Ahoj, newím co se stalo s mím pc ale totálně se zpomalil dřív běhal jak gepard a ted je pomalejší než želví varlata.
Botovací obrazovka windows trvá cca 5 minut dalších 5 minut než se přepne z černého okna do modrého(Spouštění windowsu) Načtení avasta trvá taky sakra dlouho a to nemluvím o "chkdsk" 2. fáze trvá tak 30minut? =)
I když rychle jezdím myší po obrazovce tak se myš drbe.
Prosím o kontrolu logu a o radu děkuji.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:46:42, on 5.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\Program Files\NetLimiter 3\nlsvc.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ALCWZRD.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
--
End of file - 7227 bytes
Totálně zpomalený počítač pomalejší než želva Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Totálně zpomalený počítač pomalejší než želva
Tak tos ještě neviděl můj internet. To je vrchol pomalosti
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
Tak to asi nepujde hele =) Čekal sem 15 minut a combofix stihhl zatim jen vytvořit bod obnovení :(( Nwš co ted ? :)
-
defender3
- Level 2
- Příspěvky: 174
- Registrován: listopad 10
- Bydliště: Windows 7 Ultimate x64
- Pohlaví:
- Stav:
Offline
Re: Totálně zpomalený počítač pomalejší než želva
Na starym PC jsem měl problém obdobný, zkus to prostě nechat min. hodinu.
CPU : Intel Core 2 Quad Q9000 2.0 GHz , 1066 MHz FSB ; GK : NVIDIA GeForce GT240M 1024 MB ; HDD : 500 GB ; RAM : 4 ( 2+2 ) GB DDR2 1066 MHz ; OS : Microsoft Windows 7 Ultimate x64 ; MOUSE : Logitech MX518 ; SPEAKERS : Creative fatal1ty HS - 800 ; MOUSEPADS : SteelSeries QcK a RAZER Vespula
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
Nechám to na zejtra až pujdu do školy xDD
nU ale tuten počítač je max 2 roky starej. Os 1 měsíc starej xDDD
nU ale tuten počítač je max 2 roky starej. Os 1 měsíc starej xDDD
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
ComboFix 10-12-04.02 - FckBoy 05.12.2010 21:29:37.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1588 [GMT 1:00]
Spuštěný z: d:\documents and settings\FckBoy\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Data aplikací\hpeFC.dll
d:\windows\daemon.dll
d:\windows\system32\msvcsv60.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-05 18:17 . 2010-12-05 18:17 -------- d-----w- d:\documents and settings\All Users\Data aplikací\IObit
2010-12-03 09:43 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F5A9277F-20A9-45BE-99F2-F6F43E0AF12C}\mpengine.dll
2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- d:\program files\Driver-Genius
2010-12-02 13:05 . 2010-12-02 13:15 -------- d-----w- d:\program files\Excelsior Installer
2010-12-02 12:20 . 2010-12-02 12:20 -------- d-----w- d:\program files\Install Wizard
2010-12-02 11:48 . 2010-12-02 13:16 -------- d-----w- d:\program files\Driver-Soft
2010-11-29 14:56 . 2010-11-29 14:56 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172
2010-11-29 14:55 . 2010-11-29 14:55 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764
2010-11-29 14:35 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp169.tmp
2010-11-29 14:35 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp168.tmp
2010-11-29 14:32 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp154.tmp
2010-11-29 14:32 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp153.tmp
2010-11-28 16:03 . 2010-11-28 16:03 -------- d--h--r- d:\documents and settings\FckBoy\Data aplikací\SecuROM
2010-11-26 22:08 . 2010-11-30 15:52 -------- d-----w- d:\program files\Sonik Synth 2
2010-11-26 20:59 . 2010-11-29 14:35 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2010-11-26 20:59 . 2010-11-29 14:35 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2010-11-26 20:59 . 2010-11-26 20:59 -------- d-----w- d:\program files\OpenAL
2010-11-26 19:49 . 2010-11-26 19:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\KONAMI
2010-11-24 16:39 . 2010-11-24 17:30 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\FreeFixer
2010-11-24 16:39 . 2010-11-24 16:39 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\FreeFixer
2010-11-23 16:22 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2010-11-23 16:12 . 2010-11-23 16:12 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\LucasArts
2010-11-22 21:08 . 2009-06-08 14:33 8676883 ----a-w- d:\windows\system32\mp3Media2.dll
2010-11-22 21:08 . 2010-11-22 21:08 -------- d-----w- d:\program files\Smallvideosoft
2010-11-22 20:48 . 2010-11-22 20:56 -------- d-----w- d:\program files\Free Screen Recorder
2010-11-21 20:19 . 2010-11-21 20:19 -------- d-----w- d:\program files\FLV To 3GP
2010-11-21 20:03 . 2010-11-26 22:31 -------- d-----w- d:\documents and settings\FckBoy\dwhelper
2010-11-21 14:32 . 2010-11-21 14:32 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Aspyr
2010-11-20 23:39 . 2010-11-20 23:39 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\ComodoGroup
2010-11-20 23:14 . 2010-11-20 23:14 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\GetRightToGo
2010-11-20 22:55 . 2010-11-20 22:55 -------- d-----w- d:\documents and settings\FckBoy\Data aplikacíComodoGroup
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Šablony
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\program files\ASIO4ALL v2
2010-11-20 16:08 . 2006-06-20 08:56 225280 ----a-w- d:\windows\system32\rewire.dll
2010-11-20 16:08 . 2010-11-20 16:09 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\OpenCandy
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\OpenCandy
2010-11-20 16:08 . 2009-08-02 20:09 1554944 ----a-w- d:\windows\system32\vorbis.acm
2010-11-20 16:07 . 2010-11-20 16:07 -------- d-----w- d:\program files\Outsim
2010-11-19 19:17 . 2010-11-20 16:07 -------- d-----w- d:\program files\Image-Line
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\good
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\bad
2010-11-17 21:38 . 2010-12-05 18:47 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\TSVNCache
2010-11-17 21:13 . 2010-11-17 21:13 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\GHISLER
2010-11-17 20:42 . 2010-12-01 21:48 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\WMTools Downloaded Files
2010-11-16 22:39 . 2010-11-16 22:40 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\PSpad
2010-11-16 22:03 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\X-ray Anti-Cheat
2010-11-16 22:02 . 2010-11-16 22:02 -------- d-----w- d:\program files\X-ray Anti-Cheat
2010-11-16 21:46 . 2010-12-03 07:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Temp
2010-11-16 21:46 . 2010-11-17 20:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Google
