Zdravim zadam o kontrolu logu. Pocitac nasel nejake viry a ted mi nebezi internet (pisu z jineho pc), pouze icq jde.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:49, on 28.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 10203 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Kontrola logu
Dodejte kompletnější RSIT.
~~~
Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
(pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt).
Obsah tohoto logu vložte do svého příspěvku.
~~~
Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
(pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt).
Obsah tohoto logu vložte do svého příspěvku.
inactive
-
nemm
Re: Kontrola logu
Logfile of random's system information tool 1.06 (written by random/random)
Run by EriksonSKS at 2010-01-28 21:41:47
Microsoft® Windows Vista™ Home Basic
System drive C: has 18 GB (10%) free of 178 GB
Total RAM: 895 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:00, on 28.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\EriksonSKS\Documents\ICQ\221788228\ReceivedFiles\281663016 Bukva\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\EriksonSKS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 9677 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Norton Security Scan for EriksonSKS.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-12-07 96872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll [2009-07-09 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-15 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-13 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
GamesBarBHO Class - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23 565960]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-15 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-10-25 107112]
"IS CfgWiz"=c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [2006-10-24 46728]
"osCheck"=c:\Program Files\Norton Internet Security\osCheck.exe [2006-10-27 22696]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-21 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Users\EriksonSKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6332d1-c2b4-11dc-92b8-0019db793667}]
shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af82bb8-0f49-11de-8ae8-806e6f6e6963}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af82d2a-0f49-11de-8ae8-0019db793667}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bffacd9-bffa-11dd-8b4e-0019db793667}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be23d1f7-9f34-11dc-b6e2-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd8e03d-a38b-11dc-ae92-cfe24bbf4198}]
shell\AutoRun\command - K:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-28 21:41:47 ----D---- C:\rsit
2010-01-28 21:24:37 ----D---- C:\Program Files\Trend Micro
2010-01-28 20:37:07 ----A---- C:\Windows\system32\lsdelete.exe
2010-01-28 19:12:36 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-28 19:11:54 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-23 01:26:13 ----D---- C:\Program Files\ProtectDisc Driver Installer
2010-01-23 01:26:05 ----D---- C:\Users\EriksonSKS\AppData\Roaming\ProtectDisc
2010-01-23 00:55:29 ----D---- C:\Program Files\RTL Biathlon 2009
2010-01-23 00:15:28 ----D---- C:\Users\EriksonSKS\AppData\Roaming\CometNetwork
2010-01-23 00:14:52 ----D---- C:\Program Files\CometBird
2010-01-23 00:13:36 ----D---- C:\Program Files\BitComet
2010-01-20 16:48:48 ----D---- C:\Program Files\RTL Biathlon 2008 (Demo)
2010-01-20 16:37:21 ----D---- C:\Program Files\Cyanide
======List of files/folders modified in the last 1 months======
2010-01-28 21:42:00 ----D---- C:\Windows\Prefetch
2010-01-28 21:41:22 ----D---- C:\Windows\Temp
2010-01-28 21:31:56 ----D---- C:\ProgramData\GamesBar
2010-01-28 21:24:37 ----RD---- C:\Program Files
2010-01-28 20:46:30 ----D---- C:\Windows\Tasks
2010-01-28 20:43:46 ----D---- C:\Users\EriksonSKS\AppData\Roaming\OpenOffice.org2
2010-01-28 20:43:10 ----D---- C:\Users\EriksonSKS\AppData\Roaming\Xfire
2010-01-28 20:39:44 ----D---- C:\Windows\system32\Tasks
2010-01-28 20:37:07 ----D---- C:\Windows\System32
2010-01-28 20:37:04 ----D---- C:\Program Files\iVideo
2010-01-28 20:37:04 ----D---- C:\Program Files\DAEMON Tools
2010-01-28 19:12:38 ----D---- C:\Windows\system32\catroot
