:24 . 2010-04-21 19:24 -------- d-----w- C:\Drivers
2010-04-20 19:06 . 2010-04-20 19:06 -------- d-----w- c:\documents and settings\Mamka\WINDOWS
2010-04-19 14:11 . 2010-04-19 14:11 3310 ----a-w- C:\cc_20100419_161100.reg
2010-04-13 12:12 . 2010-04-13 12:12 -------- d-----w- C:\rsit
2010-04-12 21:29 . 2010-04-12 21:29 -------- d-----w- c:\program files\FileHippo.com
2010-04-12 21:29 . 2010-04-12 21:29 6702 ----a-w- C:\cc_20100412_232901.reg
2010-04-12 17:30 . 2003-05-12 14:55 978944 ----a-w- c:\windows\SynthCoreA.Dll
2010-04-12 17:30 . 2002-08-30 11:59 380928 ----a-w- c:\windows\SynCor.exe
2010-04-12 17:30 . 2001-09-11 16:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-04-12 17:30 . 2001-09-11 14:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-04-12 17:30 . 2010-04-12 17:30 -------- d-----w- c:\windows\VirtualEar
2010-04-12 17:30 . 2003-06-16 06:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-04-12 17:30 . 2002-11-06 20:23 49152 ----a-w- c:\windows\system32\S11thk32.dll
2010-04-12 17:30 . 2002-11-06 18:00 40820 ----a-w- c:\windows\system32\Syncor11.dll
2010-04-12 17:30 . 2002-07-24 13:06 45056 ----a-w- c:\windows\system32\SynthCore11Resources.dll
2010-04-12 17:30 . 2002-04-17 14:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-04-12 17:30 . 2001-09-19 12:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2010-04-12 17:30 . 2001-09-19 12:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2010-04-12 16:56 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 16:56 . 2010-04-12 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 16:56 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 14:19 . 2010-04-11 14:19 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-04-11 14:01 . 2010-04-11 14:01 -------- d-----w- c:\program files\XPC Tools
2010-04-11 13:52 . 2010-04-11 14:00 -------- d-----w- c:\program files\Carambis
2010-04-10 17:37 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-04-10 17:35 . 2010-04-10 17:35 -------- d-----w- c:\windows\Logs
2010-04-10 15:51 . 2003-07-15 14:00 578368 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-04-10 15:51 . 2003-04-08 09:30 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-04-10 15:51 . 2002-04-01 12:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-04-10 15:48 . 2002-12-27 02:41 26880 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-04-10 15:38 . 2010-04-10 15:38 -------- d-----w- c:\program files\IObit
2010-04-10 15:38 . 2010-04-10 16:07 -------- d-----w- c:\program files\GameGain
2010-04-10 13:32 . 2010-04-10 14:07 -------- d-----w- c:\program files\Auslogics
2010-04-09 21:26 . 2010-04-10 14:15 -------- d-----w- c:\windows\system32\oodag
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\program files\Defraggler
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 15:11 . 2006-04-25 14:41 2512 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 11:45 . 2009-03-28 16:49 -------- d-----w- c:\program files\Trend Micro
2010-04-27 20:41 . 2006-04-26 11:38 -------- d-----w- c:\program files\VIA
2010-04-27 20:34 . 2005-11-04 08:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 22:03 . 2007-09-04 16:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-12 21:26 . 2007-03-09 13:49 -------- d-----w- c:\program files\CCleaner
2010-04-09 21:11 . 2007-10-11 05:04 -------- d-----w- c:\program files\OO Software
2010-04-06 12:29 . 2008-08-26 21:43 -------- d-----w- c:\program files\DAP
2010-04-05 19:07 . 2010-04-05 19:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-04-05 07:19 . 2008-06-26 13:21 -------- d-----w- c:\program files\Opera
2010-04-01 12:00 . 2010-04-01 12:00 103590 ----a-w- C:\cc_20100401_140019.reg