2010-11-15 18:37 . 2003-09-03 01:28 724992 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-11-15 18:37 . 2003-09-03 01:27 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-11-15 18:37 . 2003-09-03 01:26 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-11-15 18:37 . 2003-09-03 01:26 192512 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-11-15 18:37 . 2003-09-03 01:25 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-11-15 18:37 . 2010-11-15 18:37 311428 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2010-11-15 18:37 . 2010-11-15 18:37 184452 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2010-11-15 17:30 . 2010-11-15 17:30 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\program files\NetLimiter 3
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Subversion
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\Common Files\TortoiseOverlays
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\TortoiseSVN
2010-11-13 22:43 . 2010-11-13 22:43 -------- d-----w- d:\program files\Sun
2010-11-13 22:29 . 2010-11-13 22:29 -------- d-----w- d:\program files\MySQL
2010-11-10 20:59 . 2010-11-10 20:59 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Apple Computer
2010-11-07 16:11 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\TeamViewer
2010-11-06 20:45 . 2010-11-06 20:45 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Nvu
2010-11-06 16:31 . 2010-11-17 20:32 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Sony Ericsson
2010-11-06 16:31 . 2010-11-06 16:31 -------- d-----w- d:\documents and settings\All Users\Data aplikací\BVRP Software
2010-11-06 16:30 . 2008-01-09 10:28 27632 ----a-w- d:\windows\system32\drivers\seehcri.sys
2010-11-06 16:29 . 2010-11-06 16:29 -------- d-----w- d:\program files\Sony Ericsson
2010-11-06 16:29 . 2010-11-06 16:29 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Sony Ericsson
2010-11-06 16:22 . 2010-11-06 16:22 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Carambis
2010-11-06 14:44 . 2010-11-06 14:44 -------- d-----w- d:\windows\Sun
2010-11-06 13:19 . 2010-11-06 13:19 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Nero
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-10-16 08:41 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2010-10-16 08:41 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-10-14 11:23 . 2010-10-14 11:23 388096 ----a-r- d:\documents and settings\FckBoy\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:07 . 2010-10-14 11:07 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-10-14 11:07 . 2010-10-14 06:56 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-10-14 06:39 . 2010-10-14 06:39 737280 ----a-w- d:\windows\iun6002.exe
2010-10-14 06:30 . 2010-10-14 06:30 294912 ----a-w- d:\windows\HideWin.exe
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2002-09-23 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:52 . 2002-09-23 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2002-09-23 12:00 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-10-17 07:20 38848 ----a-w- d:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-17 07:20 167592 ----a-w- d:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-17 07:20 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-17 07:21 165584 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-17 07:20 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-17 07:20 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-10-17 07:20 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-10-17 07:21 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-10-17 07:20 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . d:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2408144]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-10-14 328056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2010-07-13 90112]
"AlcWzrd"="ALCWZRD.EXE" [2010-07-13 2806272]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- d:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-29 14:33 1242448 ----a-w- c:\hry\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Metin2_CZ\\METIN2starter.exe"=
"d:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ValveV\\hlds.exe"=
"c:\\Program Files\\ValveV\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hry\\Pro Evolution Soccer 2011\\PES2011.exe"=
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [18.10.2010 16:08 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [18.10.2010 16:08 5248]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.10.2010 8:21 165584]
R1 nltdi;nltdi;d:\program files\NetLimiter 3\nltdi.sys [25.5.2010 18:56 5281672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.10.2010 8:21 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;d:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [6.11.2010 17:30 27632]
S0 CFRMD;CFRMD;d:\windows\system32\drivers\CFRMD.sys --> d:\windows\system32\drivers\CFRMD.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;d:\windows\system32\VCdRom.sys [15.10.2010 22:07 8576]
S2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.11.2010 17:29 90112]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 NLNdisMP;NLNdisMP;d:\windows\system32\DRIVERS\nlndis.sys --> d:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;d:\windows\system32\DRIVERS\nlndis.sys --> d:\windows\system32\DRIVERS\nlndis.sys [?]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys --> d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [6.11.2010 17:29 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [6.11.2010 17:30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [6.11.2010 17:30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [6.11.2010 17:30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [6.11.2010 17:30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [6.11.2010 17:30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [6.11.2010 17:30 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 XDva359;XDva359;\??\d:\windows\system32\XDva359.sys --> d:\windows\system32\XDva359.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-23 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-05 d:\windows\Tasks\AWC AutoSweep.job
- d:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-21 13:11]
2010-11-29 d:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 14:41]
2010-12-05 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-12-05 d:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-12-05 17:08]
2010-12-05 d:\windows\Tasks\User_Feed_Synchronization-{0E79A70E-5D86-4D99-8BAE-D56E00DD0395}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 21:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(616)
d:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-05 21:38:53
ComboFix-quarantined-files.txt 2010-12-05 20:38
Před spuštěním: 5 618 995 200
Po spuštění: 5 622 710 272
- - End Of File - - BB8EDA7D028D750742867A8E5C07D052
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1588 [GMT 1:00]
Spuštěný z: d:\documents and settings\FckBoy\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Data aplikací\hpeFC.dll
d:\windows\daemon.dll
d:\windows\system32\msvcsv60.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.