2010-01-28 19:12:37 ----D---- C:\Windows\system32\drivers
2010-01-28 19:11:54 ----SHD---- C:\Windows\Installer
2010-01-28 19:11:54 ----HD---- C:\ProgramData
2010-01-28 19:10:42 ----D---- C:\Windows\winsxs
2010-01-28 17:51:17 ----D---- C:\Windows
2010-01-28 17:51:17 ----D---- C:\Program Files\Common Files
2010-01-28 17:49:26 ----SHD---- C:\System Volume Information
2010-01-28 17:33:38 ----D---- C:\Users\EriksonSKS\AppData\Roaming\ICQ
2010-01-27 18:00:01 ----D---- C:\Program Files\Norton Security Scan
2010-01-27 16:06:51 ----D---- C:\ProgramData\Xfire
2010-01-26 02:39:39 ----D---- C:\Downloads
2010-01-23 22:48:00 ----D---- C:\temp
2010-01-23 00:58:54 ----RSD---- C:\Windows\assembly
2010-01-23 00:28:24 ----D---- C:\Program Files\EA SPORTS
2010-01-23 00:26:38 ----D---- C:\Program Files\Miranda IM
2010-01-23 00:07:00 ----D---- C:\Users\EriksonSKS\AppData\Roaming\LimeWire
2010-01-20 16:20:47 ----D---- C:\Games
2010-01-12 00:17:38 ----D---- C:\Windows\system32\catroot2
2010-01-09 13:00:54 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 22:59:46 ----D---- C:\Program Files\ICQ6.5
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2006-11-06 387432]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-03 24184]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-24 185744]
R2 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2007-12-05 97792]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-20 278728]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-20 25416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS [2006-11-06 79240]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS [2006-11-06 831880]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-24 50688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-03 245880]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-05-04 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-24 26384]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 aeommkn8;aeommkn8; C:\Windows\system32\drivers\aeommkn8.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-01-11 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-03 275576]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-25 107624]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-25 107624]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-25 107624]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1169232]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2008-12-19 2560]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-12-04 194240]
R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-20 46736]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-05-04 1174152]
S2 vvdsvc;VJVodClientServices; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-10-13 49296]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 182768]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-10-27 80552]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-12-04 2541248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Run by EriksonSKS at 2010-01-28 21:41:47
Microsoft® Windows Vista™ Home Basic
System drive C: has 18 GB (10%) free of 178 GB
Total RAM: 895 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:00, on 28.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\EriksonSKS\Documents\ICQ\221788228\ReceivedFiles\281663016 Bukva\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\EriksonSKS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 9677 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Norton Security Scan for EriksonSKS.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-12-07 96872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll [2009-07-09 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-15 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-13 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
GamesBarBHO Class - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23 565960]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-15 263280]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-10-25 107112]
"IS CfgWiz"=c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [2006-10-24 46728]
"osCheck"=c:\Program Files\Norton Internet Security\osCheck.exe [2006-10-27 22696]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-21 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Users\EriksonSKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6332d1-c2b4-11dc-92b8-0019db793667}]
shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af82bb8-0f49-11de-8ae8-806e6f6e6963}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af82d2a-0f49-11de-8ae8-0019db793667}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bffacd9-bffa-11dd-8b4e-0019db793667}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be23d1f7-9f34-11dc-b6e2-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd8e03d-a38b-11dc-ae92-cfe24bbf4198}]
shell\AutoRun\command - K:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-28 21:41:47 ----D---- C:\rsit
2010-01-28 21:24:37 ----D---- C:\Program Files\Trend Micro
2010-01-28 20:37:07 ----A---- C:\Windows\system32\lsdelete.exe
2010-01-28 19:12:36 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-28 19:11:54 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-23 01:26:13 ----D---- C:\Program Files\ProtectDisc Driver Installer
2010-01-23 01:26:05 ----D---- C:\Users\EriksonSKS\AppData\Roaming\ProtectDisc
2010-01-23 00:55:29 ----D---- C:\Program Files\RTL Biathlon 2009
2010-01-23 00:15:28 ----D---- C:\Users\EriksonSKS\AppData\Roaming\CometNetwork
2010-01-23 00:14:52 ----D---- C:\Program Files\CometBird
2010-01-23 00:13:36 ----D---- C:\Program Files\BitComet
2010-01-20 16:48:48 ----D---- C:\Program Files\RTL Biathlon 2008 (Demo)
2010-01-20 16:37:21 ----D---- C:\Program Files\Cyanide
======List of files/folders modified in the last 1 months======
2010-01-28 21:42:00 ----D---- C:\Windows\Prefetch
2010-01-28 21:41:22 ----D---- C:\Windows\Temp
2010-01-28 21:31:56 ----D---- C:\ProgramData\GamesBar
2010-01-28 21:24:37 ----RD---- C:\Program Files
2010-01-28 20:46:30 ----D---- C:\Windows\Tasks
2010-01-28 20:43:46 ----D---- C:\Users\EriksonSKS\AppData\Roaming\OpenOffice.org2
2010-01-28 20:43:10 ----D---- C:\Users\EriksonSKS\AppData\Roaming\Xfire
2010-01-28 20:39:44 ----D---- C:\Windows\system32\Tasks
2010-01-28 20:37:07 ----D---- C:\Windows\System32
2010-01-28 20:37:04 ----D---- C:\Program Files\iVideo
2010-01-28 20:37:04 ----D---- C:\Program Files\DAEMON Tools
2010-01-28 19:12:38 ----D---- C:\Windows\system32\catroot
2010-01-28 19:12:37 ----D---- C:\Windows\system32\drivers
2010-01-28 19:11:54 ----SHD---- C:\Windows\Installer
2010-01-28 19:11:54 ----HD---- C:\ProgramData
2010-01-28 19:10:42 ----D---- C:\Windows\winsxs
2010-01-28 17:51:17 ----D---- C:\Windows
2010-01-28 17:51:17 ----D---- C:\Program Files\Common Files
2010-01-28 17:49:26 ----SHD---- C:\System Volume Information
2010-01-28 17:33:38 ----D---- C:\Users\EriksonSKS\AppData\Roaming\ICQ
2010-01-27 18:00:01 ----D---- C:\Program Files\Norton Security Scan
2010-01-27 16:06:51 ----D---- C:\ProgramData\Xfire
2010-01-26 02:39:39 ----D---- C:\Downloads
2010-01-23 22:48:00 ----D---- C:\temp
2010-01-23 00:58:54 ----RSD---- C:\Windows\assembly
2010-01-23 00:28:24 ----D---- C:\Program Files\EA SPORTS
2010-01-23 00:26:38 ----D---- C:\Program Files\Miranda IM
2010-01-23 00:07:00 ----D---- C:\Users\EriksonSKS\AppData\Roaming\LimeWire
2010-01-20 16:20:47 ----D---- C:\Games
2010-01-12 00:17:38 ----D---- C:\Windows\system32\catroot2
2010-01-09 13:00:54 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 22:59:46 ----D---- C:\Program Files\ICQ6.5
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2006-11-06 387432]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-03 24184]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-24 185744]
R2 ACEDRV05;ACEDRV05; \??\C:\Windows\system32\drivers\ACEDRV05.sys [2007-12-05 97792]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-20 278728]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-20 25416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS [2006-11-06 79240]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS [2006-11-06 831880]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-24 50688]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-03 245880]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-05-04 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-24 26384]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 aeommkn8;aeommkn8; C:\Windows\system32\drivers\aeommkn8.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-01-11 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-03 275576]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-25 107624]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-25 107624]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-25 107624]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1169232]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2008-12-19 2560]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-12-04 194240]