2010-03-30 14:35 . 2007-11-28 16:49 -------- d-----w- c:\program files\BSplayer
2010-03-28 19:37 . 2007-03-12 12:15 240856 -c--a-w- c:\windows\War3Unin.dat
2010-03-28 06:54 . 2001-10-25 14:00 392918 -c--a-w- c:\windows\system32\perfh005.dat
2010-03-28 06:54 . 2001-10-25 14:00 69926 -c--a-w- c:\windows\system32\perfc005.dat
2010-03-27 21:17 . 2006-04-14 09:32 -------- d-----w- c:\program files\DivX
2010-03-27 21:15 . 2010-01-21 15:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-26 16:10 . 2007-11-08 15:22 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-03-21 14:22 . 2002-03-25 20:02 12400 -c--a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-21 14:13 . 2006-02-18 18:14 1048 -c--a-w- c:\windows\eReg.dat
2010-03-21 13:35 . 2010-03-21 13:35 -------- d-----w- c:\program files\UBISOFT
2010-03-13 08:54 . 2010-03-13 08:54 -------- d-----w- c:\program files\GIMP-2.0
2010-03-11 22:36 . 2010-03-11 22:36 -------- d-----w- c:\program files\VoipBuster.com
2010-03-11 17:11 . 2010-03-11 17:10 -------- d-----w- c:\program files\VDownloader 1.13
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-23 18:29 . 2010-02-23 18:30 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2006-12-15 14:51 . 2006-11-11 20:46 2313 -c--a-w- c:\program files\SimFero.lnk
2006-12-02 17:31 . 2005-11-30 13:57 803 -c--a-w- c:\program files\Windows Media Player.lnk
2006-11-03 21:22 . 2006-11-03 21:22 502 -c--a-w- c:\program files\fgbe.lnk
2006-09-27 19:36 . 2006-09-27 19:36 661 -c--a-w- c:\program files\guide.lnk
2006-09-12 12:50 . 2006-09-12 12:50 704 -c--a-w- c:\program files\project dogwaffle.LNK
2005-11-30 13:58 . 2005-11-30 13:58 738 -c--a-w- c:\program files\Outlook Express.lnk
2005-11-30 13:58 . 2005-11-30 13:58 767 -c--a-w- c:\program files\Internet Explorer.lnk
2005-11-04 08:28 . 2005-11-30 13:57 1599 -c--a-w- c:\program files\Vzdálená pomoc.lnk
2004-10-01 14:00 . 2007-02-16 14:27 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2010-04-05 18:58 . 2008-08-26 21:44 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2005-06-22 06:37 . 2006-05-24 18:37 45568 -csha-r- c:\windows\system32\cygz.dll
.
------- Sigcheck -------
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberLat Ram Cleaner"="c:\program files\CyberLat\CyberLat RAM Cleaner 2" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CORSAIR_PLUtil"="c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2004-11-11 90112]
"PLFFAP"="c:\windows\System32\HotfixQ0306270.exe" [2003-08-05 45056]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-07-11 53248]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"VTTimer"="VTTimer.exe" [2003-05-07 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VideoAcceleratorService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Hry\\AoE 2\\empires2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downlaoder
"6999:TCP"= 6999:TCP:Blizzard Downlaoder
R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [25.12.2005 10:55 7424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [30.3.2007 18:22 120320]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2006 16:47 721904]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [30.4.2010 15:10 23456]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-05-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Baixar com o Rapidown...
IE: Baixar tudo com o Rapidown...
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout pomocí Net Transportu
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout Star Downloaderem
IE: Stáhnout vše pomocí &Net Transportu
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{1537E842-0000-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0001-11D2-8059-111111111111}\Lang0409