2010-12-05 18:17 . 2010-12-05 18:17 -------- d-----w- d:\documents and settings\All Users\Data aplikací\IObit
2010-12-03 09:43 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F5A9277F-20A9-45BE-99F2-F6F43E0AF12C}\mpengine.dll
2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- d:\program files\Driver-Genius
2010-12-02 13:05 . 2010-12-02 13:15 -------- d-----w- d:\program files\Excelsior Installer
2010-12-02 12:20 . 2010-12-02 12:20 -------- d-----w- d:\program files\Install Wizard
2010-12-02 11:48 . 2010-12-02 13:16 -------- d-----w- d:\program files\Driver-Soft
2010-11-29 14:56 . 2010-11-29 14:56 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172
2010-11-29 14:55 . 2010-11-29 14:55 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764
2010-11-29 14:35 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp169.tmp
2010-11-29 14:35 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp168.tmp
2010-11-29 14:32 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp154.tmp
2010-11-29 14:32 . 2010-01-15 00:20 809496 ----a-r- d:\windows\system32\tmp153.tmp
2010-11-28 16:03 . 2010-11-28 16:03 -------- d--h--r- d:\documents and settings\FckBoy\Data aplikací\SecuROM
2010-11-26 22:08 . 2010-11-30 15:52 -------- d-----w- d:\program files\Sonik Synth 2
2010-11-26 20:59 . 2010-11-29 14:35 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2010-11-26 20:59 . 2010-11-29 14:35 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2010-11-26 20:59 . 2010-11-26 20:59 -------- d-----w- d:\program files\OpenAL
2010-11-26 19:49 . 2010-11-26 19:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\KONAMI
2010-11-24 16:39 . 2010-11-24 17:30 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\FreeFixer
2010-11-24 16:39 . 2010-11-24 16:39 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\FreeFixer
2010-11-23 16:22 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2010-11-23 16:12 . 2010-11-23 16:12 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\LucasArts
2010-11-22 21:08 . 2009-06-08 14:33 8676883 ----a-w- d:\windows\system32\mp3Media2.dll
2010-11-22 21:08 . 2010-11-22 21:08 -------- d-----w- d:\program files\Smallvideosoft
2010-11-22 20:48 . 2010-11-22 20:56 -------- d-----w- d:\program files\Free Screen Recorder
2010-11-21 20:19 . 2010-11-21 20:19 -------- d-----w- d:\program files\FLV To 3GP
2010-11-21 20:03 . 2010-11-26 22:31 -------- d-----w- d:\documents and settings\FckBoy\dwhelper
2010-11-21 14:32 . 2010-11-21 14:32 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Aspyr
2010-11-20 23:39 . 2010-11-20 23:39 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\ComodoGroup
2010-11-20 23:14 . 2010-11-20 23:14 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\GetRightToGo
2010-11-20 22:55 . 2010-11-20 22:55 -------- d-----w- d:\documents and settings\FckBoy\Data aplikacíComodoGroup
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Šablony
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\program files\ASIO4ALL v2
2010-11-20 16:08 . 2006-06-20 08:56 225280 ----a-w- d:\windows\system32\rewire.dll
2010-11-20 16:08 . 2010-11-20 16:09 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\OpenCandy
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\OpenCandy
2010-11-20 16:08 . 2009-08-02 20:09 1554944 ----a-w- d:\windows\system32\vorbis.acm
2010-11-20 16:07 . 2010-11-20 16:07 -------- d-----w- d:\program files\Outsim
2010-11-19 19:17 . 2010-11-20 16:07 -------- d-----w- d:\program files\Image-Line
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\good
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\bad
2010-11-17 21:38 . 2010-12-05 18:47 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\TSVNCache
2010-11-17 21:13 . 2010-11-17 21:13 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\GHISLER
2010-11-17 20:42 . 2010-12-01 21:48 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\WMTools Downloaded Files
2010-11-16 22:39 . 2010-11-16 22:40 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\PSpad
2010-11-16 22:03 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\X-ray Anti-Cheat
2010-11-16 22:02 . 2010-11-16 22:02 -------- d-----w- d:\program files\X-ray Anti-Cheat
2010-11-16 21:46 . 2010-12-03 07:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Temp
2010-11-16 21:46 . 2010-11-17 20:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Google
2010-11-15 18:37 . 2003-09-03 01:28 724992 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-11-15 18:37 . 2003-09-03 01:27 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-11-15 18:37 . 2003-09-03 01:26 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-11-15 18:37 . 2003-09-03 01:26 192512 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-11-15 18:37 . 2003-09-03 01:25 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-11-15 18:37 . 2010-11-15 18:37 311428 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2010-11-15 18:37 . 2010-11-15 18:37 184452 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2010-11-15 17:30 . 2010-11-15 17:30 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\program files\NetLimiter 3
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Subversion
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\Common Files\TortoiseOverlays
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\TortoiseSVN
2010-11-13 22:43 . 2010-11-13 22:43 -------- d-----w- d:\program files\Sun
2010-11-13 22:29 . 2010-11-13 22:29 -------- d-----w- d:\program files\MySQL
2010-11-10 20:59 . 2010-11-10 20:59 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Apple Computer
2010-11-07 16:11 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\TeamViewer
2010-11-06 20:45 . 2010-11-06 20:45 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Nvu
2010-11-06 16:31 . 2010-11-17 20:32 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Sony Ericsson
2010-11-06 16:31 . 2010-11-06 16:31 -------- d-----w- d:\documents and settings\All Users\Data aplikací\BVRP Software
2010-11-06 16:30 . 2008-01-09 10:28 27632 ----a-w- d:\windows\system32\drivers\seehcri.sys
2010-11-06 16:29 . 2010-11-06 16:29 -------- d-----w- d:\program files\Sony Ericsson
2010-11-06 16:29 . 2010-11-06 16:29 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Sony Ericsson
2010-11-06 16:22 . 2010-11-06 16:22 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Carambis
2010-11-06 14:44 . 2010-11-06 14:44 -------- d-----w- d:\windows\Sun
2010-11-06 13:19 . 2010-11-06 13:19 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Nero
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-10-16 08:41 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2010-10-16 08:41 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-10-14 11:23 . 2010-10-14 11:23 388096 ----a-r- d:\documents and settings\FckBoy\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:07 . 2010-10-14 11:07 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-10-14 11:07 . 2010-10-14 06:56 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-10-14 06:39 . 2010-10-14 06:39 737280 ----a-w- d:\windows\iun6002.exe
