při instalaci programu se mi objevila hláška typu program too big to fit in memory
takže sem začal pátrat a zjistil sem že by mohlo jít o zákeřný vir co přepisuje exe soubory
proto se sem obracím se žádostí o kontrolu
log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:12, on 24.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hoot\bin\HootServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\Documents\Downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 82.208.58.92 l2authd.lineage2.com
O1 - Hosts: 82.208.58.92 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com127.0.0.1 activate.adobe.com
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Start Hoot server.lnk = C:\Program Files\Hoot\bin\HootServer.exe
O4 - Global Startup: Bizz FeedLiner.lnk = C:\Program Files\DSaT\BIZNHL\BIN\biznhl.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b2fb7e56ae80) (gupdate1c9b2fb7e56ae80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 16133 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu podezreni na nebezpecnou havět
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
ComboFix 10-01-23.05 - Ondra 24.01.2010 11:43:34.1.2 - x86
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1362157603-801023130-4281435551-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\users\Ondra\AppData\Roaming\inst.exe
c:\users\Ondra\Documents\cc_20100124_105726.reg
c:\users\Ondra\iepv.exe
c:\users\Ondra\mspass.exe
c:\users\Ondra\PasswordFox.exe
c:\users\Ondra\Update.exe
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\patchw32.dll
c:\windows\system32\Config.ini
c:\windows\system32\ealregsnapshot1.reg
c:\windows\system32\launcher.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 11:02 . 2010-01-24 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-23 23:46 . 2010-01-23 23:46 -------- d-----w- c:\program files\PowerISO
2010-01-23 23:24 . 2010-01-23 23:37 -------- d-----w- c:\program files\Mass Effect 2
2010-01-21 16:50 . 2010-01-23 16:22 -------- d-----w- c:\users\Ondra\AppData\Local\LogMeIn Hamachi
2010-01-21 16:50 . 2010-01-21 16:50 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\DivX
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-13 20:40 . 2010-01-13 20:40 -------- d-----w- c:\program files\BestGameEver
2010-01-13 17:55 . 2010-01-13 17:55 -------- d-----w- c:\program files\Legie
2010-01-13 16:44 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:44 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 12:39 . 2010-01-09 12:39 -------- d-----w- c:\windows\usgwmt
2010-01-03 13:21 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-01-03 13:21 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-01-03 13:21 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-01-03 13:21 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-01-03 13:21 . 2010-01-03 13:21 -------- d-----w- c:\program files\BRS
2010-01-03 13:20 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-03 13:20 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-03 13:20 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-01-03 13:19 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-01-03 13:19 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-03 13:19 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-29 22:07 . 2009-12-29 22:07 -------- d-----w- c:\programdata\Codemasters
2009-12-25 20:57 . 2009-12-25 20:57 -------- d-----w- c:\program files\ModernWarfare2 ScreenSaver v0.2
2009-12-25 14:25 . 2009-12-25 14:26 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:01 . 2009-11-05 19:10 -------- d-----w- c:\program files\Cheat Engine
2010-01-24 10:39 . 2008-07-19 08:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 10:09 . 2008-08-27 21:23 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-01-24 10:00 . 2008-07-19 08:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-24 00:51 . 2009-11-17 21:59 -------- d-----w- c:\program files\Steam
2010-01-24 00:46 . 2008-04-09 11:50 100752 ----a-w- c:\users\Ondra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-24 00:36 . 2008-07-04 13:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\Skype
2010-01-24 00:10 . 2009-04-01 18:55 -------- d-----w- c:\programdata\Google Updater
2010-01-23 23:06 . 2008-07-04 13:20 -------- d-----w- c:\users\Ondra\AppData\Roaming\skypePM
2010-01-23 22:38 . 2009-09-06 16:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\vlc
2010-01-23 13:42 . 2008-03-25 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 13:33 . 2009-10-10 18:38 -------- d-----w- c:\program files\Thief - Deadly Shadows
2010-01-23 13:30 . 2009-01-02 18:24 -------- d-----w- c:\programdata\Media Center Programs
2010-01-23 13:30 . 2008-04-29 15:12 -------- d-----w- c:\program files\Ubisoft
2010-01-23 13:28 . 2008-04-25 16:13 -------- d-----w- c:\program files\Lineage II
2010-01-23 02:29 . 2009-11-17 21:59 -------- d-----w- c:\program files\Common Files\Steam
2010-01-23 02:21 . 2009-11-24 18:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 00:23 . 2010-01-23 00:23 668397 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\HHSDEMON.EXE
2010-01-23 00:23 . 2010-01-23 00:23 647020 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\HHS.DLL
2010-01-23 00:23 . 2010-01-23 00:23 237568 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\SkyCoPilot.exe
2010-01-23 00:23 . 2010-01-23 00:23 222732 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\HHSCLNT.DLL
2010-01-23 00:23 . 2010-01-23 00:23 118784 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\LPCCDX.DLL
2010-01-21 16:49 . 2008-05-22 18:11 -------- d-----w- c:\users\Ondra\AppData\Roaming\Hamachi
2010-01-14 20:14 . 2009-09-12 11:17 -------- d-----w- c:\users\Ondra\AppData\Roaming\dvdcss
2010-01-14 14:38 . 2008-07-28 13:25 -------- d-----w- c:\program files\Java
2010-01-14 10:12 . 2009-10-03 06:34 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-03 13:20 . 2008-08-04 14:03 -------- d-----w- c:\program files\OpenAL
2010-01-03 13:20 . 2008-08-04 14:03 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-03 13:20 . 2008-08-04 14:03 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-03 12:39 . 2008-10-04 21:25 -------- d-----w- c:\program files\Codemasters