IE: {{1537E842-0000-11D2-8059-111111111111} - {1537E842-0E00-11D2-8059-000000000000} -
IE: {{1537E842-0001-11D2-8059-111111111111} - {1537E842-0E01-11D2-8059-000000000000} -
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\op7kl1m3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - component: c:\documents and settings\David\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 10:33
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.20.08]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,5e,37,e9,b1,93,32,dd,b7,0d,04,a9,3a,86,99,67,1f,f1,7a,93,55,
10,92,7e,20,7a,4b,a2,e9,26,6e,2b,67,e1,c8,82,93,d5,db,c6,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c31aa4b0-6446-4be7-be71-1f3308a8fbf5}]
@Denied: (Full) (Everyone)
"Model"=dword:00000061
"Therad"=dword:00000015
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="BE16BA102A964DFC63262C5C3D63818195EB84B8E3FDC447CB9DB4085236E2A73BD456C440D986728CD4DC6C385D34F6B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DB2C58FF460DDC7389774F7B80F090F290A866103DE5058A188983101AC5D64A4BD146CD197E06F1641679EC9AF0FBD8731451A47EEA4029791F7749D890A896184C2E908087240FACC5501B03523FB81A1CE82495933233B5751432E446C96424D1F3CA0B2337A463A54F40AEE003FD8BA2537D4D7ED844EB32E1E50A4D1CAA892DE682B8964F39A436224751D8011110EABA83A986986553BFCDA2665A6793C0197C73A75EF92DF51DF109673278DF166AC1A50BEE01A9AAE12A154B47F0965794488645262D340819009159C98E688BDD523EC5FB0C52B09A06E85B693F5D313462D43F06948ABA71D379CB49CE223C3B930EE04DC23D675C413E7023CCE7916608A77945B14D44A11935CCDA1D9D75B4B00362C0962B3D4FD352B2179378B8039CAA274AE6E33A45EEF09EBB7B9FD9C6627A6C881C39A3CAC4B8693EDE605035CEAEABD7EA582A2586CD9089383B153C58DA9BFB29F29F3982433CC60272305B93DFB118C18C06A39010A8F0FCBD37E8DEDACEAAE5EBF77EBDF6E33BB59699E24E70582BBBAB1CF9A78D8E3263C87D1C1D99E1AABFE0479B3727A238EEF9C1ED4E4369794155C5EFD710B59FA13B4344B33758D0213DFDC64A59CE98CF2C7836481C7CE42450C5448DEE73A50A009C2F8B2297C32C27FB953169ECA0CFCB90653DE741715F94FA3C206BA41904AF3CCFAE3B6105D46545D3B344EFC09BC038F06737BD580F8F9749704D321490AA9D367271F6648EC13493AC57DACA077793B42891E601D98A3A0D846060029EB2191B72F66915D19B5B052E181779602395CB53E240526C52635F910A97308929870C8849418AAC0F7FCEAF63470D2492079EC04D604FC02217754F79A0C5B328E8FDB033973E1EDDCC94DC4729FDE4BCE49DD2086102360F7DBA268B7494314C844175AE091D9402868A8601F7F691DAC3B5EAB85D1C20AD20D87A1651FFD964D94848EA2550BE7E35C8FB19EFEC6646470A9152964263A9A6A86348A78F22AE8BC8FF6171415ACDC5F78775B80ECDC623FE09ECDD93E4280868788123229D32E2B8ABE5B97B767245DBCC044DC7756D8AF065DD0349D8477A657D76E9BCEADEC84AB668E1F5B888F761C73485E2334BF00013B95EB7EFB35C526B3117BB3E4C1A00BC1555B0890B68037C75FC255EC50229CF6026DBAB2359388FBF10A4DB906892779D9F26B17788217CA81BE948B883A09A08119524AB771F6690DF434835A0060084800D84574B923DB2DF70C31"
"OODEFRAG11.00.00.01WORKSTATION"="0F5104407FD6006B46215D5ABB0D0FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D14079DB7CE019D40AA5C03AB4B4130C1AA2C72803D09C40526A434009BCB6B0DAEE325F8C2A455D625DB3069946B00C732FA5C3CAD92B140230838A2740844B2A1920AF468B442CE2BEED32155F555BBE7472A31C2417E634EB8595C41BFA74A0783D62A020C7B7F3B4408A43CF6958F9BC9D399EEDA7E1846F00CEE5B07F3D7F68F1F0569B20BE381761BA74C049A59AB0004927828F52C44AC7980EE78FB039C5528D35431729CC0E390435CB8B0CF0FA71B1DFCF42093122E7C9CFC310816B73869CB4718236ECB321DF2163618D1CDC52C1FEB122CE08CF9A6B1DAD3D17E1A5D13031BF9083F8BC5AD18F91F08DF0724FDE1895539CF2759BB90B00588D1AD2E84757E6CFC9C7B4C5EF6D89BA79D6A4C0D936B165F3F68D8B5EF7A6F5045EA5A550173894F352CB18337DA571454BD8F09C380B029AFE9CBBF6C0A40BDB3E253CD6B4FF2C5DD41AC23E579015FF15A03D4E8850712C55AC3BA8184A85F9B37CEEA5A3BC7188E74B2F773064D0D072E7E085D90FC8E4EFA9D3C1462DE31A12147DE5AB631EF6111FDEFB320F398C7B81DEE5D887C83B