2010-10-14 06:30 . 2010-10-14 06:30 294912 ----a-w- d:\windows\HideWin.exe
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2002-09-23 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:52 . 2002-09-23 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2002-09-23 12:00 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-10-17 07:20 38848 ----a-w- d:\windows\avastSS.scr
2010-09-07 15:11 . 2010-10-17 07:20 167592 ----a-w- d:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-10-17 07:20 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-10-17 07:21 165584 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-10-17 07:20 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-10-17 07:20 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-10-17 07:20 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-10-17 07:21 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-10-17 07:20 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . d:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2408144]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-10-14 328056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2010-07-13 90112]
"AlcWzrd"="ALCWZRD.EXE" [2010-07-13 2806272]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- d:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-29 14:33 1242448 ----a-w- c:\hry\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Metin2_CZ\\METIN2starter.exe"=
"d:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ValveV\\hlds.exe"=
"c:\\Program Files\\ValveV\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hry\\Pro Evolution Soccer 2011\\PES2011.exe"=
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [18.10.2010 16:08 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [18.10.2010 16:08 5248]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.10.2010 8:21 165584]
R1 nltdi;nltdi;d:\program files\NetLimiter 3\nltdi.sys [25.5.2010 18:56 5281672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.10.2010 8:21 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;d:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [6.11.2010 17:30 27632]
S0 CFRMD;CFRMD;d:\windows\system32\drivers\CFRMD.sys --> d:\windows\system32\drivers\CFRMD.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;d:\windows\system32\VCdRom.sys [15.10.2010 22:07 8576]
S2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.11.2010 17:29 90112]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 NLNdisMP;NLNdisMP;d:\windows\system32\DRIVERS\nlndis.sys --> d:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;d:\windows\system32\DRIVERS\nlndis.sys --> d:\windows\system32\DRIVERS\nlndis.sys [?]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys --> d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [6.11.2010 17:29 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [6.11.2010 17:30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [6.11.2010 17:30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [6.11.2010 17:30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [6.11.2010 17:30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [6.11.2010 17:30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [6.11.2010 17:30 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 XDva359;XDva359;\??\d:\windows\system32\XDva359.sys --> d:\windows\system32\XDva359.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-23 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-05 d:\windows\Tasks\AWC AutoSweep.job
- d:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-21 13:11]
2010-11-29 d:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 14:41]
2010-12-05 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-12-05 d:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-12-05 17:08]
2010-12-05 d:\windows\Tasks\User_Feed_Synchronization-{0E79A70E-5D86-4D99-8BAE-D56E00DD0395}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 21:36
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(616)
d:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-12-05 21:38:53
ComboFix-quarantined-files.txt 2010-12-05 20:38
Před spuštěním: 5 618 995 200
Po spuštění: 5 622 710 272
- - End Of File - - BB8EDA7D028D750742867A8E5C07D052
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Totálně zpomalený počítač pomalejší než želva
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Toto otestuj na Virustotal
d:\windows\HideWin.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
d:\windows\system32\tmp169.tmp
d:\windows\system32\tmp168.tmp
d:\windows\system32\tmp154.tmp
d:\windows\system32\tmp153.tmp
d:\windows\iun6002.exe
d:\windows\system32\drivers\CFRMD.sys
d:\windows\system32\DRIVERS\nlndis.sys
d:\windows\system32\DRIVERS\nlndis.sys
d:\windows\system32\GameMon.des -service
d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys
d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
d:\windows\system32\XDva359.sys
DirLook::
d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172
d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764
Driver::
CFRMD
NLNdisMP
NLNdisPT
npggsvc
NTProcDrv
WPFFontCache_v0400
XDva359
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"=-
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Toto otestuj na Virustotal
d:\windows\HideWin.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
http://www.virustotal.com/file-scan/rep ... 1291649997 =)) Combofix už na to jdu =))
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
ComboFix 10-12-04.06 - FckBoy 06.12.2010 17:25:25.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1593 [GMT 1:00]
Spuštěný z: d:\documents and settings\FckBoy\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\FckBoy\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys"
"d:\windows\iun6002.exe"
"d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
"d:\windows\system32\drivers\CFRMD.sys"
"d:\windows\system32\DRIVERS\nlndis.sys"
"d:\windows\system32\GameMon.des -service"
"d:\windows\system32\tmp153.tmp"
"d:\windows\system32\tmp154.tmp"
"d:\windows\system32\tmp168.tmp"
"d:\windows\system32\tmp169.tmp"
"d:\windows\system32\XDva359.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\iun6002.exe
d:\windows\system32\tmp153.tmp
d:\windows\system32\tmp154.tmp
d:\windows\system32\tmp168.tmp
d:\windows\system32\tmp169.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTPROCDRV
-------\Legacy_XDVA359
-------\Service_CFRMD
-------\Service_NLNdisMP
-------\Service_NLNdisPT
-------\Service_npggsvc
-------\Service_NTProcDrv
-------\Service_WPFFontCache_v0400
-------\Service_XDva359
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.