2010-01-02 19:29 . 2007-01-08 21:09 653620 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 19:29 . 2007-01-08 21:09 137040 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 06:38 . 2010-01-22 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 22:34 . 2009-02-06 19:14 -------- d-----w- c:\program files\Aspyr
2009-12-28 22:33 . 2008-08-04 14:04 -------- d-----w- c:\program files\Eidos
2009-12-25 23:06 . 2009-12-23 20:23 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-25 15:05 . 2008-08-27 21:26 -------- d-----w- c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-12-25 14:27 . 2008-04-19 14:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-25 13:59 . 2008-10-11 21:29 -------- d-----w- c:\program files\CCleaner
2009-12-20 14:57 . 2009-12-20 13:15 338 ----a-w- c:\users\Ondra\AppData\Roaming\settings.dat
2009-12-20 13:12 . 2009-12-20 13:12 454838 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7DA8B262C7C0B2B5E2561D.exe
2009-12-20 13:12 . 2009-12-20 13:12 454838 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7D2C132C50CCB86BED182C.exe
2009-12-20 13:12 . 2009-12-20 13:12 -------- d-----w- c:\program files\AutomationLabs
2009-12-19 18:12 . 2009-12-19 18:12 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-19 12:29 . 2008-03-21 14:22 -------- d-----w- c:\program files\Google
2009-12-17 21:46 . 2009-07-29 19:02 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-16 21:20 . 2009-12-16 21:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\fretsonfire
2009-12-16 21:18 . 2009-12-16 21:18 -------- d-----w- c:\program files\Frets on Fire
2009-12-12 23:36 . 2009-12-12 12:06 -------- d-----w- c:\programdata\NexonEU
2009-12-12 22:38 . 2009-12-12 22:37 -------- d-----w- c:\program files\VirtualDJ
2009-12-12 22:13 . 2009-12-12 22:12 -------- d-----w- c:\program files\Mixxx
2009-12-12 12:06 . 2009-12-12 12:06 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-12-12 12:06 . 2009-12-12 12:06 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-12-12 12:06 . 2009-12-12 12:06 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-12-12 12:06 . 2009-12-12 12:06 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-12-12 12:06 . 2009-12-12 12:06 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-12-12 12:06 . 2009-12-12 12:06 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-12 11:05 . 2008-03-21 14:22 -------- d-----w- c:\programdata\NVIDIA
2009-12-12 11:05 . 2009-12-12 11:05 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-12 10:40 . 2009-12-12 10:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-12 07:23 . 2009-12-12 07:23 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-09 16:43 . 2009-08-24 19:19 -------- d-----w- c:\programdata\Xfire
2009-12-08 09:53 . 2009-08-24 19:19 -------- d-----w- c:\users\Ondra\AppData\Roaming\Xfire
2009-12-04 15:41 . 2009-12-04 15:31 15924256 ----a-w- c:\programdata\Xfire\downloads\DragonAge1.01b.exe
2009-12-04 15:30 . 2009-08-24 19:19 -------- d-----w- c:\program files\Xfire
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\Ondra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-12-03 18:55 . 2008-07-11 12:09 -------- d-----w- c:\program files\Electronic Arts
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 21:08 . 2009-11-29 21:08 -------- d-----w- c:\programdata\BioWare
2009-11-29 20:41 . 2009-11-29 20:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-11-27 15:22 . 2009-01-28 20:17 -------- d-----w- c:\program files\QIP Infium
2009-11-25 19:54 . 2008-08-17 20:28 -------- d-----w- c:\program files\Opera
2009-11-22 14:37 . 2008-06-28 02:21 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 14:34 . 2008-06-28 02:21 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-19 20:42 . 2008-03-21 14:20 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-19 08:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-10 17:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 17:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 17:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 19:52 . 2009-10-31 19:52 12862 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-10-29 09:17 . 2009-11-26 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-27 15:22 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-07-29 18:59 . 2009-08-06 21:02 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2008-03-21 13:48 . 2008-01-29 11:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\program files\Internet Explorer\qipsearchbar.dll" [2009-07-09 150768]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-09 11:08 150768 ----a-w- c:\program files\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-07-29 1443432]
"360desktop"="" [N/A]
"Aim6"="" [N/A]
"Google Update"="c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Steam"="c:\program files\steam\steam.exe" [2009-11-17 1217808]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-16 312640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4006"="del" [X]
"SpybotDeletingD5853"="del" [X]
"SpybotDeletingB7320"="command.com" [2006-11-02 50648]
"SpybotDeletingB3025"="command.com" [2006-11-02 50648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Hoot server.lnk - c:\program files\Hoot\bin\HootServer.exe [2008-11-1 3846144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bizz FeedLiner.lnk - c:\program files\DSaT\BIZNHL\BIN\biznhl.exe [2009-8-27 4042752]
Macro Express 3.lnk - c:\program files\Macro Express3\MacExp.exe [2009-8-6 3556864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,1a,eb,1a,5d,3f,ca,01
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [7.5.2009 23:15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7.5.2009 23:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7.5.2009 23:15 108552]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\System32\drivers\3xHybrid.sys [22.11.2006 9:53 1121536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2009-09-17 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-09-14 15:31]
2010-01-24 c:\windows\Tasks\User_Feed_Synchronization-{B8B2EE15-114B-42F5-B69C-F1E4D8A75422}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\Ondra\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\users\Ondra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 12:02