523738B68701C280C6BFB105A12D7701977102D5FC0AF6C8D90BE8889286FCB0D3D29A42A4F9EA9C474EC962E73EC2B979CA9079232406B55600908698149B40C47E13A68F22713DC3062C10CD421AA6508D3084E936A6940E1E35565767D000CD3862F92257C3084A565111004AAE82ED5D7EE77D675AF93697A8C493F84E40A87461C0382E6C6936FC3BAB9A1C6D542B7472DD4422CFB365B3E7B49685B8BA89E114E71FBB50D853F9028EC25315615EFF26A93F1DE7EB630E1A6F8518315AE671CC47D56B92D79552278EF572EC2BE58F2014554E05DC6F55EC652AC008F04C160B6A8294847310B91FA6FD604667BDCA27EDB2C8AAFB8CDF04533835904B7271B0AD9E3BBEE15CABDB57A157E822B7CA12732903704086D9744DBB11F6BFA204E5C5B44F0A82E94C7E382D76AC8D0CDD17083EA465BD01E17937366DDB3A5CA3E7EDB60CAF12D7A9770E1B79AE294F65B046FFB9BAA52BB783F81262E3F2FD9F3F36EA12EB96425D57FD2A3E6ED4435A8C27CD49E5A73B987FEF34825E33714BCF687C404E0CACE7164F3DDA9F6CC5969BC915D3BC7BC9B54441D77E26BFDD2AA7203D83A4079479C2AC87B4184444790B97BCE6044DA7BB2B131B485156B8511071F4443A23271CC8D3A65100E62F555B3E93A03949E853B1FCAD3B11188AC8B0B7DBF154756443D0192DBFC7E01F3B35A72809971FCFC4A19657C918602DF740526572860ECCCEA2902EDF237A2DFE80F"
"OODEFRAG12.00.00.01PROFESSIONAL"="A3ACB9793A2C6163653A8CBE0AAC01BD56E9703B0E5663E5AE43FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA2D97226D213B555A2D97226D213B5550577F9987666221BEDACBA16FE6F10C36F4E2DF906CB3A6A629BA2876F9CB6DD44FEC0AA89E4C473BB70D5D35494B9DD37234FB3EE5AEFC1978432B68252D3A5E713AE65C5F8772F2978397E917AB92EADFB40EF86C27AF881C4621BB4EE65196AE8436AEB7F46C7684D66B18261EDBCDAD8A1E73DC9A9C6256F16A9455DCC396749C20A22A5C22CCF0F233ED25DB704704B5A8AEC08CF51A72CF40D535A6B7A211136CE716F00BC5AEE77A896D7FCF2BF7C13F8506C43B5D738E92563F9A947FB326973C7B618D02333302AC38EA7EC3FA7BB8686B85E0423E324035CA2F3FB80B1EBE67625A6B2EEB6E02EB590A5478B1B06BF928201BF9F1296ED0D1039E8DAA992CC32BB4D1E22E6DBD5A9C3675062B96760DCB30DE0833DF85F254F6DD3DDC6F4FB154E31C746C7BCF5C2E0E2C3277C9ADAAF8969D42CEF4687B84588F5FD49EF029B84F8548A6DDD96867493D6DFEC1DD2BA168078984B3DC7BF2705FBD288A31CA8D9535F4003637460DF74AF38AC3225123FC124EC83E1B79800E2069BEBF240801DEEF4DCC7B0009E5689E9FE6C5E5C2C3F1E9CF0E07A20802EA6AB36F108934CF38297FA0C6E5EF1E1D61328746DBB65230D1F10BF12811E66D7F2292BCCF29A56C43DD7B88B6673DEE5AF489F6C377DCC0A5B5B8F780DF9AC81DA1DBCF26D5C0D73D0D54538261CFE45379BDEAE7995F193F585D4C0A9FEDEB3536061EDC7663BCEAFFAC1E9DD4A468793023349E0389C2B85672942F1FDA982426164F6F772539CAC70505902C08CBFA3FB3517FCCD2B58197CB717B3AC10848037A888A99E1CA40D842783BB257F0ABAB290B51428CEA5AC65C09E732368D45A19A2E3BCEAB2338AAA0F2A6603A082206F8307A0780DA1376498FD655BDE1591E4DA0E453E079953F5695392C8444B0EA261324F58BF5F9FE2A799F43971685B1BF04D0A615CAB8AA2A5C58547138935DD13A101C194F4C16C6A1FC0FEF27560E014AE878149C2C48CCA10B7B58868B6D791024C150E7DEE30F07A1CD50AE83D7F0A026BAF3C3B8CB7F30455AF78942B6D6D457A948117E983DFE20CC932710363AC5C1B62F276E048CDB4BE31843F9C1C4A230A6818E3EA5D6E4CCC4BB8C3389DE894ADF102D832891D7E899F271E8B865D952A9B518C9DD8EAF2CBAEC296D3623FC76D1DD0C967E8B57AFC3E2DECE87475D9421EFC3A23B7B3572BACC426C48BC656DB849AB659F7838D163AB5659CCF6EF26BC2C19B105CBDB9C1E08AB2EA952763AB2CF09158EB04DA859F38CD81283D2672C01A"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
Celkový čas: 2010-05-08 10:36:42
ComboFix-quarantined-files.txt 2010-05-08 08:36
ComboFix2.txt 2010-05-07 11:37
Před spuštěním: 7 341 527 040
Po spuštění: 7 282 196 480
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 748DF154CB0EB3F03D97962783CE300F
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka 6.5.2010
Log vypadá čistý. Šmejd je pryč.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka 6.5.2010
Tak to jsem rad. Jeste jednou dekuji!
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka 6.5.2010
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?