2010-12-05 18:17 . 2010-12-05 18:17 -------- d-----w- d:\documents and settings\All Users\Data aplikací\IObit
2010-12-03 09:43 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F5A9277F-20A9-45BE-99F2-F6F43E0AF12C}\mpengine.dll
2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- d:\program files\Driver-Genius
2010-12-02 13:05 . 2010-12-02 13:15 -------- d-----w- d:\program files\Excelsior Installer
2010-12-02 12:20 . 2010-12-02 12:20 -------- d-----w- d:\program files\Install Wizard
2010-12-02 11:48 . 2010-12-02 13:16 -------- d-----w- d:\program files\Driver-Soft
2010-11-29 14:56 . 2010-11-29 14:56 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172
2010-11-29 14:55 . 2010-11-29 14:55 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764
2010-11-28 16:03 . 2010-11-28 16:03 -------- d--h--r- d:\documents and settings\FckBoy\Data aplikací\SecuROM
2010-11-26 22:08 . 2010-11-30 15:52 -------- d-----w- d:\program files\Sonik Synth 2
2010-11-26 20:59 . 2010-11-29 14:35 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2010-11-26 20:59 . 2010-11-29 14:35 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2010-11-26 20:59 . 2010-11-26 20:59 -------- d-----w- d:\program files\OpenAL
2010-11-26 19:49 . 2010-11-26 19:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\KONAMI
2010-11-24 16:39 . 2010-11-24 17:30 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\FreeFixer
2010-11-24 16:39 . 2010-11-24 16:39 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\FreeFixer
2010-11-23 16:22 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2010-11-23 16:12 . 2010-11-23 16:12 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\LucasArts
2010-11-22 21:08 . 2009-06-08 14:33 8676883 ----a-w- d:\windows\system32\mp3Media2.dll
2010-11-22 21:08 . 2010-11-22 21:08 -------- d-----w- d:\program files\Smallvideosoft
2010-11-22 20:48 . 2010-11-22 20:56 -------- d-----w- d:\program files\Free Screen Recorder
2010-11-21 20:19 . 2010-11-21 20:19 -------- d-----w- d:\program files\FLV To 3GP
2010-11-21 20:03 . 2010-11-26 22:31 -------- d-----w- d:\documents and settings\FckBoy\dwhelper
2010-11-21 14:32 . 2010-11-21 14:32 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Aspyr
2010-11-20 23:39 . 2010-11-20 23:39 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\ComodoGroup
2010-11-20 23:14 . 2010-11-20 23:14 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\GetRightToGo
2010-11-20 22:55 . 2010-11-20 22:55 -------- d-----w- d:\documents and settings\FckBoy\Data aplikacíComodoGroup
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Šablony
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\program files\ASIO4ALL v2
2010-11-20 16:08 . 2006-06-20 08:56 225280 ----a-w- d:\windows\system32\rewire.dll
2010-11-20 16:08 . 2010-11-20 16:09 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\OpenCandy
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\OpenCandy
2010-11-20 16:08 . 2009-08-02 20:09 1554944 ----a-w- d:\windows\system32\vorbis.acm
2010-11-20 16:07 . 2010-11-20 16:07 -------- d-----w- d:\program files\Outsim
2010-11-19 19:17 . 2010-11-20 16:07 -------- d-----w- d:\program files\Image-Line
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\good
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\bad
2010-11-17 21:38 . 2010-12-06 16:35 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\TSVNCache
2010-11-17 21:13 . 2010-11-17 21:13 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\GHISLER
2010-11-17 20:42 . 2010-12-01 21:48 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\WMTools Downloaded Files
2010-11-16 22:39 . 2010-11-16 22:40 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\PSpad
2010-11-16 22:03 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\X-ray Anti-Cheat
2010-11-16 22:02 . 2010-11-16 22:02 -------- d-----w- d:\program files\X-ray Anti-Cheat
2010-11-16 21:46 . 2010-12-03 07:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Temp
2010-11-16 21:46 . 2010-11-17 20:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Google
2010-11-15 18:37 . 2003-09-03 01:28 724992 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-11-15 18:37 . 2003-09-03 01:27 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-11-15 18:37 . 2003-09-03 01:26 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-11-15 18:37 . 2003-09-03 01:26 192512 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-11-15 18:37 . 2003-09-03 01:25 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-11-15 18:37 . 2010-11-15 18:37 311428 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2010-11-15 18:37 . 2010-11-15 18:37 184452 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2010-11-15 17:30 . 2010-11-15 17:30 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\program files\NetLimiter 3
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Subversion
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\Common Files\TortoiseOverlays
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\TortoiseSVN
2010-11-13 22:43 . 2010-11-13 22:43 -------- d-----w- d:\program files\Sun
2010-11-13 22:29 . 2010-11-13 22:29 -------- d-----w- d:\program files\MySQL
2010-11-10 20:59 . 2010-11-10 20:59 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Apple Computer
2010-11-07 16:11 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\TeamViewer
2010-11-06 20:45 . 2010-11-06 20:45 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-10-16 08:41 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2010-10-16 08:41 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-10-14 11:23 . 2010-10-14 11:23 388096 ----a-r- d:\documents and settings\FckBoy\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:07 . 2010-10-14 11:07 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-10-14 11:07 . 2010-10-14 06:56 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-10-14 06:30 . 2010-10-14 06:30 294912 ----a-w- d:\windows\HideWin.exe