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\7aad5061-2c05-43da-8eb7-5f2b68fec781.tmp 618 bytes
c:\windows\TEMP\a5db39ce-f5fc-4e05-9a6d-2c77f0a8868b.tmp 0 bytes
sken byl úspešně dokončen
skryté soubory: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Ondra\AppData\Local\Temp\EWJ1EA6.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE81E16-2E00-CCD7-D4F9-A3560ABA9239}*]
"majmodcampcfjempcpkfbpkhin"=hex:69,61,61,68,6b,65,70,66,70,65,63,6f,65,64,6c,
63,65,66,00,63
"naplmfndjoeidhahiifnggcjcokg"=hex:69,61,61,68,6b,65,70,66,70,65,63,6f,65,64,
6c,63,65,66,00,63
"ablnnkcmidbbmbkhplpcnbnondifbagfjh"=hex:6f,61,61,6c,6f,6d,68,69,6a,63,70,6a,
68,6d,6d,68,6a,63,6d,6f,61,65,70,67,6d,6b,65,6a,6e,63,00,00
"mamnikefcilndnakdbdcadbjia"=hex:61,62,6d,68,62,65,6c,6c,64,67,64,65,69,63,6e,
6e,68,65,6e,6e,68,63,6b,62,62,66,6b,6d,6d,64,67,61,68,66,00,00
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,67,ec,1a,5b,b2,82,83,d2,88,f6,fb,8c,73,50,3c,3d,b0,14,29,34,33,16,
03,eb,9f,75,b5,33,de,f9,ec,e5,eb,5a,e1,f4,ec,9d,e5,44,9a,75,b1,f6,3d,d9,ff,\
"??"=hex:15,f3,9a,0e,ec,56,f8,9b,8a,e8,3d,22,36,68,77,87
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:07,8c,5a,3d,64,d8,89,d2,46,5e,e2,34,38,ac,f4,5c,f2,1f,1e,07,6d,
8a,c8,72,16,35,72,38,91,9c,c9,ca,cc,b9,6d,d9,d4,74,cf,6c,a4,10,05,7f,65,3f,\
"rkeysecu"=hex:29,a2,66,40,32,0c,db,09,9c,c0,29,1d,a4,18,17,b8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Celkový čas: 2010-01-24 12:09:59
ComboFix-quarantined-files.txt 2010-01-24 11:09
Před spuštěním: Volných bajtů: 24 174 886 912
Po spuštění: Volných bajtů: 24 110 424 064
- - End Of File - - 966502318DDCF6C970D6D7778D43D46F
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1362157603-801023130-4281435551-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\program files\Cheat Engine\dbk32.sys
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\users\Ondra\AppData\Roaming\inst.exe
c:\users\Ondra\Documents\cc_20100124_105726.reg
c:\users\Ondra\iepv.exe
c:\users\Ondra\mspass.exe
c:\users\Ondra\PasswordFox.exe
c:\users\Ondra\Update.exe
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\patchw32.dll
c:\windows\system32\Config.ini
c:\windows\system32\ealregsnapshot1.reg
c:\windows\system32\launcher.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 11:02 . 2010-01-24 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-23 23:46 . 2010-01-23 23:46 -------- d-----w- c:\program files\PowerISO
2010-01-23 23:24 . 2010-01-23 23:37 -------- d-----w- c:\program files\Mass Effect 2
2010-01-21 16:50 . 2010-01-23 16:22 -------- d-----w- c:\users\Ondra\AppData\Local\LogMeIn Hamachi
2010-01-21 16:50 . 2010-01-21 16:50 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\DivX
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-13 20:40 . 2010-01-13 20:40 -------- d-----w- c:\program files\BestGameEver
2010-01-13 17:55 . 2010-01-13 17:55 -------- d-----w- c:\program files\Legie
2010-01-13 16:44 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:44 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 12:39 . 2010-01-09 12:39 -------- d-----w- c:\windows\usgwmt
2010-01-03 13:21 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-01-03 13:21 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-01-03 13:21 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-01-03 13:21 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-01-03 13:21 . 2010-01-03 13:21 -------- d-----w- c:\program files\BRS
2010-01-03 13:20 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-03 13:20 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-03 13:20 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-01-03 13:19 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-01-03 13:19 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-03 13:19 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-29 22:07 . 2009-12-29 22:07 -------- d-----w- c:\programdata\Codemasters
2009-12-25 20:57 . 2009-12-25 20:57 -------- d-----w- c:\program files\ModernWarfare2 ScreenSaver v0.2
2009-12-25 14:25 . 2009-12-25 14:26 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:01 . 2009-11-05 19:10 -------- d-----w- c:\program files\Cheat Engine
2010-01-24 10:39 . 2008-07-19 08:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 10:09 . 2008-08-27 21:23 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-01-24 10:00 . 2008-07-19 08:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-24 00:51 . 2009-11-17 21:59 -------- d-----w- c:\program files\Steam
2010-01-24 00:46 . 2008-04-09 11:50 100752 ----a-w- c:\users\Ondra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-24 00:36 . 2008-07-04 13:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\Skype
2010-01-24 00:10 . 2009-04-01 18:55 -------- d-----w- c:\programdata\Google Updater
2010-01-23 23:06 . 2008-07-04 13:20 -------- d-----w- c:\users\Ondra\AppData\Roaming\skypePM
2010-01-23 22:38 . 2009-09-06 16:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\vlc
2010-01-23 13:42 . 2008-03-25 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 13:33 . 2009-10-10 18:38 -------- d-----w- c:\program files\Thief - Deadly Shadows
2010-01-23 13:30 . 2009-01-02 18:24 -------- d-----w- c:\programdata\Media Center Programs
2010-01-23 13:30 . 2008-04-29 15:12 -------- d-----w- c:\program files\Ubisoft
2010-01-23 13:28 . 2008-04-25 16:13 -------- d-----w- c:\program files\Lineage II
2010-01-23 02:29 . 2009-11-17 21:59 -------- d-----w- c:\program files\Common Files\Steam
2010-01-23 02:21 . 2009-11-24 18:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 00:23 . 2010-01-23 00:23 668397 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\HHSDEMON.EXE
2010-01-23 00:23 . 2010-01-23 00:23 647020 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\HHS.DLL
2010-01-23 00:23 . 2010-01-23 00:23 237568 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\SkyCoPilot.exe
2010-01-23 00:23 . 2010-01-23 00:23 222732 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\HHSCLNT.DLL
2010-01-23 00:23 . 2010-01-23 00:23 118784 ----a-w- c:\programdata\Skype\Plugins\Plugins\D99E0FE328074EBB91C9CF9781C3150D\LPCCDX.DLL
2010-01-21 16:49 . 2008-05-22 18:11 -------- d-----w- c:\users\Ondra\AppData\Roaming\Hamachi