R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-20 46736]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-05-04 1174152]
S2 vvdsvc;VJVodClientServices; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-10-13 49296]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 182768]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-10-27 80552]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-12-04 2541248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Kontrola logu
Zkusíme tam vypálit CF.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
inactive
-
nemm
Re: Kontrola logu
ComboFix 10-01-27.06 - EriksonSKS 28.01.2010 22:06:10.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.420.1029.18.895.378 [GMT 1:00]
Spuštěný z: c:\users\EriksonSKS\Documents\ICQ\221788228\ReceivedFiles\281663016 Bukva\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1339395189-2440761248-3863159198-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\program files\GamesBar\obERontb.dll
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-28 20:41 . 2010-01-28 20:42 -------- d-----w- C:\rsit
2010-01-28 20:24 . 2010-01-28 20:24 -------- d-----w- c:\program files\Trend Micro
2010-01-28 19:37 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-28 18:12 . 2010-01-28 18:12 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-28 18:12 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-28 18:11 . 2010-01-28 18:12 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-23 00:26 . 2010-01-23 00:26 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-01-23 00:26 . 2010-01-23 00:26 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\ProtectDisc
2010-01-22 23:55 . 2010-01-23 01:01 -------- d-----w- c:\program files\RTL Biathlon 2009
2010-01-22 23:15 . 2010-01-22 23:15 0 ----a-w- c:\windows\nsreg.dat
2010-01-22 23:15 . 2010-01-22 23:15 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\CometNetwork
2010-01-22 23:15 . 2010-01-22 23:15 -------- d-----w- c:\users\EriksonSKS\AppData\Local\CometNetwork
2010-01-22 23:14 . 2010-01-28 20:31 -------- d-----w- c:\program files\CometBird
2010-01-22 23:13 . 2010-01-28 20:31 -------- d-----w- c:\program files\BitComet
2010-01-20 15:49 . 2010-01-20 15:49 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-20 15:49 . 2010-01-20 15:49 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-20 15:48 . 2010-01-20 15:49 -------- d-----w- c:\program files\RTL Biathlon 2008 (Demo)
2010-01-20 15:37 . 2010-01-20 15:37 -------- d-----w- c:\program files\Cyanide
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 21:16 . 2009-07-15 11:48 -------- d-----w- c:\program files\ICQ6.5
2010-01-28 21:16 . 2008-12-24 22:49 -------- d-----w- c:\program files\GamesBar
2010-01-28 21:01 . 2008-12-19 01:31 825 --sha-w- c:\windows\system32\mmf.sys
2010-01-28 20:59 . 2008-01-11 08:25 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\ICQ
2010-01-28 20:31 . 2008-12-24 22:49 -------- d-----w- c:\programdata\GamesBar
2010-01-28 19:43 . 2008-01-01 21:46 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\OpenOffice.org2
2010-01-28 19:43 . 2008-01-11 18:35 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\Xfire
2010-01-28 19:37 . 2008-05-01 16:23 -------- d-----w- c:\program files\iVideo
2010-01-28 19:37 . 2007-12-05 23:44 -------- d-----w- c:\program files\DAEMON Tools
2010-01-27 17:00 . 2009-01-07 03:06 -------- d-----w- c:\program files\Norton Security Scan
2010-01-27 15:06 . 2010-01-27 15:06 6089632 ----a-w- c:\programdata\Xfire\120.exe
2010-01-27 15:06 . 2008-01-11 18:35 -------- d-----w- c:\programdata\Xfire
2010-01-23 00:26 . 2010-01-23 00:26 3150808 ----a-w- c:\users\EriksonSKS\AppData\Roaming\ProtectDisc\pe17ae3413.dll
2010-01-22 23:28 . 2007-11-30 13:53 -------- d-----w- c:\program files\EA SPORTS
2010-01-22 23:26 . 2008-07-09 09:54 -------- d-----w- c:\program files\Miranda IM
2010-01-22 23:07 . 2008-02-21 19:14 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\LimeWire
2010-01-22 03:09 . 2010-01-05 10:00 6022344 ----a-w- c:\programdata\Xfire\119.exe
2010-01-21 23:33 . 2009-11-26 18:36 439816 ----a-w- c:\users\EriksonSKS\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-16 17:32 . 2008-08-08 18:59 -------- d-----w- c:\program files\ParadisePokersks
2009-12-16 13:23 . 2009-12-12 02:10 -------- d-----w- c:\program files\bet-at-home.com Poker
2009-12-15 01:50 . 2009-12-15 01:50 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC7C5.tmp.exe
2009-12-12 02:26 . 2009-06-25 03:15 -------- d-----w- c:\programdata\Boss Media
2009-12-10 02:09 . 2009-12-10 02:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb49E2.tmp.exe
2009-12-09 21:09 . 2008-01-11 18:35 -------- d-----w- c:\program files\Xfire
2009-12-05 04:00 . 2008-01-20 20:06 680 ----a-w- c:\users\EriksonSKS\AppData\Local\d3d9caps.dat
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-27 02:36 . 2009-11-27 02:36 118784 ----a-w- c:\users\EriksonSKS\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-17 02:02 . 2007-11-30 11:31 80808 ----a-w- c:\users\EriksonSKS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-08 12:23 . 2007-01-08 21:10 81198 ----a-w- c:\windows\system32\perfc005.dat
2009-11-08 12:23 . 2007-01-08 21:10 473360 ----a-w- c:\windows\system32\perfh005.dat
2009-10-31 18:04 . 2009-10-21 20:25 5806968 ----a-w- c:\programdata\Xfire\116.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-21 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
c:\users\EriksonSKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-11-30 3181456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [28.1.2010 19:12 64288]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1169232]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.12.2007 0:41 685816]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [19.12.2008 2:31 2560]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [4.5.2007 17:28 202872]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]
2010-01-27 c:\windows\Tasks\Norton Security Scan for EriksonSKS.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\users\EriksonSKS\AppData\Roaming\Mozilla\Firefox\Profiles\7xsif8me.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\users\EriksonSKS\AppData\Roaming\Mozilla\Firefox\Profiles\7xsif8me.default\extensions\cctvplayer-plugin@www.cctv.com\plugins\npCCTVplayer.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:\program files\GamesBar\oberontb.dll
BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-F1 Challange KRC 2007_is1 - c:\program files\F1 Challange KRC 2007\unins000.exe
AddRemove-iVideo - c:\program files\iVideo\Uninstall.exe
AddRemove-Krteček_is1 - c:\program files\Krtecek_2_0\unins000.exe
AddRemove-Mat Hoffman's Pro BMX - c:\program files\Activision\Mat Hoffman's Pro BMX\MHPB.isu
AddRemove-Mp3 Knife_is1 - c:\program files\Mp3 Knife\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
AddRemove-{5A438E06-0BB3-4C5F-0085-B14F1F4077E6} - c:\program files\EA SPORTS\FIFA 07\EAUninstall.exe
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - c:\program files\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 22:17
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:47,6d,e8,b1,c6,c5,94,c0
"3"=hex:72,a3,9d,f1,b6,aa,20,13,fb,85,b4,e7,64,53,12,0c,5e,26,64,5e,79,5b,6d,
4c,5a,82,59,81,91,db,b2,3b,e4,98,b8,45,67,3e,ec,7b,85,99,6e,96,58,e2,ad,9a,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:9f,76,ea,b5,36,96,32,9b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Celkový čas: 2010-01-28 22:22:51
ComboFix-quarantined-files.txt 2010-01-28 21:22
Před spuštěním: Volných bajtů: 19 043 160 064
Po spuštění: Volných bajtů: 22 896 402 432
- - End Of File - - 4CF72F43E6F0CCA13B46CD501261D2DD
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.420.1029.18.895.378 [GMT 1:00]
Spuštěný z: c:\users\EriksonSKS\Documents\ICQ\221788228\ReceivedFiles\281663016 Bukva\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1339395189-2440761248-3863159198-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\program files\GamesBar\obERontb.dll
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-28 20:41 . 2010-01-28 20:42 -------- d-----w- C:\rsit
2010-01-28 20:24 . 2010-01-28 20:24 -------- d-----w- c:\program files\Trend Micro
2010-01-28 19:37 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-28 18:12 . 2010-01-28 18:12 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-28 18:12 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-28 18:11 . 2010-01-28 18:12 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-23 00:26 . 2010-01-23 00:26 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-01-23 00:26 . 2010-01-23 00:26 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\ProtectDisc
2010-01-22 23:55 . 2010-01-23 01:01 -------- d-----w- c:\program files\RTL Biathlon 2009
2010-01-22 23:15 . 2010-01-22 23:15 0 ----a-w- c:\windows\nsreg.dat
2010-01-22 23:15 . 2010-01-22 23:15 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\CometNetwork
2010-01-22 23:15 . 2010-01-22 23:15 -------- d-----w- c:\users\EriksonSKS\AppData\Local\CometNetwork
2010-01-22 23:14 . 2010-01-28 20:31 -------- d-----w- c:\program files\CometBird
2010-01-22 23:13 . 2010-01-28 20:31 -------- d-----w- c:\program files\BitComet
2010-01-20 15:49 . 2010-01-20 15:49 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-20 15:49 . 2010-01-20 15:49 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-20 15:48 . 2010-01-20 15:49 -------- d-----w- c:\program files\RTL Biathlon 2008 (Demo)
2010-01-20 15:37 . 2010-01-20 15:37 -------- d-----w- c:\program files\Cyanide
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 21:16 . 2009-07-15 11:48 -------- d-----w- c:\program files\ICQ6.5
2010-01-28 21:16 . 2008-12-24 22:49 -------- d-----w- c:\program files\GamesBar
2010-01-28 21:01 . 2008-12-19 01:31 825 --sha-w- c:\windows\system32\mmf.sys
2010-01-28 20:59 . 2008-01-11 08:25 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\ICQ
2010-01-28 20:31 . 2008-12-24 22:49 -------- d-----w- c:\programdata\GamesBar
2010-01-28 19:43 . 2008-01-01 21:46 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\OpenOffice.org2
2010-01-28 19:43 . 2008-01-11 18:35 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\Xfire
2010-01-28 19:37 . 2008-05-01 16:23 -------- d-----w- c:\program files\iVideo
2010-01-28 19:37 . 2007-12-05 23:44 -------- d-----w- c:\program files\DAEMON Tools
2010-01-27 17:00 . 2009-01-07 03:06 -------- d-----w- c:\program files\Norton Security Scan
2010-01-27 15:06 . 2010-01-27 15:06 6089632 ----a-w- c:\programdata\Xfire\120.exe
2010-01-27 15:06 . 2008-01-11 18:35 -------- d-----w- c:\programdata\Xfire
2010-01-23 00:26 . 2010-01-23 00:26 3150808 ----a-w- c:\users\EriksonSKS\AppData\Roaming\ProtectDisc\pe17ae3413.dll
2010-01-22 23:28 . 2007-11-30 13:53 -------- d-----w- c:\program files\EA SPORTS
2010-01-22 23:26 . 2008-07-09 09:54 -------- d-----w- c:\program files\Miranda IM
2010-01-22 23:07 . 2008-02-21 19:14 -------- d-----w- c:\users\EriksonSKS\AppData\Roaming\LimeWire
2010-01-22 03:09 . 2010-01-05 10:00 6022344 ----a-w- c:\programdata\Xfire\119.exe
2010-01-21 23:33 . 2009-11-26 18:36 439816 ----a-w- c:\users\EriksonSKS\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-16 17:32 . 2008-08-08 18:59 -------- d-----w- c:\program files\ParadisePokersks
2009-12-16 13:23 . 2009-12-12 02:10 -------- d-----w- c:\program files\bet-at-home.com Poker
2009-12-15 01:50 . 2009-12-15 01:50 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC7C5.tmp.exe
2009-12-12 02:26 . 2009-06-25 03:15 -------- d-----w- c:\programdata\Boss Media
2009-12-10 02:09 . 2009-12-10 02:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb49E2.tmp.exe
2009-12-09 21:09 . 2008-01-11 18:35 -------- d-----w- c:\program files\Xfire
2009-12-05 04:00 . 2008-01-20 20:06 680 ----a-w- c:\users\EriksonSKS\AppData\Local\d3d9caps.dat
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-27 02:36 . 2009-11-27 02:36 118784 ----a-w- c:\users\EriksonSKS\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-17 02:02 . 2007-11-30 11:31 80808 ----a-w- c:\users\EriksonSKS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-08 12:23 . 2007-01-08 21:10 81198 ----a-w- c:\windows\system32\perfc005.dat
2009-11-08 12:23 . 2007-01-08 21:10 473360 ----a-w- c:\windows\system32\perfh005.dat
2009-10-31 18:04 . 2009-10-21 20:25 5806968 ----a-w- c:\programdata\Xfire\116.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-21 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
c:\users\EriksonSKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-6-8 393216]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-11-30 3181456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [28.1.2010 19:12 64288]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1169232]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.12.2007 0:41 685816]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [19.12.2008 2:31 2560]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [4.5.2007 17:28 202872]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]
2010-01-27 c:\windows\Tasks\Norton Security Scan for EriksonSKS.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\users\EriksonSKS\AppData\Roaming\Mozilla\Firefox\Profiles\7xsif8me.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\users\EriksonSKS\AppData\Roaming\Mozilla\Firefox\Profiles\7xsif8me.default\extensions\cctvplayer-plugin@www.cctv.com\plugins\npCCTVplayer.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:\program files\GamesBar\oberontb.dll
BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-F1 Challange KRC 2007_is1 - c:\program files\F1 Challange KRC 2007\unins000.exe
AddRemove-iVideo - c:\program files\iVideo\Uninstall.exe
AddRemove-Krteček_is1 - c:\program files\Krtecek_2_0\unins000.exe
AddRemove-Mat Hoffman's Pro BMX - c:\program files\Activision\Mat Hoffman's Pro BMX\MHPB.isu
AddRemove-Mp3 Knife_is1 - c:\program files\Mp3 Knife\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
AddRemove-{5A438E06-0BB3-4C5F-0085-B14F1F4077E6} - c:\program files\EA SPORTS\FIFA 07\EAUninstall.exe
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - c:\program files\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 22:17
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:47,6d,e8,b1,c6,c5,94,c0
"3"=hex:72,a3,9d,f1,b6,aa,20,13,fb,85,b4,e7,64,53,12,0c,5e,26,64,5e,79,5b,6d,
4c,5a,82,59,81,91,db,b2,3b,e4,98,b8,45,67,3e,ec,7b,85,99,6e,96,58,e2,ad,9a,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:9f,76,ea,b5,36,96,32,9b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Celkový čas: 2010-01-28 22:22:51
ComboFix-quarantined-files.txt 2010-01-28 21:22
Před spuštěním: Volných bajtů: 19 043 160 064
Po spuštění: Volných bajtů: 22 896 402 432
- - End Of File - - 4CF72F43E6F0CCA13B46CD501261D2DD
-
nemm
Re: Kontrola logu
Vypada to ze prohlizec uz zase jde a dokonce uz nevyskakujou zadny okna, parada.
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Kontrola logu
Ano, ComboFix smazal tzv. adware - to jsou ty reklamy apod.
Ještě to ale není vše. Dočistíme to.
Ještě to ale není vše. Dočistíme to.
inactive
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Kontrola logu
Jdeme dál. 
Před následujícím postupem zapojte do PC všechny flash disky, mp3 přehrávače aj.
~~~
Otevřete si Poznámkový blok a vkopírujte do něj
uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (musí být na Ploše) a pusťte (vizte obrázek).
ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem vložte log, který na Vás po dočistění vybafne.
~~~
Stáhněte MbAM a postupujte podle popisu. Zatím nic nemažte, MbAM má občas falešné detekce.
Potom mi sem vložte log.
Před následujícím postupem zapojte do PC všechny flash disky, mp3 přehrávače aj.
~~~
Otevřete si Poznámkový blok a vkopírujte do něj
Kód: Vybrat vše
KillAll::
File::
c:\users\EriksonSKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6332d1-c2b4-11dc-92b8-0019db793667}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af82bb8-0f49-11de-8ae8-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af82d2a-0f49-11de-8ae8-0019db793667}]
RegLock::
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
Extra::
DDS::
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FireFox::
FF - ProfilePath - c:\users\EriksonSKS\AppData\Roaming\Mozilla\Firefox\Profiles\7xsif8me.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
Reboot::ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem vložte log, který na Vás po dočistění vybafne.
~~~
Stáhněte MbAM a postupujte podle popisu. Zatím nic nemažte, MbAM má občas falešné detekce.
Potom mi sem vložte log.
inactive
Přispějete na provoz fóra?