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2002-09-23 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:52 . 2002-09-23 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2002-09-23 12:00 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764 ----
---- Directory of d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172 ----
2010-11-29 15:11 . 2010-11-29 14:56 12013 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\AA2B7BFFEBE12E0C05A8E77F7C429F100BB74D84
2010-11-29 15:11 . 2010-11-29 14:56 16132 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\F67043BB18F2C1D8813D47065A3C901B1650B06D
2010-11-29 15:11 . 2010-11-29 14:56 17129 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\DE27460594C2DD491DF10F860ABD6C8B23A8D38E
2010-11-29 15:11 . 2010-11-29 14:56 887 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\38430DB26C078E979CB22707A2DC118C9CEC798F
2010-11-29 15:11 . 2010-11-29 14:56 725 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\47E774B3B7F680DA43C70D71189861A229C74BDB
2010-11-29 15:11 . 2010-11-29 14:56 886 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\CE42E11B055B1B104D5E5A09B5EB705D4D66F151
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . d:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2408144]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-10-14 328056]
"Meebo Notifier"="d:\documents and settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2010-07-13 90112]
"AlcWzrd"="ALCWZRD.EXE" [2010-07-13 2806272]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- d:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-29 14:33 1242448 ----a-w- c:\hry\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Metin2_CZ\\METIN2starter.exe"=
"d:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ValveV\\hlds.exe"=
"c:\\Program Files\\ValveV\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hry\\Pro Evolution Soccer 2011\\PES2011.exe"=
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [18.10.2010 16:08 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [18.10.2010 16:08 5248]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.10.2010 8:21 165584]
R1 nltdi;nltdi;d:\program files\NetLimiter 3\nltdi.sys [25.5.2010 18:56 5281672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.10.2010 8:21 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;d:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.11.2010 17:29 90112]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [6.11.2010 17:30 27632]
S1 vcdrom;Virtual CD-ROM Device Driver;d:\windows\system32\VCdRom.sys [15.10.2010 22:07 8576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [6.11.2010 17:29 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [6.11.2010 17:30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [6.11.2010 17:30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [6.11.2010 17:30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [6.11.2010 17:30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [6.11.2010 17:30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [6.11.2010 17:30 115752]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-23 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-06 d:\windows\Tasks\AWC AutoSweep.job
- d:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-21 13:11]
2010-11-29 d:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 14:41]
2010-12-06 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-12-06 d:\windows\Tasks\User_Feed_Synchronization-{0E79A70E-5D86-4D99-8BAE-D56E00DD0395}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Cool's_Codec_pack_4.12 - d:\windows\iun6002.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 17:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(616)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2392)
d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
d:\program files\TortoiseSVN\Languages\TortoiseProc1029.dll
d:\windows\system32\webcheck.dll
d:\progra~1\SPYBOT~1\SDHelper.dll
d:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\System32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Lavasoft\Ad-Aware\aawservice.exe
d:\program files\Alwil Software\Avast5\AvastSvc.exe
d:\program files\TortoiseSVN\bin\TSVNCache.exe
d:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
d:\program files\NetLimiter 3\nlsvc.exe
d:\windows\SOUNDMAN.EXE
d:\windows\ALCWZRD.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-06 17:43:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-06 16:43
ComboFix2.txt 2010-12-05 20:38
Před spuštěním: 5 559 668 736
Po spuštění: 5 453 602 816
- - End Of File - - 4A544A8A5561FD4A2BB2B75D9C5DAE6B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1593 [GMT 1:00]
Spuštěný z: d:\documents and settings\FckBoy\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\FckBoy\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"d:\documents and settings\FckBoy\Plocha\RohanBotEn1.0.10\NtProcDrv.sys"
"d:\windows\iun6002.exe"
"d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
"d:\windows\system32\drivers\CFRMD.sys"
"d:\windows\system32\DRIVERS\nlndis.sys"
"d:\windows\system32\GameMon.des -service"
"d:\windows\system32\tmp153.tmp"
"d:\windows\system32\tmp154.tmp"
"d:\windows\system32\tmp168.tmp"
"d:\windows\system32\tmp169.tmp"
"d:\windows\system32\XDva359.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\iun6002.exe
d:\windows\system32\tmp153.tmp
d:\windows\system32\tmp154.tmp
d:\windows\system32\tmp168.tmp
d:\windows\system32\tmp169.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTPROCDRV
-------\Legacy_XDVA359
-------\Service_CFRMD
-------\Service_NLNdisMP
-------\Service_NLNdisPT
-------\Service_npggsvc
-------\Service_NTProcDrv
-------\Service_WPFFontCache_v0400
-------\Service_XDva359
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-06 do 2010-12-06 )))))))))))))))))))))))))))))))
.