2010-01-14 20:14 . 2009-09-12 11:17 -------- d-----w- c:\users\Ondra\AppData\Roaming\dvdcss
2010-01-14 14:38 . 2008-07-28 13:25 -------- d-----w- c:\program files\Java
2010-01-14 10:12 . 2009-10-03 06:34 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-03 13:20 . 2008-08-04 14:03 -------- d-----w- c:\program files\OpenAL
2010-01-03 13:20 . 2008-08-04 14:03 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-03 13:20 . 2008-08-04 14:03 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-03 12:39 . 2008-10-04 21:25 -------- d-----w- c:\program files\Codemasters
2010-01-02 19:29 . 2007-01-08 21:09 653620 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 19:29 . 2007-01-08 21:09 137040 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 06:38 . 2010-01-22 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 22:34 . 2009-02-06 19:14 -------- d-----w- c:\program files\Aspyr
2009-12-28 22:33 . 2008-08-04 14:04 -------- d-----w- c:\program files\Eidos
2009-12-25 23:06 . 2009-12-23 20:23 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-25 15:05 . 2008-08-27 21:26 -------- d-----w- c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-12-25 14:27 . 2008-04-19 14:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-25 13:59 . 2008-10-11 21:29 -------- d-----w- c:\program files\CCleaner
2009-12-20 14:57 . 2009-12-20 13:15 338 ----a-w- c:\users\Ondra\AppData\Roaming\settings.dat
2009-12-20 13:12 . 2009-12-20 13:12 454838 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7DA8B262C7C0B2B5E2561D.exe
2009-12-20 13:12 . 2009-12-20 13:12 454838 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7D2C132C50CCB86BED182C.exe
2009-12-20 13:12 . 2009-12-20 13:12 -------- d-----w- c:\program files\AutomationLabs
2009-12-19 18:12 . 2009-12-19 18:12 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-19 12:29 . 2008-03-21 14:22 -------- d-----w- c:\program files\Google
2009-12-17 21:46 . 2009-07-29 19:02 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-16 21:20 . 2009-12-16 21:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\fretsonfire
2009-12-16 21:18 . 2009-12-16 21:18 -------- d-----w- c:\program files\Frets on Fire
2009-12-12 23:36 . 2009-12-12 12:06 -------- d-----w- c:\programdata\NexonEU
2009-12-12 22:38 . 2009-12-12 22:37 -------- d-----w- c:\program files\VirtualDJ
2009-12-12 22:13 . 2009-12-12 22:12 -------- d-----w- c:\program files\Mixxx
2009-12-12 12:06 . 2009-12-12 12:06 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-12-12 12:06 . 2009-12-12 12:06 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-12-12 12:06 . 2009-12-12 12:06 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-12-12 12:06 . 2009-12-12 12:06 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-12-12 12:06 . 2009-12-12 12:06 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-12-12 12:06 . 2009-12-12 12:06 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-12 11:05 . 2008-03-21 14:22 -------- d-----w- c:\programdata\NVIDIA
2009-12-12 11:05 . 2009-12-12 11:05 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-12 10:40 . 2009-12-12 10:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-12 07:23 . 2009-12-12 07:23 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-09 16:43 . 2009-08-24 19:19 -------- d-----w- c:\programdata\Xfire
2009-12-08 09:53 . 2009-08-24 19:19 -------- d-----w- c:\users\Ondra\AppData\Roaming\Xfire
2009-12-04 15:41 . 2009-12-04 15:31 15924256 ----a-w- c:\programdata\Xfire\downloads\DragonAge1.01b.exe
2009-12-04 15:30 . 2009-08-24 19:19 -------- d-----w- c:\program files\Xfire
2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\users\Ondra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-12-03 18:55 . 2008-07-11 12:09 -------- d-----w- c:\program files\Electronic Arts
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 21:08 . 2009-11-29 21:08 -------- d-----w- c:\programdata\BioWare
2009-11-29 20:41 . 2009-11-29 20:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-11-27 15:22 . 2009-01-28 20:17 -------- d-----w- c:\program files\QIP Infium
2009-11-25 19:54 . 2008-08-17 20:28 -------- d-----w- c:\program files\Opera
2009-11-22 14:37 . 2008-06-28 02:21 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 14:34 . 2008-06-28 02:21 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-19 20:42 . 2008-03-21 14:20 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-19 08:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-10 17:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 17:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 17:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 19:52 . 2009-10-31 19:52 12862 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-10-29 09:17 . 2009-11-26 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-27 15:22 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-07-29 18:59 . 2009-08-06 21:02 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2008-03-21 13:48 . 2008-01-29 11:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
Kód: Vybrat vše
<pre>
c:\program files\Call of Duty\CoDUOSP .exe
</pre>.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\program files\Internet Explorer\qipsearchbar.dll" [2009-07-09 150768]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-09 11:08 150768 ----a-w- c:\program files\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-07-29 1443432]
"360desktop"="" [N/A]
"Aim6"="" [N/A]
"Google Update"="c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Steam"="c:\program files\steam\steam.exe" [2009-11-17 1217808]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-16 312640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4006"="del" [X]
"SpybotDeletingD5853"="del" [X]
"SpybotDeletingB7320"="command.com" [2006-11-02 50648]
"SpybotDeletingB3025"="command.com" [2006-11-02 50648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Hoot server.lnk - c:\program files\Hoot\bin\HootServer.exe [2008-11-1 3846144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bizz FeedLiner.lnk - c:\program files\DSaT\BIZNHL\BIN\biznhl.exe [2009-8-27 4042752]
Macro Express 3.lnk - c:\program files\Macro Express3\MacExp.exe [2009-8-6 3556864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,1a,eb,1a,5d,3f,ca,01
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [7.5.2009 23:15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7.5.2009 23:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7.5.2009 23:15 108552]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\System32\drivers\3xHybrid.sys [22.11.2006 9:53 1121536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2009-09-17 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-09-14 15:31]
2010-01-24 c:\windows\Tasks\User_Feed_Synchronization-{B8B2EE15-114B-42F5-B69C-F1E4D8A75422}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\Ondra\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\users\Ondra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 12:02
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\7aad5061-2c05-43da-8eb7-5f2b68fec781.tmp 618 bytes
c:\windows\TEMP\a5db39ce-f5fc-4e05-9a6d-2c77f0a8868b.tmp 0 bytes
sken byl úspešně dokončen
skryté soubory: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Ondra\AppData\Local\Temp\EWJ1EA6.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE81E16-2E00-CCD7-D4F9-A3560ABA9239}*]
"majmodcampcfjempcpkfbpkhin"=hex:69,61,61,68,6b,65,70,66,70,65,63,6f,65,64,6c,
63,65,66,00,63
"naplmfndjoeidhahiifnggcjcokg"=hex:69,61,61,68,6b,65,70,66,70,65,63,6f,65,64,
6c,63,65,66,00,63
"ablnnkcmidbbmbkhplpcnbnondifbagfjh"=hex:6f,61,61,6c,6f,6d,68,69,6a,63,70,6a,
68,6d,6d,68,6a,63,6d,6f,61,65,70,67,6d,6b,65,6a,6e,63,00,00
"mamnikefcilndnakdbdcadbjia"=hex:61,62,6d,68,62,65,6c,6c,64,67,64,65,69,63,6e,
6e,68,65,6e,6e,68,63,6b,62,62,66,6b,6d,6d,64,67,61,68,66,00,00
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,67,ec,1a,5b,b2,82,83,d2,88,f6,fb,8c,73,50,3c,3d,b0,14,29,34,33,16,
03,eb,9f,75,b5,33,de,f9,ec,e5,eb,5a,e1,f4,ec,9d,e5,44,9a,75,b1,f6,3d,d9,ff,\
"??"=hex:15,f3,9a,0e,ec,56,f8,9b,8a,e8,3d,22,36,68,77,87
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:07,8c,5a,3d,64,d8,89,d2,46,5e,e2,34,38,ac,f4,5c,f2,1f,1e,07,6d,
8a,c8,72,16,35,72,38,91,9c,c9,ca,cc,b9,6d,d9,d4,74,cf,6c,a4,10,05,7f,65,3f,\
"rkeysecu"=hex:29,a2,66,40,32,0c,db,09,9c,c0,29,1d,a4,18,17,b8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Celkový čas: 2010-01-24 12:09:59
ComboFix-quarantined-files.txt 2010-01-24 11:09
Před spuštěním: Volných bajtů: 24 174 886 912
Po spuštění: Volných bajtů: 24 110 424 064
- - End Of File - - 966502318DDCF6C970D6D7778D43D46F
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\AskBarDis
Collect::
c:\windows\TEMP\7aad5061-2c05-43da-8eb7-5f2b68fec781.tmp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"=-
Regnull::
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE81E16-2E00-CCD7-D4F9-A3560ABA9239}*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
spustil sem to s CFScript.txt kontrola proběhla v pořádu ale když sem sem chtěl dát log tak přestal fungovat internet zkoušelsem u chrome i u opery a nešlo muselsem restartovat
log:
ComboFix 10-01-23.05 - Ondra 24.01.2010 14:28:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1181 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 13:57 . 2010-01-24 13:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-24 13:57 . 2010-01-24 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-24 13:57 . 2010-01-24 13:57 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2010-01-23 23:46 . 2010-01-23 23:46 -------- d-----w- c:\program files\PowerISO
2010-01-23 23:24 . 2010-01-23 23:37 -------- d-----w- c:\program files\Mass Effect 2
2010-01-21 16:50 . 2010-01-23 16:22 -------- d-----w- c:\users\Ondra\AppData\Local\LogMeIn Hamachi
2010-01-21 16:50 . 2010-01-21 16:50 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\DivX
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-13 20:40 . 2010-01-13 20:40 -------- d-----w- c:\program files\BestGameEver
2010-01-13 17:55 . 2010-01-13 17:55 -------- d-----w- c:\program files\Legie
2010-01-13 16:44 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:44 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 12:39 . 2010-01-09 12:39 -------- d-----w- c:\windows\usgwmt
2010-01-03 13:21 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-01-03 13:21 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-01-03 13:21 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-01-03 13:21 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-01-03 13:21 . 2010-01-03 13:21 -------- d-----w- c:\program files\BRS
2010-01-03 13:20 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-03 13:20 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-03 13:20 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-01-03 13:19 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-01-03 13:19 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-03 13:19 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-29 22:07 . 2009-12-29 22:07 -------- d-----w- c:\programdata\Codemasters
2009-12-25 20:57 . 2009-12-25 20:57 -------- d-----w- c:\program files\ModernWarfare2 ScreenSaver v0.2
2009-12-25 14:25 . 2009-12-25 14:26 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:01 . 2009-11-05 19:10 -------- d-----w- c:\program files\Cheat Engine
2010-01-24 10:39 . 2008-07-19 08:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 10:09 . 2008-08-27 21:23 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-01-24 10:00 . 2008-07-19 08:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-24 00:51 . 2009-11-17 21:59 -------- d-----w- c:\program files\Steam
2010-01-24 00:46 . 2008-04-09 11:50 100752 ----a-w- c:\users\Ondra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-24 00:36 . 2008-07-04 13:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\Skype
2010-01-24 00:10 . 2009-04-01 18:55 -------- d-----w- c:\programdata\Google Updater
2010-01-23 23:06 . 2008-07-04 13:20 -------- d-----w- c:\users\Ondra\AppData\Roaming\skypePM
2010-01-23 22:38 . 2009-09-06 16:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\vlc
2010-01-23 13:42 . 2008-03-25 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 13:33 . 2009-10-10 18:38 -------- d-----w- c:\program files\Thief - Deadly Shadows
2010-01-23 13:30 . 2009-01-02 18:24 -------- d-----w- c:\programdata\Media Center Programs
2010-01-23 13:30 . 2008-04-29 15:12 -------- d-----w- c:\program files\Ubisoft
2010-01-23 13:28 . 2008-04-25 16:13 -------- d-----w- c:\program files\Lineage II
2010-01-23 02:29 . 2009-11-17 21:59 -------- d-----w- c:\program files\Common Files\Steam
2010-01-23 02:21 . 2009-11-24 18:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 16:49 . 2008-05-22 18:11 -------- d-----w- c:\users\Ondra\AppData\Roaming\Hamachi
2010-01-14 20:14 . 2009-09-12 11:17 -------- d-----w- c:\users\Ondra\AppData\Roaming\dvdcss
2010-01-14 14:38 . 2008-07-28 13:25 -------- d-----w- c:\program files\Java
2010-01-14 10:12 . 2009-10-03 06:34 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-03 13:20 . 2008-08-04 14:03 -------- d-----w- c:\program files\OpenAL
2010-01-03 13:20 . 2008-08-04 14:03 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-03 13:20 . 2008-08-04 14:03 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-03 12:39 . 2008-10-04 21:25 -------- d-----w- c:\program files\Codemasters
2010-01-02 19:29 . 2007-01-08 21:09 653620 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 19:29 . 2007-01-08 21:09 137040 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 06:38 . 2010-01-22 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 22:34 . 2009-02-06 19:14 -------- d-----w- c:\program files\Aspyr
2009-12-28 22:33 . 2008-08-04 14:04 -------- d-----w- c:\program files\Eidos
2009-12-25 23:06 . 2009-12-23 20:23 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-25 15:05 . 2008-08-27 21:26 -------- d-----w- c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-12-25 14:27 . 2008-04-19 14:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-25 13:59 . 2008-10-11 21:29 -------- d-----w- c:\program files\CCleaner
2009-12-20 14:57 . 2009-12-20 13:15 338 ----a-w- c:\users\Ondra\AppData\Roaming\settings.dat
2009-12-20 13:12 . 2009-12-20 13:12 -------- d-----w- c:\program files\AutomationLabs
2009-12-19 12:29 . 2008-03-21 14:22 -------- d-----w- c:\program files\Google
2009-12-16 21:20 . 2009-12-16 21:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\fretsonfire
2009-12-16 21:18 . 2009-12-16 21:18 -------- d-----w- c:\program files\Frets on Fire
2009-12-12 23:36 . 2009-12-12 12:06 -------- d-----w- c:\programdata\NexonEU
2009-12-12 22:38 . 2009-12-12 22:37 -------- d-----w- c:\program files\VirtualDJ
2009-12-12 22:13 . 2009-12-12 22:12 -------- d-----w- c:\program files\Mixxx
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-12 11:05 . 2008-03-21 14:22 -------- d-----w- c:\programdata\NVIDIA
2009-12-12 11:05 . 2009-12-12 11:05 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-12 10:40 . 2009-12-12 10:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-12 07:23 . 2009-12-12 07:23 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-09 16:43 . 2009-08-24 19:19 -------- d-----w- c:\programdata\Xfire
2009-12-08 09:53 . 2009-08-24 19:19 -------- d-----w- c:\users\Ondra\AppData\Roaming\Xfire
2009-12-04 15:30 . 2009-08-24 19:19 -------- d-----w- c:\program files\Xfire
2009-12-03 18:55 . 2008-07-11 12:09 -------- d-----w- c:\program files\Electronic Arts
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 21:08 . 2009-11-29 21:08 -------- d-----w- c:\programdata\BioWare
2009-11-29 20:41 . 2009-11-29 20:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-11-27 15:22 . 2009-01-28 20:17 -------- d-----w- c:\program files\QIP Infium
2009-11-25 19:54 . 2008-08-17 20:28 -------- d-----w- c:\program files\Opera
2009-11-22 14:37 . 2008-06-28 02:21 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 14:34 . 2008-06-28 02:21 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-19 20:42 . 2008-03-21 14:20 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-09 12:31 . 2009-12-10 17:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 17:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 17:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 09:17 . 2009-11-26 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-27 15:22 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-07-29 18:59 . 2009-08-06 21:02 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2008-03-21 13:48 . 2008-01-29 11:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\program files\Internet Explorer\qipsearchbar.dll" [2009-07-09 150768]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-09 11:08 150768 ----a-w- c:\program files\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-07-29 1443432]
"360desktop"="" [N/A]
"Aim6"="" [N/A]
"Google Update"="c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Steam"="c:\program files\steam\steam.exe" [2009-11-17 1217808]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-16 312640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Hoot server.lnk - c:\program files\Hoot\bin\HootServer.exe [2008-11-1 3846144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bizz FeedLiner.lnk - c:\program files\DSaT\BIZNHL\BIN\biznhl.exe [2009-8-27 4042752]
Macro Express 3.lnk - c:\program files\Macro Express3\MacExp.exe [2009-8-6 3556864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,1a,eb,1a,5d,3f,ca,01
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [7.5.2009 23:15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7.5.2009 23:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7.5.2009 23:15 108552]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\System32\drivers\3xHybrid.sys [22.11.2006 9:53 1121536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2010-01-24 c:\windows\Tasks\User_Feed_Synchronization-{B8B2EE15-114B-42F5-B69C-F1E4D8A75422}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 14:57
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,67,ec,1a,5b,b2,82,83,d2,88,f6,fb,8c,73,50,3c,3d,b0,14,29,34,33,16,
03,eb,9f,75,b5,33,de,f9,ec,e5,eb,5a,e1,f4,ec,9d,e5,44,9a,75,b1,f6,3d,d9,ff,\
"??"=hex:15,f3,9a,0e,ec,56,f8,9b,8a,e8,3d,22,36,68,77,87
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:07,8c,5a,3d,64,d8,89,d2,46,5e,e2,34,38,ac,f4,5c,f2,1f,1e,07,6d,
8a,c8,72,16,35,72,38,91,9c,c9,ca,cc,b9,6d,d9,d4,74,cf,6c,a4,10,05,7f,65,3f,\
"rkeysecu"=hex:29,a2,66,40,32,0c,db,09,9c,c0,29,1d,a4,18,17,b8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Celkový čas: 2010-01-24 15:12:23
ComboFix-quarantined-files.txt 2010-01-24 14:12
ComboFix2.txt 2010-01-24 11:10
Před spuštěním: Volných bajtů: 19 851 603 968
Po spuštění: Volných bajtů: 19 818 950 656
- - End Of File - - 77CA11E09C1398E56113B24E7D45B4E7
log:
ComboFix 10-01-23.05 - Ondra 24.01.2010 14:28:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1181 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 13:57 . 2010-01-24 13:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-24 13:57 . 2010-01-24 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-24 13:57 . 2010-01-24 13:57 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2010-01-23 23:46 . 2010-01-23 23:46 -------- d-----w- c:\program files\PowerISO
2010-01-23 23:24 . 2010-01-23 23:37 -------- d-----w- c:\program files\Mass Effect 2
2010-01-21 16:50 . 2010-01-23 16:22 -------- d-----w- c:\users\Ondra\AppData\Local\LogMeIn Hamachi
2010-01-21 16:50 . 2010-01-21 16:50 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\DivX
2010-01-14 16:19 . 2010-01-14 16:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-13 20:40 . 2010-01-13 20:40 -------- d-----w- c:\program files\BestGameEver
2010-01-13 17:55 . 2010-01-13 17:55 -------- d-----w- c:\program files\Legie
2010-01-13 16:44 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:44 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 12:39 . 2010-01-09 12:39 -------- d-----w- c:\windows\usgwmt
2010-01-03 13:21 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-01-03 13:21 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-01-03 13:21 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-01-03 13:21 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-01-03 13:21 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-01-03 13:21 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-01-03 13:21 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-01-03 13:21 . 2010-01-03 13:21 -------- d-----w- c:\program files\BRS
2010-01-03 13:20 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-03 13:20 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-03 13:20 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-01-03 13:19 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-01-03 13:19 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-01-03 13:19 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-03 13:19 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-01-03 13:19 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-29 22:07 . 2009-12-29 22:07 -------- d-----w- c:\programdata\Codemasters
2009-12-25 20:57 . 2009-12-25 20:57 -------- d-----w- c:\program files\ModernWarfare2 ScreenSaver v0.2
2009-12-25 14:25 . 2009-12-25 14:26 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:01 . 2009-11-05 19:10 -------- d-----w- c:\program files\Cheat Engine
2010-01-24 10:39 . 2008-07-19 08:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 10:09 . 2008-08-27 21:23 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-01-24 10:00 . 2008-07-19 08:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-24 00:51 . 2009-11-17 21:59 -------- d-----w- c:\program files\Steam
2010-01-24 00:46 . 2008-04-09 11:50 100752 ----a-w- c:\users\Ondra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-24 00:36 . 2008-07-04 13:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\Skype
2010-01-24 00:10 . 2009-04-01 18:55 -------- d-----w- c:\programdata\Google Updater
2010-01-23 23:06 . 2008-07-04 13:20 -------- d-----w- c:\users\Ondra\AppData\Roaming\skypePM
2010-01-23 22:38 . 2009-09-06 16:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\vlc
2010-01-23 13:42 . 2008-03-25 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 13:33 . 2009-10-10 18:38 -------- d-----w- c:\program files\Thief - Deadly Shadows
2010-01-23 13:30 . 2009-01-02 18:24 -------- d-----w- c:\programdata\Media Center Programs
2010-01-23 13:30 . 2008-04-29 15:12 -------- d-----w- c:\program files\Ubisoft
2010-01-23 13:28 . 2008-04-25 16:13 -------- d-----w- c:\program files\Lineage II
2010-01-23 02:29 . 2009-11-17 21:59 -------- d-----w- c:\program files\Common Files\Steam
2010-01-23 02:21 . 2009-11-24 18:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 16:49 . 2008-05-22 18:11 -------- d-----w- c:\users\Ondra\AppData\Roaming\Hamachi
2010-01-14 20:14 . 2009-09-12 11:17 -------- d-----w- c:\users\Ondra\AppData\Roaming\dvdcss
2010-01-14 14:38 . 2008-07-28 13:25 -------- d-----w- c:\program files\Java
2010-01-14 10:12 . 2009-10-03 06:34 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-03 13:20 . 2008-08-04 14:03 -------- d-----w- c:\program files\OpenAL
2010-01-03 13:20 . 2008-08-04 14:03 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-03 13:20 . 2008-08-04 14:03 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-03 12:39 . 2008-10-04 21:25 -------- d-----w- c:\program files\Codemasters
2010-01-02 19:29 . 2007-01-08 21:09 653620 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 19:29 . 2007-01-08 21:09 137040 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 06:38 . 2010-01-22 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 22:34 . 2009-02-06 19:14 -------- d-----w- c:\program files\Aspyr
2009-12-28 22:33 . 2008-08-04 14:04 -------- d-----w- c:\program files\Eidos
2009-12-25 23:06 . 2009-12-23 20:23 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-25 15:05 . 2008-08-27 21:26 -------- d-----w- c:\users\Ondra\AppData\Roaming\DAEMON Tools Pro
2009-12-25 14:27 . 2008-04-19 14:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-25 13:59 . 2008-10-11 21:29 -------- d-----w- c:\program files\CCleaner
2009-12-20 14:57 . 2009-12-20 13:15 338 ----a-w- c:\users\Ondra\AppData\Roaming\settings.dat
2009-12-20 13:12 . 2009-12-20 13:12 -------- d-----w- c:\program files\AutomationLabs
2009-12-19 12:29 . 2008-03-21 14:22 -------- d-----w- c:\program files\Google
2009-12-16 21:20 . 2009-12-16 21:18 -------- d-----w- c:\users\Ondra\AppData\Roaming\fretsonfire
2009-12-16 21:18 . 2009-12-16 21:18 -------- d-----w- c:\program files\Frets on Fire
2009-12-12 23:36 . 2009-12-12 12:06 -------- d-----w- c:\programdata\NexonEU
2009-12-12 22:38 . 2009-12-12 22:37 -------- d-----w- c:\program files\VirtualDJ
2009-12-12 22:13 . 2009-12-12 22:12 -------- d-----w- c:\program files\Mixxx
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-12 11:12 . 2008-08-14 19:55 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-12 11:05 . 2008-03-21 14:22 -------- d-----w- c:\programdata\NVIDIA
2009-12-12 11:05 . 2009-12-12 11:05 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-12 10:40 . 2009-12-12 10:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-12 07:23 . 2009-12-12 07:23 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-12-09 16:43 . 2009-08-24 19:19 -------- d-----w- c:\programdata\Xfire
2009-12-08 09:53 . 2009-08-24 19:19 -------- d-----w- c:\users\Ondra\AppData\Roaming\Xfire
2009-12-04 15:30 . 2009-08-24 19:19 -------- d-----w- c:\program files\Xfire
2009-12-03 18:55 . 2008-07-11 12:09 -------- d-----w- c:\program files\Electronic Arts
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 21:08 . 2009-11-29 21:08 -------- d-----w- c:\programdata\BioWare
2009-11-29 20:41 . 2009-11-29 20:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-11-27 15:22 . 2009-01-28 20:17 -------- d-----w- c:\program files\QIP Infium
2009-11-25 19:54 . 2008-08-17 20:28 -------- d-----w- c:\program files\Opera
2009-11-22 14:37 . 2008-06-28 02:21 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 14:34 . 2008-06-28 02:21 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-19 20:42 . 2008-03-21 14:20 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-09 12:31 . 2009-12-10 17:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 17:32 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 17:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-29 09:17 . 2009-11-26 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-27 15:22 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-07-29 18:59 . 2009-08-06 21:02 251392 ----a-w- c:\program files\opera\program\plugins\dapop.dll
2008-03-21 13:48 . 2008-01-29 11:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
Kód: Vybrat vše
<pre>
c:\program files\Call of Duty\CoDUOSP .exe
</pre>.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\program files\Internet Explorer\qipsearchbar.dll" [2009-07-09 150768]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-09 11:08 150768 ----a-w- c:\program files\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-29 2598896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-07-29 1443432]
"360desktop"="" [N/A]
"Aim6"="" [N/A]
"Google Update"="c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Steam"="c:\program files\steam\steam.exe" [2009-11-17 1217808]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-16 312640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start Hoot server.lnk - c:\program files\Hoot\bin\HootServer.exe [2008-11-1 3846144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bizz FeedLiner.lnk - c:\program files\DSaT\BIZNHL\BIN\biznhl.exe [2009-8-27 4042752]
Macro Express 3.lnk - c:\program files\Macro Express3\MacExp.exe [2009-8-6 3556864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,1a,eb,1a,5d,3f,ca,01
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [7.5.2009 23:15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7.5.2009 23:15 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7.5.2009 23:15 108552]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\System32\drivers\3xHybrid.sys [22.11.2006 9:53 1121536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 18:55]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1362157603-801023130-4281435551-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 07:22]
2010-01-24 c:\windows\Tasks\User_Feed_Synchronization-{B8B2EE15-114B-42F5-B69C-F1E4D8A75422}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\656lkkjs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 14:57
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:da,67,ec,1a,5b,b2,82,83,d2,88,f6,fb,8c,73,50,3c,3d,b0,14,29,34,33,16,
03,eb,9f,75,b5,33,de,f9,ec,e5,eb,5a,e1,f4,ec,9d,e5,44,9a,75,b1,f6,3d,d9,ff,\
"??"=hex:15,f3,9a,0e,ec,56,f8,9b,8a,e8,3d,22,36,68,77,87
[HKEY_USERS\S-1-5-21-1362157603-801023130-4281435551-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:07,8c,5a,3d,64,d8,89,d2,46,5e,e2,34,38,ac,f4,5c,f2,1f,1e,07,6d,
8a,c8,72,16,35,72,38,91,9c,c9,ca,cc,b9,6d,d9,d4,74,cf,6c,a4,10,05,7f,65,3f,\
"rkeysecu"=hex:29,a2,66,40,32,0c,db,09,9c,c0,29,1d,a4,18,17,b8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(704)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Celkový čas: 2010-01-24 15:12:23
ComboFix-quarantined-files.txt 2010-01-24 14:12
ComboFix2.txt 2010-01-24 11:10
Před spuštěním: Volných bajtů: 19 851 603 968
Po spuštění: Volných bajtů: 19 818 950 656
- - End Of File - - 77CA11E09C1398E56113B24E7D45B4E7
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
V každém případě CF vše smazal.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
ale problém s hláškou "program too big to fit in memory" stále přetrvává
už sem ztoho na mrtvici 20x sem zapl avg nic 20x spybot a taky cc a nic prostě nic
už sem ztoho na mrtvici 20x sem zapl avg nic 20x spybot a taky cc a nic prostě nic
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
O jaký program jde?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
při spouštění instalace se objeví rameček podobnej cmd a tam se na chvili objeví ta hlaška (program too big to fit in memory)
pak to zmizí a nic se neděje
pak to zmizí a nic se neděje
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
Máte dost volného místa na disku? Jaká je velikost RAM?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
mělsem 20gb soubor vyžadoval 8gb a ram mam 2gb
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
Hláška v podstatě znamená, že program je vůči velikosti paměti příliš velký. Zkuste zvětšit virtuální paměť. Bohužel ale neporadím, kde se to dělá ve Win7. Mělo by to být v ovl.panely>system>upřesnit>výkon.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
ja mam visty
-
Rudy
- Site Admin
- Příspěvky: 118370
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu podezreni na nebezpecnou havět
Ve Vistách také nevím, ale bude to podobné, jako ve Win7. Měl byste se to dovědět v nápovědě.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu podezreni na nebezpecnou havět
no hele nejde to takže si zazalohuju dokumnety a udělám přeinstal
Přispějete na provoz fóra?