2010-12-05 18:17 . 2010-12-05 18:17 -------- d-----w- d:\documents and settings\All Users\Data aplikací\IObit
2010-12-03 09:43 . 2010-11-10 04:33 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{F5A9277F-20A9-45BE-99F2-F6F43E0AF12C}\mpengine.dll
2010-12-02 13:05 . 2010-12-02 13:05 -------- d-----w- d:\program files\Driver-Genius
2010-12-02 13:05 . 2010-12-02 13:15 -------- d-----w- d:\program files\Excelsior Installer
2010-12-02 12:20 . 2010-12-02 12:20 -------- d-----w- d:\program files\Install Wizard
2010-12-02 11:48 . 2010-12-02 13:16 -------- d-----w- d:\program files\Driver-Soft
2010-11-29 14:56 . 2010-11-29 14:56 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172
2010-11-29 14:55 . 2010-11-29 14:55 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764
2010-11-28 16:03 . 2010-11-28 16:03 -------- d--h--r- d:\documents and settings\FckBoy\Data aplikací\SecuROM
2010-11-26 22:08 . 2010-11-30 15:52 -------- d-----w- d:\program files\Sonik Synth 2
2010-11-26 20:59 . 2010-11-29 14:35 444952 ----a-w- d:\windows\system32\wrap_oal.dll
2010-11-26 20:59 . 2010-11-29 14:35 109080 ----a-w- d:\windows\system32\OpenAL32.dll
2010-11-26 20:59 . 2010-11-26 20:59 -------- d-----w- d:\program files\OpenAL
2010-11-26 19:49 . 2010-11-26 19:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\KONAMI
2010-11-24 16:39 . 2010-11-24 17:30 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\FreeFixer
2010-11-24 16:39 . 2010-11-24 16:39 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\FreeFixer
2010-11-23 16:22 . 2006-06-29 12:07 14048 ------w- d:\windows\system32\spmsg2.dll
2010-11-23 16:12 . 2010-11-23 16:12 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\LucasArts
2010-11-22 21:08 . 2009-06-08 14:33 8676883 ----a-w- d:\windows\system32\mp3Media2.dll
2010-11-22 21:08 . 2010-11-22 21:08 -------- d-----w- d:\program files\Smallvideosoft
2010-11-22 20:48 . 2010-11-22 20:56 -------- d-----w- d:\program files\Free Screen Recorder
2010-11-21 20:19 . 2010-11-21 20:19 -------- d-----w- d:\program files\FLV To 3GP
2010-11-21 20:03 . 2010-11-26 22:31 -------- d-----w- d:\documents and settings\FckBoy\dwhelper
2010-11-21 14:32 . 2010-11-21 14:32 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Aspyr
2010-11-20 23:39 . 2010-11-20 23:39 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\ComodoGroup
2010-11-20 23:14 . 2010-11-20 23:14 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\GetRightToGo
2010-11-20 22:55 . 2010-11-20 22:55 -------- d-----w- d:\documents and settings\FckBoy\Data aplikacíComodoGroup
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Šablony
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\program files\ASIO4ALL v2
2010-11-20 16:08 . 2006-06-20 08:56 225280 ----a-w- d:\windows\system32\rewire.dll
2010-11-20 16:08 . 2010-11-20 16:09 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\OpenCandy
2010-11-20 16:08 . 2010-11-20 16:08 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\OpenCandy
2010-11-20 16:08 . 2009-08-02 20:09 1554944 ----a-w- d:\windows\system32\vorbis.acm
2010-11-20 16:07 . 2010-11-20 16:07 -------- d-----w- d:\program files\Outsim
2010-11-19 19:17 . 2010-11-20 16:07 -------- d-----w- d:\program files\Image-Line
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\good
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- d:\windows\system32\wbem\mof\bad
2010-11-17 21:38 . 2010-12-06 16:35 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\TSVNCache
2010-11-17 21:13 . 2010-11-17 21:13 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\GHISLER
2010-11-17 20:42 . 2010-12-01 21:48 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\WMTools Downloaded Files
2010-11-16 22:39 . 2010-11-16 22:40 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\PSpad
2010-11-16 22:03 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\X-ray Anti-Cheat
2010-11-16 22:02 . 2010-11-16 22:02 -------- d-----w- d:\program files\X-ray Anti-Cheat
2010-11-16 21:46 . 2010-12-03 07:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Temp
2010-11-16 21:46 . 2010-11-17 20:51 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Google
2010-11-15 18:37 . 2003-09-03 01:28 724992 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2010-11-15 18:37 . 2003-09-03 01:27 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2010-11-15 18:37 . 2003-09-03 01:26 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2010-11-15 18:37 . 2003-09-03 01:26 192512 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2010-11-15 18:37 . 2003-09-03 01:25 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2010-11-15 18:37 . 2010-11-15 18:37 311428 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2010-11-15 18:37 . 2010-11-15 18:37 184452 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2010-11-15 17:30 . 2010-11-15 17:30 -------- d-----w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Locktime
2010-11-15 17:29 . 2010-11-15 17:29 -------- d-----w- d:\program files\NetLimiter 3
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Subversion
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\Common Files\TortoiseOverlays
2010-11-14 13:43 . 2010-11-14 13:43 -------- d-----w- d:\program files\TortoiseSVN
2010-11-13 22:43 . 2010-11-13 22:43 -------- d-----w- d:\program files\Sun
2010-11-13 22:29 . 2010-11-13 22:29 -------- d-----w- d:\program files\MySQL
2010-11-10 20:59 . 2010-11-10 20:59 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Apple Computer
2010-11-07 16:11 . 2010-11-24 16:15 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\TeamViewer
2010-11-06 20:45 . 2010-11-06 20:45 -------- d-----w- d:\documents and settings\FckBoy\Data aplikací\Nvu
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-10-16 08:41 6273872 ----a-w- d:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2010-10-16 08:41 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-10-14 11:23 . 2010-10-14 11:23 388096 ----a-r- d:\documents and settings\FckBoy\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:07 . 2010-10-14 11:07 472808 ----a-w- d:\windows\system32\deployJava1.dll
2010-10-14 11:07 . 2010-10-14 06:56 73728 ----a-w- d:\windows\system32\javacpl.cpl
2010-10-14 06:30 . 2010-10-14 06:30 294912 ----a-w- d:\windows\HideWin.exe
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2002-09-23 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:52 . 2002-09-23 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2002-09-23 12:00 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\documents and settings\FckBoy\Local Settings\Data aplikací\119611918618731764 ----
---- Directory of d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172 ----
2010-11-29 15:11 . 2010-11-29 14:56 12013 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\AA2B7BFFEBE12E0C05A8E77F7C429F100BB74D84
2010-11-29 15:11 . 2010-11-29 14:56 16132 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\F67043BB18F2C1D8813D47065A3C901B1650B06D
2010-11-29 15:11 . 2010-11-29 14:56 17129 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\DE27460594C2DD491DF10F860ABD6C8B23A8D38E
2010-11-29 15:11 . 2010-11-29 14:56 887 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\38430DB26C078E979CB22707A2DC118C9CEC798F
2010-11-29 15:11 . 2010-11-29 14:56 725 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\47E774B3B7F680DA43C70D71189861A229C74BDB
2010-11-29 15:11 . 2010-11-29 14:56 886 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\119615131254269172\19030\cache\persistent\CE42E11B055B1B104D5E5A09B5EB705D4D66F151
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-09-23 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . d:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2408144]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-10-14 328056]
"Meebo Notifier"="d:\documents and settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" [2010-07-13 90112]
"AlcWzrd"="ALCWZRD.EXE" [2010-07-13 2806272]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meebo Notifier]
2010-07-14 18:23 818888 ----a-w- d:\documents and settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- d:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- d:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-29 14:33 1242448 ----a-w- c:\hry\Steam\steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Metin2_CZ\\METIN2starter.exe"=
"d:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ValveV\\hlds.exe"=
"c:\\Program Files\\ValveV\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hry\\Pro Evolution Soccer 2011\\PES2011.exe"=
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [18.10.2010 16:08 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [18.10.2010 16:08 5248]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [17.10.2010 8:21 165584]
R1 nltdi;nltdi;d:\program files\NetLimiter 3\nltdi.sys [25.5.2010 18:56 5281672]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [17.10.2010 8:21 17744]
R2 Fabs;FABS - Helping agent for MAGIX media database;d:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.11.2010 17:29 90112]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [6.11.2010 17:30 27632]
S1 vcdrom;Virtual CD-ROM Device Driver;d:\windows\system32\VCdRom.sys [15.10.2010 22:07 8576]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [6.11.2010 17:29 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [6.11.2010 17:30 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [6.11.2010 17:30 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [6.11.2010 17:30 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [6.11.2010 17:30 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [6.11.2010 17:30 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [6.11.2010 17:30 115752]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-23 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-12-06 d:\windows\Tasks\AWC AutoSweep.job
- d:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-10-21 13:11]
2010-11-29 d:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 14:41]
2010-12-06 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2010-12-06 d:\windows\Tasks\User_Feed_Synchronization-{0E79A70E-5D86-4D99-8BAE-D56E00DD0395}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - d:\documents and settings\FckBoy\Data aplikací\Mozilla\Firefox\Profiles\qyjzezmm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Cool's_Codec_pack_4.12 - d:\windows\iun6002.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 17:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(616)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2392)
d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
d:\program files\TortoiseSVN\Languages\TortoiseProc1029.dll
d:\windows\system32\webcheck.dll
d:\progra~1\SPYBOT~1\SDHelper.dll
d:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\System32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Lavasoft\Ad-Aware\aawservice.exe
d:\program files\Alwil Software\Avast5\AvastSvc.exe
d:\program files\TortoiseSVN\bin\TSVNCache.exe
d:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
d:\program files\NetLimiter 3\nlsvc.exe
d:\windows\SOUNDMAN.EXE
d:\windows\ALCWZRD.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-06 17:43:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-06 16:43
ComboFix2.txt 2010-12-05 20:38
Před spuštěním: 5 559 668 736
Po spuštění: 5 453 602 816
- - End Of File - - 4A544A8A5561FD4A2BB2B75D9C5DAE6B
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
A ještě mi to vyhodilo
- - ComboFix - - -
Zašlete vzorky malware Bleeping Computeru k další analýze.
Zkopírujte/Vložte cestu k souboru uvedenou níže do okna nahoře a klikněte na Send.
File path ---> D:\Qoobox\Quarantine\[4]-Submit_2010-12-06_17.24.55.zip
http://www.virustotal.com/file-scan/rep ... 1291654132
- - ComboFix - - -
Zašlete vzorky malware Bleeping Computeru k další analýze.
Zkopírujte/Vložte cestu k souboru uvedenou níže do okna nahoře a klikněte na Send.
File path ---> D:\Qoobox\Quarantine\[4]-Submit_2010-12-06_17.24.55.zip
http://www.virustotal.com/file-scan/rep ... 1291654132
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Totálně zpomalený počítač pomalejší než želva
To je karanténa Combofixu a asi sbírají data k analýze.
Odinstaluj:
Spybot
AdAware
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+HJT
Jak se chová PC?
Odinstaluj:
Spybot
AdAware
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+HJT
Jak se chová PC?
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
-
autoprd
- Level 4.5
- Příspěvky: 1715
- Registrován: únor 09
- Bydliště: ▼▲☺U Pc ☺▼▲
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Totálně zpomalený počítač pomalejší než želva
nU PC ted vozkouším jak běží =)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:48, on 6.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\Program Files\NetLimiter 3\nlsvc.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ALCWZRD.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Meebo Notifier] "D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
--
End of file - 6983 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:48, on 6.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
D:\Program Files\NetLimiter 3\nlsvc.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\ALCWZRD.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Meebo Notifier] "D:\Documents and Settings\FckBoy\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
--
End of file - 6983 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti