Logfile of random's system information tool 1.09 (written by random/random)
Run by Liborek at 2011-07-25 19:01:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (16%) free of 15 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:44, on 25.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
D:\Programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\KYE\WebMate\BM.exe
C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
C:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\AVerMediaGPS\Services\Spot2741.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe
C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\DAEMON\daemon.exe
C:\Program Files\AVerMediaGPS\GUI\SpotSodiumGUI.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\update.tray-2-0-lnk\svchost.exe
D:\Programy\Opera\opera.exe
C:\WINDOWS\ufa\ufa.exe
C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\RSIT.exe
C:\Program Files\trend micro\Liborek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [systmOperan] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\Run: [ManagerHelp] "c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe"
O4 - HKLM\..\Run: [DeviceCVresources] "c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe"
O4 - HKLM\..\Run: [OperanMicrosoft] c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (2).exe
O4 - HKLM\..\Run: [LokalisierungControl] C:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
O4 - HKLM\..\Run: [movie] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\Run: [resourcesCaste2.0.2736.38325] "C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [controlgraphics2.0.2736.38368] C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
O4 - HKLM\..\Run: [CatcheraTube] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dialektuZdenek] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\Run: [REGEDITOperating] C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\Run: [1447358.exe] "C:\DOCUME~1\Liborek\LOCALS~1\Temp\1447358.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [1129478.exe] "C:\DOCUME~1\Liborek\LOCALS~1\Temp\1129478.exe"
O4 - HKLM\..\Run: [5282270.exe] "C:\WINDOWS\TEMP\5282270.exe"
O4 - HKLM\..\Run: [6877223.exe] "C:\WINDOWS\TEMP\6877223.exe"
O4 - HKLM\..\Run: [12957039-loader2.exe] "C:\WINDOWS\TEMP\12957039-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [9311726.exe] "C:\WINDOWS\TEMP\9311726.exe"
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [REGEDITSystem] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\RunServices: [systmSFXCAB] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\RunServices: [AddAPlotterWizard] c:\program files\aoemview 2008\plotters\addaplotterwizard.exe
O4 - HKLM\..\RunServices: [GraphicsDeviceCV2.0.2736.38360] c:\program files\ati technologies\ati.ace\graphics-light\ru\resourcescaste.exe
O4 - HKLM\..\RunServices: [commonshell] c:\program files\common files\autodesk shared\acshellex\csy\extensionshell17.1.51.0.exe
O4 - HKLM\..\RunServices: [SFXCABOperan] c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (1).exe
O4 - HKLM\..\RunServices: [CatalystDeviceLCD] c:\program files\ati technologies\ati.ace\graphics-full-existing\da\catalystresources.exe
O4 - HKLM\..\RunServices: [HydraDMHHelp] C:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
O4 - HKLM\..\RunServices: [movie] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\RunServices: [WizardDeviceTV] C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
O4 - HKLM\..\RunServices: [controlgraphics2.0.2736.38368] C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
O4 - HKLM\..\RunServices: [aTubeCatcher] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\RunServices: [tchynineslezkem26962] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\RunServices: [SystemMicrosoft] C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe
O4 - HKLM\..\RunServices: [WindowsSystem] C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AVerMedia GPS.lnk = ?
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - D:\Programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - D:\Programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Spot (SpotGPSMaxim) - NXP Software B.V. - C:\Program Files\AVerMediaGPS\Services\Spot2741.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
--
End of file - 13507 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
C:\WINDOWS\tasks\Norton Security Scan for Liborek.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"BMISR"=C:\Program Files\KYE\WebMate\BM.exe [2008-08-19 208896]
"Adobe Reader Speed Launcher"=D:\Programy\Adobe Reader\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"systmOperan"=C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe [2010-08-18 183296]
"ManagerHelp"=c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe [2010-08-18 183296]
"DeviceCVresources"=c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe [2010-08-18 183296]
"OperanMicrosoft"=c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (2).exe []
"LokalisierungControl"=C:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe [2010-08-18 183296]
"movie"=C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe [2010-08-18 183296]
"resourcesCaste2.0.2736.38325"=C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe [2010-08-18 183296]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-11 61440]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"controlgraphics2.0.2736.38368"=C:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe [2010-08-18 183296]
"CatcheraTube"=C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe [2010-08-18 183296]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"dialektuZdenek"=C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe [2010-08-18 183296]
"REGEDITOperating"=C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe [2010-08-18 183296]
"1447358.exe"=C:\DOCUME~1\Liborek\LOCALS~1\Temp\1447358.exe [2011-07-25 247296]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"1129478.exe"=C:\DOCUME~1\Liborek\LOCALS~1\Temp\1129478.exe [2011-07-25 247296]
"5282270.exe"=C:\WINDOWS\TEMP\5282270.exe [2011-07-25 247296]
"6877223.exe"=C:\WINDOWS\TEMP\6877223.exe [2011-07-25 495616]
"12957039-loader2.exe"=C:\WINDOWS\TEMP\12957039-loader2.exe [2011-07-25 247296]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-25 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-25 114176]
"9311726.exe"=C:\WINDOWS\TEMP\9311726.exe [2011-07-25 256000]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-25 1185280]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"REGEDITSystem"=C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe [2010-08-18 183296]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"wxpdrv"=C:\WINDOWS\services32.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Lite"=D:\Programy\DAEMON\daemon.exe [2009-04-23 691656]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVerMedia GPS.lnk - C:\WINDOWS\Installer\{59CF074E-D725-43C0-B15A-C88B23926D27}\NewShortcut1_27E6D630072C4F3DBCA4A9450FD82024_1.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\roman\Programy\QIP\qip.exe"="D:\roman\Programy\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\roman\HRY\Mass Effect\Binaries\MassEffect.exe"="D:\roman\HRY\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"D:\roman\HRY\Mass Effect\MassEffectLauncher.exe"="D:\roman\HRY\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\roman\HRY\Call of Duty 2\CoD2MP_s.exe"="D:\roman\HRY\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Programy\Opera\opera.exe"="D:\Programy\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\aTube Catcher\yct.exe"="C:\Program Files\aTube Catcher\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\Flash-Player.exe"="C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ffdshow.ax
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-07-25 19:01:42 ----D---- C:\Program Files\trend micro
2011-07-25 19:01:41 ----D---- C:\rsit
2011-07-25 18:36:43 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-25 18:36:43 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-25 18:06:24 ----D---- C:\WINDOWS\av_ico
2011-07-25 18:05:10 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 18:05:10 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 18:01:05 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 18:01:05 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 15:52:48 ----D---- C:\Program Files\AMD APP
2011-07-25 15:52:44 ----D---- C:\Program Files\ATI
2011-07-25 15:30:11 ----D---- C:\WINDOWS\ufa
2011-07-25 15:30:11 ----D---- C:\WINDOWS\rpcminer
2011-07-25 15:30:11 ----D---- C:\WINDOWS\phoenix
2011-07-25 15:28:28 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 15:27:51 ----A---- C:\WINDOWS\systemup.exe
2011-07-25 15:25:08 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 15:24:47 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 15:23:36 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-25 15:19:44 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 15:18:16 ----HD---- C:\WINDOWS\update.2
2011-07-25 15:18:06 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 15:13:49 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 15:13:34 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 15:13:20 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 15:13:02 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 15:12:57 ----HD---- C:\WINDOWS\update.1
======List of files/folders modified in the last 1 month======
2011-07-25 19:01:56 ----D---- C:\WINDOWS\Prefetch
2011-07-25 19:01:42 ----RD---- C:\Program Files
2011-07-25 18:38:55 ----D---- C:\WINDOWS\Temp
2011-07-25 18:38:02 ----D---- C:\WINDOWS
2011-07-25 18:36:55 ----A---- C:\boot.ini
2011-07-25 18:35:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-25 18:34:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-25 18:33:43 ----SD---- C:\WINDOWS\Tasks
2011-07-25 18:33:22 ----D---- C:\Documents and Settings
2011-07-25 18:29:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 18:29:19 ----SHD---- C:\WINDOWS\Installer
2011-07-25 18:29:13 ----HD---- C:\WINDOWS\inf
2011-07-25 18:29:13 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 15:52:48 ----D---- C:\WINDOWS\system32
2011-07-25 15:52:47 ----D---- C:\Program Files\ATI Technologies
2011-07-25 15:30:12 ----SHD---- C:\System Volume Information
2011-07-25 15:30:12 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 15:18:35 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-13 22:20:53 ----D---- C:\WINDOWS\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-20 721904]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 FNETURPX;FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [2010-11-17 13304]
R1 FNETVDDA;FNETVDDA; C:\WINDOWS\System32\drivers\FNETVDDA.SYS [2010-11-17 49400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 PAC7302;e-Messenger 310; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver; C:\WINDOWS\system32\DRIVERS\SpotVcp.sys [2007-05-16 34304]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 aensk8tp;aensk8tp; C:\WINDOWS\system32\drivers\aensk8tp.sys []
S3 AVerAF15;AVerMedia BDA Digital Tuner; C:\WINDOWS\System32\Drivers\AVerAF15.sys [2007-10-25 280576]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 spotJ;Spot Software GPS USB Driver (spotJ); C:\WINDOWS\System32\Drivers\spotJ32.sys [2007-05-27 36608]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; D:\Programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2007-02-13 32768]
R2 Autodesk EDM Server;Autodesk EDM Server; D:\Programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe [2007-02-13 49152]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); D:\Programy\autodesk\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-13 28933976]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 SpotGPSMaxim;Spot; C:\Program Files\AVerMediaGPS\Services\Spot2741.exe [2007-06-25 610407]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-25 340992]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-25 495616]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-20 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2007-02-13 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-13 240416]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir facebook- aktualizace adobe flash playeru
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vir facebook- aktualizace adobe flash playeru
Zdravim a pekny vecer preji 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Aplikujte exeHelper by Raktor
Aplikujte RogueKiller
Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4
RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Aplikujte exeHelper by Raktor
- Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
- Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt
Aplikujte RogueKiller
stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205
Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4 RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Vir facebook- aktualizace adobe flash playeru
no panecku to byla rÿchlost...pokusim se
Re: Vir facebook- aktualizace adobe flash playeru
Kdyby byl nejaky problem, tak napiste - budu tu cely vecer 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir facebook- aktualizace adobe flash playeru
exeHelper by Raktor
Build 20100414
Run at 19:39:13 on 07/25/11
Now searching...
Checking for numerical processes...
Killed numerical process 38368
Killed numerical process 38368
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1447358.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1129478.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6877223.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9311726.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Build 20100414
Run at 19:39:13 on 07/25/11
Now searching...
Checking for numerical processes...
Killed numerical process 38368
Killed numerical process 38368
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1447358.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1129478.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6877223.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9311726.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Re: Vir facebook- aktualizace adobe flash playeru
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Liborek [Admin rights]
Mode: Remove -- Date : 07/25/2011 19:42:16
Bad processes: 9
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0-lnk\svchost.exe -> KILLED
[SUSP PATH] movie.exe -- c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe -> KILLED
Registry Entries: 26
[SUSP PATH] HKLM\[...]\Run : systmOperan (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : OperanMicrosoft (c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (2).exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : movie (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : CatcheraTube (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : dialektuZdenek (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : REGEDITOperating (C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5282270.exe ("C:\WINDOWS\TEMP\5282270.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 12957039-loader2.exe ("C:\WINDOWS\TEMP\12957039-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : REGEDITSystem (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : systmSFXCAB (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : SFXCABOperan (c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (1).exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : movie (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : aTubeCatcher (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : tchynineslezkem26962 (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : SystemMicrosoft (C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : WindowsSystem (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Liborek [Admin rights]
Mode: Remove -- Date : 07/25/2011 19:42:16
Bad processes: 9
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0-lnk\svchost.exe -> KILLED
[SUSP PATH] movie.exe -- c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe -> KILLED
Registry Entries: 26
[SUSP PATH] HKLM\[...]\Run : systmOperan (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : OperanMicrosoft (c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (2).exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : movie (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : CatcheraTube (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : dialektuZdenek (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : REGEDITOperating (C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5282270.exe ("C:\WINDOWS\TEMP\5282270.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 12957039-loader2.exe ("C:\WINDOWS\TEMP\12957039-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : REGEDITSystem (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : systmSFXCAB (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : SFXCABOperan (c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie (1).exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : movie (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : aTubeCatcher (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : tchynineslezkem26962 (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : SystemMicrosoft (C:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[SUSP PATH] HKLM\[...]\RunServices : WindowsSystem (C:\Documents and Settings\Liborek\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\movie.exe) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: Vir facebook- aktualizace adobe flash playeru
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Liborek [Admin rights]
Mode: HOSTSFix -- Date : 07/25/2011 19:43:40
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Liborek [Admin rights]
Mode: HOSTSFix -- Date : 07/25/2011 19:43:40
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Re: Vir facebook- aktualizace adobe flash playeru
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Liborek [Admin rights]
Mode: ProxyFix -- Date : 07/25/2011 19:43:59
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Liborek [Admin rights]
Mode: ProxyFix -- Date : 07/25/2011 19:43:59
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: Vir facebook- aktualizace adobe flash playeru
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 25.07.2011 at 19:37:58.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Program Files\KYE\WebMate\BM.exe
Rkill completed on 25.07.2011 at 19:38:05.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 25.07.2011 at 19:37:58.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Program Files\KYE\WebMate\BM.exe
Rkill completed on 25.07.2011 at 19:38:05.
Re: Vir facebook- aktualizace adobe flash playeru
tak postupoval jsem dle tveho navodu ..a samozrejme ti preju taky pekny vecer.... a co se bude dit ted???
Re: Vir facebook- aktualizace adobe flash playeru
Super prace, jdeme dale 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir facebook- aktualizace adobe flash playeru
ComboFix 11-07-25.02 - Liborek 25.07.2011 20:34:29.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1429 [GMT 2:00]
Spuštěný z: c:\documents and settings\Liborek\Plocha\ComboFix.exe
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Liborek\WINDOWS
c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- c:\program files\trend micro
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- C:\rsit
2011-07-25 16:36 . 2011-07-25 18:36 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-25 16:36 . 2011-07-25 16:36 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-25 16:33 . 2011-07-25 16:33 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 16:06 . 2011-07-25 16:37 -------- d-----w- c:\windows\av_ico
2011-07-25 16:05 . 2011-07-25 18:36 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 16:05 . 2011-07-25 16:05 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 14:41 . 2011-07-25 14:41 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\AMD APP
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\ATI
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\ufa
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\rpcminer
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\phoenix
2011-07-25 13:18 . 2011-07-25 13:30 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 13:13 . 2011-07-25 13:13 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"Adobe Reader Speed Launcher"="d:\programy\Adobe Reader\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"movie"="c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe" [2010-08-17 183296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"movie"="c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe" [2010-08-17 183296]
"ps9ResPrinter"="c:\program files\aoemview 2008\drv\ocegdiresresource.exe" [2010-08-17 183296]
"SceneResAutoCAD"="c:\program files\aoemview 2008\moduleautocad17.1.45.0.exe" [2010-08-17 183296]
"AddAPlotTable"="c:\program files\aoemview 2008\plot styles\wizardaddaplot.exe" [2010-08-17 183296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerMedia GPS.lnk - c:\windows\Installer\{59CF074E-D725-43C0-B15A-C88B23926D27}\NewShortcut1_27E6D630072C4F3DBCA4A9450FD82024_1.exe [2010-8-31 45056]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-31 679936]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-11-18 81997]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\roman\\Programy\\QIP\\qip.exe"=
"d:\\roman\\HRY\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\roman\\HRY\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\roman\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programy\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\aTube Catcher\\yct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.10.2009 13:37 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [17.11.2010 12:21 13304]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [17.11.2010 12:21 49400]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 10:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\system32\drivers\SpotVcp.sys [16.5.2007 13:19 34304]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [31.8.2010 15:57 280576]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\system32\drivers\spotJ32.sys [31.8.2010 15:57 36608]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ManagerHelp - c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
HKLM-Run-DeviceCVresources - c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
HKLM-Run-LokalisierungControl - c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
HKLM-Run-resourcesCaste2.0.2736.38325 - c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
HKLM-Run-controlgraphics2.0.2736.38368 - c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-AVerMedia A805 (USB, DVB-T) - c:\program files\AVerMedia\AVerMedia A805 (USB
AddRemove-Caesar 3 - j:\hry\caesar 3 play\SIERRA\Caesar3\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 20:38
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\AVerMediaGPS\GUI\SpotSodiumGUI.exe
d:\programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
d:\programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\programy\autodesk\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\aoemview 2008\drv\oce9resresource9.1.45.0.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 20:39:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 18:39
.
Před spuštěním: 2 665 074 688
Po spuštění: 2 638 467 072
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - FB81F9C3367F26D1C15262950895F441
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1429 [GMT 2:00]
Spuštěný z: c:\documents and settings\Liborek\Plocha\ComboFix.exe
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Liborek\WINDOWS
c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- c:\program files\trend micro
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- C:\rsit
2011-07-25 16:36 . 2011-07-25 18:36 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-25 16:36 . 2011-07-25 16:36 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-25 16:33 . 2011-07-25 16:33 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 16:06 . 2011-07-25 16:37 -------- d-----w- c:\windows\av_ico
2011-07-25 16:05 . 2011-07-25 18:36 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 16:05 . 2011-07-25 16:05 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 14:41 . 2011-07-25 14:41 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\AMD APP
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\ATI
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\ufa
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\rpcminer
2011-07-25 13:30 . 2011-07-25 13:30 -------- d-----w- c:\windows\phoenix
2011-07-25 13:18 . 2011-07-25 13:30 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 13:13 . 2011-07-25 13:13 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"Adobe Reader Speed Launcher"="d:\programy\Adobe Reader\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"movie"="c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe" [2010-08-17 183296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"movie"="c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe" [2010-08-17 183296]
"ps9ResPrinter"="c:\program files\aoemview 2008\drv\ocegdiresresource.exe" [2010-08-17 183296]
"SceneResAutoCAD"="c:\program files\aoemview 2008\moduleautocad17.1.45.0.exe" [2010-08-17 183296]
"AddAPlotTable"="c:\program files\aoemview 2008\plot styles\wizardaddaplot.exe" [2010-08-17 183296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerMedia GPS.lnk - c:\windows\Installer\{59CF074E-D725-43C0-B15A-C88B23926D27}\NewShortcut1_27E6D630072C4F3DBCA4A9450FD82024_1.exe [2010-8-31 45056]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-31 679936]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-11-18 81997]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\roman\\Programy\\QIP\\qip.exe"=
"d:\\roman\\HRY\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\roman\\HRY\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\roman\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programy\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\aTube Catcher\\yct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.10.2009 13:37 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [17.11.2010 12:21 13304]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [17.11.2010 12:21 49400]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 10:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\system32\drivers\SpotVcp.sys [16.5.2007 13:19 34304]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [31.8.2010 15:57 280576]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\system32\drivers\spotJ32.sys [31.8.2010 15:57 36608]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-ManagerHelp - c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
HKLM-Run-DeviceCVresources - c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
HKLM-Run-LokalisierungControl - c:\program files\ati technologies\ati hydravision\technologieslokalisierung.exe
HKLM-Run-resourcesCaste2.0.2736.38325 - c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
HKLM-Run-controlgraphics2.0.2736.38368 - c:\program files\ati technologies\ati.ace\graphics-light\ja\controlgraphics2.0.2736.38368.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-AVerMedia A805 (USB, DVB-T) - c:\program files\AVerMedia\AVerMedia A805 (USB
AddRemove-Caesar 3 - j:\hry\caesar 3 play\SIERRA\Caesar3\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 20:38
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\AVerMediaGPS\GUI\SpotSodiumGUI.exe
d:\programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
d:\programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\programy\autodesk\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\aoemview 2008\drv\oce9resresource9.1.45.0.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 20:39:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 18:39
.
Před spuštěním: 2 665 074 688
Po spuštění: 2 638 467 072
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - FB81F9C3367F26D1C15262950895F441
Re: Vir facebook- aktualizace adobe flash playeru
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: File:: c:\windows\unrar.exe c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe Folder:: c:\windows\rpcminer c:\windows\phoenix c:\windows\ufa c:\windows\av_ico c:\windows\update.tray-2-0 c:\windows\update.tray-2-0-lnk c:\windows\update.tray-7-0 c:\windows\update.tray-7-0-lnk c:\program files\aoemview 2008 Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "Adobe ARM"=- "NeroFilterCheck"=- "movie"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "movie"=- "ps9ResPrinter"=- "SceneResAutoCAD"=- "AddAPlotTable"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 Driver:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir facebook- aktualizace adobe flash playeru
ComboFix 11-07-25.02 - Liborek 25.07.2011 21:13:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1456 [GMT 2:00]
Spuštěný z: c:\documents and settings\Liborek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Liborek\Plocha\CFScript.txt
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
FILE ::
"c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\aoemview 2008
c:\program files\aoemview 2008\ac1st17.dll
c:\program files\aoemview 2008\AcApp.arx
c:\program files\aoemview 2008\AcAppRes.dll
c:\program files\aoemview 2008\AcBGPlot.arx
c:\program files\aoemview 2008\acbr17.dbx
c:\program files\aoemview 2008\AcCalcEngine.arx
c:\program files\aoemview 2008\AcCalcEngineRes.dll
c:\program files\aoemview 2008\AcCalcUi.xml
c:\program files\aoemview 2008\AcCtrl.dll
c:\program files\aoemview 2008\acdb17.dll
c:\program files\aoemview 2008\acdb17enures.dll
c:\program files\aoemview 2008\acdbmgd.dll
c:\program files\aoemview 2008\AcDim.arx
c:\program files\aoemview 2008\AcDimRes.dll
c:\program files\aoemview 2008\AcDimX17.dll
c:\program files\aoemview 2008\AcDynInput.arx
c:\program files\aoemview 2008\AcDynInputRes.dll
c:\program files\aoemview 2008\AcFdEval.arx
c:\program files\aoemview 2008\AcFdUi.arx
c:\program files\aoemview 2008\AcFieldRes.dll
c:\program files\aoemview 2008\acge17.dll
c:\program files\aoemview 2008\AcGradient17.dll
c:\program files\aoemview 2008\acgs.dll
c:\program files\aoemview 2008\acgsimage.dll
c:\program files\aoemview 2008\acgsRes.dll
c:\program files\aoemview 2008\AcIdViewObj.dbx
c:\program files\aoemview 2008\AcInetUI.dll
c:\program files\aoemview 2008\AcInetUIRes.dll
c:\program files\aoemview 2008\acismobj17.dbx
c:\program files\aoemview 2008\acISMui.arx
c:\program files\aoemview 2008\acISMuiRes.dll
c:\program files\aoemview 2008\AcLayerTools.dll
c:\program files\aoemview 2008\acmgd.dll
c:\program files\aoemview 2008\acmgdinternal.dll
c:\program files\aoemview 2008\AcMgdReverse.dll
c:\program files\aoemview 2008\AcMgdShared.dll
c:\program files\aoemview 2008\AcMPolygonCom.dll
c:\program files\aoemview 2008\AcMPolygonMGD.dll
c:\program files\aoemview 2008\AcMPolygonObj17.dbx
c:\program files\aoemview 2008\AcMPolygonObj17enuRes.dll
c:\program files\aoemview 2008\AcObjClassImp.arx
c:\program files\aoemview 2008\AcObjClassImpRes.dll
c:\program files\aoemview 2008\AcOcSchemaUtil.arx
c:\program files\aoemview 2008\acopm.arx
c:\program files\aoemview 2008\AcOpmExt.arx
c:\program files\aoemview 2008\AcOpmExtRes.dll
c:\program files\aoemview 2008\acopmRes.dll
c:\program files\aoemview 2008\AcPEXCtl.arx
c:\program files\aoemview 2008\AcPEXCtlRes.dll
c:\program files\aoemview 2008\acpi.arx
c:\program files\aoemview 2008\acpires.dll
c:\program files\aoemview 2008\AcPlDetails.arx
c:\program files\aoemview 2008\AcPlotGui.arx
c:\program files\aoemview 2008\AcPltRes.dll
c:\program files\aoemview 2008\AcPltStamp.arx
c:\program files\aoemview 2008\AcPltStampRes.dll
c:\program files\aoemview 2008\AcProject17.dll
c:\program files\aoemview 2008\AcProject17Res.dll
c:\program files\aoemview 2008\AcSceneOE.dbx
c:\program files\aoemview 2008\AcSceneRes.dll
c:\program files\aoemview 2008\AcStar.arx
c:\program files\aoemview 2008\AcStarRes.dll
c:\program files\aoemview 2008\acui17.dll
c:\program files\aoemview 2008\acui17res.dll
c:\program files\aoemview 2008\acurlutl17.dll
c:\program files\aoemview 2008\AcUt.dll
c:\program files\aoemview 2008\AcViewMgr.arx
c:\program files\aoemview 2008\AcVMTools.arx
c:\program files\aoemview 2008\AcVMToolsRes.dll
c:\program files\aoemview 2008\AcWebDAV17.dll
c:\program files\aoemview 2008\AcWipeoutObj17.dbx
c:\program files\aoemview 2008\AcWipeoutRes.dll
c:\program files\aoemview 2008\ad17asm120.dll
c:\program files\aoemview 2008\adctrls.dll
c:\program files\aoemview 2008\adctrlsRes.dll
c:\program files\aoemview 2008\addplwiz.exe
c:\program files\aoemview 2008\addplwizRes.dll
c:\program files\aoemview 2008\AdFTP.dll
c:\program files\aoemview 2008\AdFTPRes.dll
c:\program files\aoemview 2008\AdImaging.dll
c:\program files\aoemview 2008\AdImagingRes.dll
c:\program files\aoemview 2008\AdIntImgServices.dll
c:\program files\aoemview 2008\adui17.dll
c:\program files\aoemview 2008\adui17res.dll
c:\program files\aoemview 2008\AecAreaCalculationBase.dbx
c:\program files\aoemview 2008\AecAreaCalculationBaseenu.dll
c:\program files\aoemview 2008\AecArchBase.dbx
c:\program files\aoemview 2008\AecArchBaseenu.dll
c:\program files\aoemview 2008\AecArchDACHBase.dbx
c:\program files\aoemview 2008\AecArchDACHBaseenu.dll
c:\program files\aoemview 2008\AecBase.dbx
c:\program files\aoemview 2008\AecBaseenu.dll
c:\program files\aoemview 2008\AecBaseEx.dbx
c:\program files\aoemview 2008\AecBaseExenu.dll
c:\program files\aoemview 2008\AecLoader.arx
c:\program files\aoemview 2008\AecModeler50.dbx
c:\program files\aoemview 2008\AecProjectBase.dbx
c:\program files\aoemview 2008\AecProjectBaseenu.dll
c:\program files\aoemview 2008\AecResMgr.dll
c:\program files\aoemview 2008\AecResMgrenu.dll
c:\program files\aoemview 2008\AecResUi.dll
c:\program files\aoemview 2008\AecResUienu.dll
c:\program files\aoemview 2008\AecScript.dll
c:\program files\aoemview 2008\AecScriptenu.dll
c:\program files\aoemview 2008\AecSchedule.dbx
c:\program files\aoemview 2008\AecScheduleData.dbx
c:\program files\aoemview 2008\AecScheduleDataenu.dll
c:\program files\aoemview 2008\AecScheduleenu.dll
c:\program files\aoemview 2008\AecStructureBase.dbx
c:\program files\aoemview 2008\AecStructureBaseenu.dll
c:\program files\aoemview 2008\AecSystemTools.dll
c:\program files\aoemview 2008\aecuibase.arx
c:\program files\aoemview 2008\AecUiBaseEnu.dll
c:\program files\aoemview 2008\achapi17.dbx
c:\program files\aoemview 2008\anav.dll
c:\program files\aoemview 2008\anavRes.dll
c:\program files\aoemview 2008\AoVw2008.exe
c:\program files\aoemview 2008\AoVw2008.exe.config
c:\program files\aoemview 2008\AoVw2008btn.xmx
c:\program files\aoemview 2008\AoVw2008ficn.dll
c:\program files\aoemview 2008\AoVw2008inet.dll
c:\program files\aoemview 2008\AoVw2008inetRes.dll
c:\program files\aoemview 2008\AoVw2008res.dll
c:\program files\aoemview 2008\AoVw2008res2.dll
c:\program files\aoemview 2008\apperr.dll
c:\program files\aoemview 2008\apperrRes.dll
c:\program files\aoemview 2008\appload.arx
c:\program files\aoemview 2008\apploadRes.dll
c:\program files\aoemview 2008\architectural.dll
c:\program files\aoemview 2008\architectural.mi
c:\program files\aoemview 2008\ASMBASE120A.dll
c:\program files\aoemview 2008\ASMconstrctobj120A.dll
c:\program files\aoemview 2008\ASMFCT120A.dll
c:\program files\aoemview 2008\ASMGA120A.dll
c:\program files\aoemview 2008\ASMIHL120A.dll
c:\program files\aoemview 2008\ASMINTR120A.dll
c:\program files\aoemview 2008\ASMKERN120A.dll
c:\program files\aoemview 2008\ASMLAW120A.dll
c:\program files\aoemview 2008\ASMm120enures.dll
c:\program files\aoemview 2008\ASMMATRIX120A.dll
c:\program files\aoemview 2008\ASMTOPT120A.dll
c:\program files\aoemview 2008\ax17enures.dll
c:\program files\aoemview 2008\axdb.dll
c:\program files\aoemview 2008\BCSPSE.dll
c:\program files\aoemview 2008\BzLocation.dll
c:\program files\aoemview 2008\BzPSLang.dll
c:\program files\aoemview 2008\color.dll
c:\program files\aoemview 2008\colorRes.dll
c:\program files\aoemview 2008\coreerr.dll
c:\program files\aoemview 2008\dlint9.dll
c:\program files\aoemview 2008\Drv\AdskHwCertificationDatabase.xml
c:\program files\aoemview 2008\Drv\buffer9.hdi
c:\program files\aoemview 2008\Drv\CalComp9.drc
c:\program files\aoemview 2008\Drv\CalComp9.hdi
c:\program files\aoemview 2008\Drv\CalComp9Res.dll
c:\program files\aoemview 2008\Drv\dgwintbn.dll
c:\program files\aoemview 2008\Drv\dgwintbnRes.dll
c:\program files\aoemview 2008\Drv\direct3d9.hdi
c:\program files\aoemview 2008\Drv\dither9.hdi
c:\program files\aoemview 2008\Drv\dwffont9.hdi
c:\program files\aoemview 2008\Drv\dwfplot9.drc
c:\program files\aoemview 2008\Drv\dwfplot9.hdi
c:\program files\aoemview 2008\Drv\Dwfplot9Res.dll
c:\program files\aoemview 2008\Drv\dxb9.drc
c:\program files\aoemview 2008\Drv\dxb9.hdi
c:\program files\aoemview 2008\Drv\dxb9Res.dll
c:\program files\aoemview 2008\Drv\eov9.hdi
c:\program files\aoemview 2008\Drv\gdi9.hdi
c:\program files\aoemview 2008\Drv\gdi9Res.dll
c:\program files\aoemview 2008\Drv\gdifont9.hdi
c:\program files\aoemview 2008\Drv\gdiplot9.hdi
c:\program files\aoemview 2008\Drv\hlr9.hdi
c:\program files\aoemview 2008\Drv\hpgdi9.hdi
c:\program files\aoemview 2008\Drv\Hpgdi9Res.dll
c:\program files\aoemview 2008\Drv\hpgl29.drc
c:\program files\aoemview 2008\Drv\hpgl29.hdi
c:\program files\aoemview 2008\Drv\HpGl29Res.dll
c:\program files\aoemview 2008\Drv\hpgl9.drc
c:\program files\aoemview 2008\Drv\hpgl9.hdi
c:\program files\aoemview 2008\Drv\hpgl9Res.dll
c:\program files\aoemview 2008\Drv\jitter9.hdi
c:\program files\aoemview 2008\Drv\mentalray9.hdi
c:\program files\aoemview 2008\Drv\monochrome9.hdi
c:\program files\aoemview 2008\Drv\null9.hdi
c:\program files\aoemview 2008\Drv\oce9.drc
c:\program files\aoemview 2008\Drv\oce9.hdi
c:\program files\aoemview 2008\Drv\Oce9Res.dll
c:\program files\aoemview 2008\Drv\oce9ResResource9.1.45.0.exe
c:\program files\aoemview 2008\Drv\ocegdi9.hdi
c:\program files\aoemview 2008\Drv\ocegdi9Res.dll
c:\program files\aoemview 2008\Drv\OCEGDIResResource.exe
c:\program files\aoemview 2008\Drv\overhang9.hdi
c:\program files\aoemview 2008\Drv\paint9.hdi
c:\program files\aoemview 2008\Drv\pdffont9.hdi
c:\program files\aoemview 2008\Drv\pdfplot9.drc
c:\program files\aoemview 2008\Drv\pdfplot9.hdi
c:\program files\aoemview 2008\Drv\pdfplot9res.dll
c:\program files\aoemview 2008\Drv\ps9.drc
c:\program files\aoemview 2008\Drv\ps9.hdi
c:\program files\aoemview 2008\Drv\ps9Res.dll
c:\program files\aoemview 2008\Drv\raster9.drc
c:\program files\aoemview 2008\Drv\raster9.hdi
c:\program files\aoemview 2008\Drv\raster9Res.dll
c:\program files\aoemview 2008\Drv\rblast9.hdi
c:\program files\aoemview 2008\Drv\rfx9.hdi
c:\program files\aoemview 2008\Drv\select3d9.hdi
c:\program files\aoemview 2008\Drv\select9.hdi
c:\program files\aoemview 2008\Drv\slide9.hdi
c:\program files\aoemview 2008\Drv\szb9.hdi
c:\program files\aoemview 2008\Drv\wopengl9.hdi
c:\program files\aoemview 2008\Drv\xes9.drc
c:\program files\aoemview 2008\Drv\xes9.hdi
c:\program files\aoemview 2008\Drv\xes9res.dll
c:\program files\aoemview 2008\Drv\xesgdi9.hdi
c:\program files\aoemview 2008\dswhip.dll
c:\program files\aoemview 2008\dswhipRes.dll
c:\program files\aoemview 2008\DxOemViewer.arx
c:\program files\aoemview 2008\en-US\acdbmgd.resources.dll
c:\program files\aoemview 2008\en-US\AcLayerTools.resources.dll
c:\program files\aoemview 2008\en-US\BzLocation.resources.dll
c:\program files\aoemview 2008\erren.dll
c:\program files\aoemview 2008\errenu.dll
c:\program files\aoemview 2008\fontcap.dll
c:\program files\aoemview 2008\fontcapres.dll
c:\program files\aoemview 2008\Fonts\@extfont2.shx
c:\program files\aoemview 2008\Fonts\AcadEref.shx
c:\program files\aoemview 2008\Fonts\aehalf.shx
c:\program files\aoemview 2008\Fonts\AMDTSymbols.shx
c:\program files\aoemview 2008\Fonts\amgdt.shx
c:\program files\aoemview 2008\Fonts\amgdtans.shx
c:\program files\aoemview 2008\Fonts\bigfont.shx
c:\program files\aoemview 2008\Fonts\bold.shx
c:\program files\aoemview 2008\Fonts\Cdm.shx
c:\program files\aoemview 2008\Fonts\CDM_NC.SHX
c:\program files\aoemview 2008\Fonts\complex.shx
c:\program files\aoemview 2008\Fonts\dim.shx
c:\program files\aoemview 2008\Fonts\extfont.shx
c:\program files\aoemview 2008\Fonts\extfont2.shx
c:\program files\aoemview 2008\Fonts\exthalf2.shx
c:\program files\aoemview 2008\Fonts\extslim2.shx
c:\program files\aoemview 2008\Fonts\g12f13.shx
c:\program files\aoemview 2008\Fonts\g13f12d.shx
c:\program files\aoemview 2008\Fonts\g13f12w.shx
c:\program files\aoemview 2008\Fonts\gbcbig.shx
c:\program files\aoemview 2008\Fonts\gbeitc.shx
c:\program files\aoemview 2008\Fonts\gbenor.shx
c:\program files\aoemview 2008\Fonts\GENISO.SHX
c:\program files\aoemview 2008\Fonts\geniso12.shx
c:\program files\aoemview 2008\Fonts\GENLTSHP.SHX
c:\program files\aoemview 2008\Fonts\GENPRESE.SHX
c:\program files\aoemview 2008\Fonts\gothice.shx
c:\program files\aoemview 2008\Fonts\gothicg.shx
c:\program files\aoemview 2008\Fonts\gothici.shx
c:\program files\aoemview 2008\Fonts\greekc.shx
c:\program files\aoemview 2008\Fonts\greeks.shx
c:\program files\aoemview 2008\Fonts\hand1.shx
c:\program files\aoemview 2008\Fonts\chineset.shx
c:\program files\aoemview 2008\Fonts\iges1001.shx
c:\program files\aoemview 2008\Fonts\iges1002.shx
c:\program files\aoemview 2008\Fonts\iges1003.shx
c:\program files\aoemview 2008\Fonts\ISO.SHX
c:\program files\aoemview 2008\Fonts\isocp.shx
c:\program files\aoemview 2008\Fonts\isocp2.shx
c:\program files\aoemview 2008\Fonts\isocp3.shx
c:\program files\aoemview 2008\Fonts\isoct.shx
c:\program files\aoemview 2008\Fonts\isoct2.shx
c:\program files\aoemview 2008\Fonts\isoct3.shx
c:\program files\aoemview 2008\Fonts\italic.shx
c:\program files\aoemview 2008\Fonts\ITALIC8.SHX
c:\program files\aoemview 2008\Fonts\italicc.shx
c:\program files\aoemview 2008\Fonts\italict.shx
c:\program files\aoemview 2008\Fonts\monotxt.shx
c:\program files\aoemview 2008\Fonts\MONOTXT8.SHX
c:\program files\aoemview 2008\Fonts\romanc.shx
c:\program files\aoemview 2008\Fonts\romand.shx
c:\program files\aoemview 2008\Fonts\romans.shx
c:\program files\aoemview 2008\Fonts\romant.shx
c:\program files\aoemview 2008\Fonts\sas_____.pfb
c:\program files\aoemview 2008\Fonts\scriptc.shx
c:\program files\aoemview 2008\Fonts\scripts.shx
c:\program files\aoemview 2008\Fonts\SIMPLEX8.SHX
c:\program files\aoemview 2008\Fonts\spec_bar.shx
c:\program files\aoemview 2008\Fonts\spec_sl.shx
c:\program files\aoemview 2008\Fonts\special.shx
c:\program files\aoemview 2008\Fonts\syastro.shx
c:\program files\aoemview 2008\Fonts\symap.shx
c:\program files\aoemview 2008\Fonts\symath.shx
c:\program files\aoemview 2008\Fonts\symeteo.shx
c:\program files\aoemview 2008\Fonts\symusic.shx
c:\program files\aoemview 2008\Fonts\times.shx
c:\program files\aoemview 2008\Fonts\timesout.shx
c:\program files\aoemview 2008\Fonts\txt.shx
c:\program files\aoemview 2008\Fonts\whgdtxt.shx
c:\program files\aoemview 2008\Fonts\whgtxt.shx
c:\program files\aoemview 2008\Fonts\whtgtxt.shx
c:\program files\aoemview 2008\Fonts\whtmtxt.shx
c:\program files\aoemview 2008\gdiplus.dll
c:\program files\aoemview 2008\gridres.dll
c:\program files\aoemview 2008\HaveDisk.dll
c:\program files\aoemview 2008\hcreg9.dll
c:\program files\aoemview 2008\hcreg9Res.dll
c:\program files\aoemview 2008\heidi9.dll
c:\program files\aoemview 2008\Help\HelpSearch.ini
c:\program files\aoemview 2008\Help\ISYS.CAT
c:\program files\aoemview 2008\Help\ISYS.CFG
c:\program files\aoemview 2008\Help\ISYS.FLD
c:\program files\aoemview 2008\Help\ISYS.IXA
c:\program files\aoemview 2008\Help\ISYS.IXB
c:\program files\aoemview 2008\Help\ISYS.IXC
c:\program files\aoemview 2008\Help\ISYS.IXE
c:\program files\aoemview 2008\Help\ISYS.IXF
c:\program files\aoemview 2008\Help\ISYS.NET
c:\program files\aoemview 2008\Help\ISYS.SYN
c:\program files\aoemview 2008\Help\ole_err.chm
c:\program files\aoemview 2008\HPSETUP.exe
c:\program files\aoemview 2008\HPSETUPRes.dll
c:\program files\aoemview 2008\identity.ini
c:\program files\aoemview 2008\ISYS.CWD
c:\program files\aoemview 2008\ISYS.NLI
c:\program files\aoemview 2008\ISYS8.DLL
c:\program files\aoemview 2008\ISYS8.KEY
c:\program files\aoemview 2008\ISYSPDF6.DLL
c:\program files\aoemview 2008\ISYSPDFL.DAT
c:\program files\aoemview 2008\ISYSPDFL.DLL
c:\program files\aoemview 2008\ISYSU8.DLL
c:\program files\aoemview 2008\light9.dll
c:\program files\aoemview 2008\modlrobj17.dll
c:\program files\aoemview 2008\ModuleAutoCAD17.1.45.0.exe
c:\program files\aoemview 2008\mtl9.dll
c:\program files\aoemview 2008\Nexus.dll
c:\program files\aoemview 2008\oleaprot.arx
c:\program files\aoemview 2008\oletohdi9.dll
c:\program files\aoemview 2008\passwordUI.dll
c:\program files\aoemview 2008\passwordUIRes.dll
c:\program files\aoemview 2008\pc3edit.dll
c:\program files\aoemview 2008\pc3EditRes.dll
c:\program files\aoemview 2008\pc3exe.exe
c:\program files\aoemview 2008\pc3exeRes.dll
c:\program files\aoemview 2008\pctres9.dll
c:\program files\aoemview 2008\physpen.dll
c:\program files\aoemview 2008\plcalwiz.dll
c:\program files\aoemview 2008\plcalwizRes.dll
c:\program files\aoemview 2008\plcferr.dll
c:\program files\aoemview 2008\plcfmgr.dll
c:\program files\aoemview 2008\plcfmgrRes.dll
c:\program files\aoemview 2008\Plot Styles\Add-A-Plot Style Table Wizard.lnk
c:\program files\aoemview 2008\plot styles\wizardaddaplot.exe
c:\program files\aoemview 2008\plotcfg9.dll
c:\program files\aoemview 2008\plotgrad.dll
c:\program files\aoemview 2008\Plotters\Add-A-Plotter Wizard.lnk
c:\program files\aoemview 2008\Plotters\AddAPlotterWizard.exe
c:\program files\aoemview 2008\pltcmdln.arx
c:\program files\aoemview 2008\pm9.dll
c:\program files\aoemview 2008\pmres9.dll
c:\program files\aoemview 2008\pmutil9.dll
c:\program files\aoemview 2008\PPzlib123V8.dll
c:\program files\aoemview 2008\prntprog.dll
c:\program files\aoemview 2008\prntprogRes.dll
c:\program files\aoemview 2008\ProjectPointClient.dll
c:\program files\aoemview 2008\PROJECTPOINTCLIENTLib.dll
c:\program files\aoemview 2008\psizewiz.dll
c:\program files\aoemview 2008\psizewizRes.dll
c:\program files\aoemview 2008\R14PSKit.dll
c:\program files\aoemview 2008\R14PSKitRes.dll
c:\program files\aoemview 2008\regAoVw200817.dll
c:\program files\aoemview 2008\regAoVw2008Res.dll
c:\program files\aoemview 2008\resize.dll
c:\program files\aoemview 2008\SceneResAutoCAD.exe
c:\program files\aoemview 2008\scree.dll
c:\program files\aoemview 2008\Setup\AcDelTree.exe
c:\program files\aoemview 2008\Setup\LiteHtml.dll
c:\program files\aoemview 2008\Setup\Setup.exe
c:\program files\aoemview 2008\Setup\Setup.ini
c:\program files\aoemview 2008\Setup\SetupAcadUi.dll
c:\program files\aoemview 2008\Setup\SetupRes.dll
c:\program files\aoemview 2008\Setup\SetupRes\AoemSetupTopBanner.bmp
c:\program files\aoemview 2008\Setup\SetupRes\eval.msi
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Add_Remove_Features_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Additional_Files_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Begin_Deployment_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Configure_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Configure_InfoCenter_Communication_Center_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Configure_InfoCenter_Search_Results_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Include_Service_Packs_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Online_Resources_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Documentation.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Full_Progress_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Dot.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Install.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Installed.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Installing.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Line_Tab.bmp
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Line5x375.bmp
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Line5x440.bmp
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Uninstalled.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Uninstalling.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Type_Page_DWFV.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Type_Page_OEM.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Type_Page_Tools.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Maintenance_Failed_page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Reinstall_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Repair_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_Preferences_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_Repair_or_Reinstall_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_the_Products_to_Install_Deployment.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_the_Products_to_Install_Standalone.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_the_Products_to_Install_Tools.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Specify_Settings_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Specify_Users_Workstation_Settings_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Support.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Uninstall_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Update_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Update_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\User_Information_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\UserInformation.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Welcome_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Write_to_Log_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\ACAD\Infotainment1.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\Flash\Infotainment2.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\Images\ACAD_OEM_Infotainment.bmp
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\Images\Flash.bmp
c:\program files\aoemview 2008\Setup\SetupUi.dll
c:\program files\aoemview 2008\sfttabac.dll
c:\program files\aoemview 2008\sfttabacRes.dll
c:\program files\aoemview 2008\shareac.dll
c:\program files\aoemview 2008\sharemfc.dll
c:\program files\aoemview 2008\sharemfcRes.dll
c:\program files\aoemview 2008\styedit.dll
c:\program files\aoemview 2008\styexe.exe
c:\program files\aoemview 2008\styexeRes.dll
c:\program files\aoemview 2008\styleeng.dll
c:\program files\aoemview 2008\styshwiz.exe
c:\program files\aoemview 2008\styshwizRes.dll
c:\program files\aoemview 2008\Support\ai_utils.fas
c:\program files\aoemview 2008\Support\AoVw2008.fas
c:\program files\aoemview 2008\Support\AoVw2008.slb
c:\program files\aoemview 2008\Support\AoVw2008doc.fas
c:\program files\aoemview 2008\Support\AuthorPalette\AcApCatalog.atc
c:\program files\aoemview 2008\Support\txt.shx
c:\program files\aoemview 2008\Template\Imperial-Seed2D.dgn
c:\program files\aoemview 2008\Template\Imperial-Seed3D.dgn
c:\program files\aoemview 2008\Template\Metric-Seed2D.dgn
c:\program files\aoemview 2008\Template\Metric-Seed3D.dgn
c:\program files\aoemview 2008\texture9.dll
c:\program files\aoemview 2008\unicows.dll
c:\program files\aoemview 2008\userdata.dll
c:\program files\aoemview 2008\UserDataCache\aoem.dhlp
c:\program files\aoemview 2008\UserDataCache\InfoCenter\ISYS.CFG
c:\program files\aoemview 2008\UserDataCache\Plot Styles\AoVw2008.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\AoVw2008.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Autodesk-Color.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Autodesk-MONO.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\DWF Virtual Pens.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Fill Patterns.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Grayscale.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\monochrome.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\monochrome.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 100%.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 25%.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 50%.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 75%.ctb
c:\program files\aoemview 2008\UserDataCache\Plotters\Default Windows System Printer.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\DWF6 ePlot.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\DWG To PDF.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\PMP Files\PublishToWeb JPG.pmp
c:\program files\aoemview 2008\UserDataCache\Plotters\PMP Files\PublishToWeb PNG.pmp
c:\program files\aoemview 2008\UserDataCache\Plotters\PublishToWeb JPG.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\PublishToWeb PNG.pc3
c:\program files\aoemview 2008\UserDataCache\Support\AcFields.fdc
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.CUI
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.dcl
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.fmp
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.pat
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.psf
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008iso.pat
c:\program files\aoemview 2008\UserDataCache\Support\AuthorPalette\AcApCatalog.atc
c:\program files\aoemview 2008\UserDataCache\Support\base.dcl
c:\program files\aoemview 2008\UserDataCache\Support\bigfont.ini
c:\program files\aoemview 2008\UserDataCache\Support\custom.cui
c:\program files\aoemview 2008\UserDataCache\Support\gdt.shx
c:\program files\aoemview 2008\UserDataCache\Support\Inches.pss
c:\program files\aoemview 2008\UserDataCache\Support\ltypeshp.shx
c:\program files\aoemview 2008\UserDataCache\Support\mm.pss
c:\program files\aoemview 2008\UserDataCache\Support\Profiles\Unnamed Profile\Profile.aws
c:\program files\aoemview 2008\UserDataCache\Support\simplex.shx
c:\program files\aoemview 2008\UserDataCache\Template\AoVw2008.dwt
c:\program files\aoemview 2008\UserDataCache\Template\AoVw2008iso.dwt
c:\program files\aoemview 2008\vl.arx
c:\program files\aoemview 2008\vlinit.fsl
c:\program files\aoemview 2008\vllib.dll
c:\program files\aoemview 2008\vlmsg.dll
c:\program files\aoemview 2008\vlres.dll
c:\program files\aoemview 2008\xerces-c_1_6_0V8.dll
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- c:\program files\trend micro
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- C:\rsit
2011-07-25 16:33 . 2011-07-25 16:33 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 14:41 . 2011-07-25 14:41 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\AMD APP
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\ATI
2011-07-25 13:13 . 2011-07-25 13:13 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerMedia GPS.lnk - c:\windows\Installer\{59CF074E-D725-43C0-B15A-C88B23926D27}\NewShortcut1_27E6D630072C4F3DBCA4A9450FD82024_1.exe [2010-8-31 45056]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-31 679936]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-11-18 81997]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\roman\\Programy\\QIP\\qip.exe"=
"d:\\roman\\HRY\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\roman\\HRY\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\roman\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programy\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\aTube Catcher\\yct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.10.2009 13:37 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [17.11.2010 12:21 13304]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [17.11.2010 12:21 49400]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 10:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\system32\drivers\SpotVcp.sys [16.5.2007 13:19 34304]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [31.8.2010 15:57 280576]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\system32\drivers\spotJ32.sys [31.8.2010 15:57 36608]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-dgwintbnHPGL9RES - c:\program files\aoemview 2008\drv\oce9resresource9.1.45.0.exe
HKLM-Run-AutoCADAcAppRes - c:\program files\aoemview 2008\moduleautocad17.1.45.0.exe
HKLM-Run-WizardStyle26799 - c:\program files\aoemview 2008\plot styles\wizardaddaplot.exe
HKLM-Run-PrinterDWFPlot9Res - c:\program files\aoemview 2008\drv\ocegdiresresource.exe
AddRemove-AOEMView 2008 - c:\program files\AOEMView 2008\Setup\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 21:17
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVerMediaGPS\GUI\SpotSodiumGUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
d:\programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\programy\autodesk\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 21:18:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 19:18
ComboFix2.txt 2011-07-25 18:39
.
Před spuštěním: 2 647 617 536
Po spuštění: 2 548 580 352
.
- - End Of File - - DB0D8F408E7FCA6062D72B6CE8D2B0E3
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1456 [GMT 2:00]
Spuštěný z: c:\documents and settings\Liborek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Liborek\Plocha\CFScript.txt
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
FILE ::
"c:\documents and settings\liborek\local settings\data aplikací\opera\opera\profile\cache4\temporary_download\movie.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\aoemview 2008
c:\program files\aoemview 2008\ac1st17.dll
c:\program files\aoemview 2008\AcApp.arx
c:\program files\aoemview 2008\AcAppRes.dll
c:\program files\aoemview 2008\AcBGPlot.arx
c:\program files\aoemview 2008\acbr17.dbx
c:\program files\aoemview 2008\AcCalcEngine.arx
c:\program files\aoemview 2008\AcCalcEngineRes.dll
c:\program files\aoemview 2008\AcCalcUi.xml
c:\program files\aoemview 2008\AcCtrl.dll
c:\program files\aoemview 2008\acdb17.dll
c:\program files\aoemview 2008\acdb17enures.dll
c:\program files\aoemview 2008\acdbmgd.dll
c:\program files\aoemview 2008\AcDim.arx
c:\program files\aoemview 2008\AcDimRes.dll
c:\program files\aoemview 2008\AcDimX17.dll
c:\program files\aoemview 2008\AcDynInput.arx
c:\program files\aoemview 2008\AcDynInputRes.dll
c:\program files\aoemview 2008\AcFdEval.arx
c:\program files\aoemview 2008\AcFdUi.arx
c:\program files\aoemview 2008\AcFieldRes.dll
c:\program files\aoemview 2008\acge17.dll
c:\program files\aoemview 2008\AcGradient17.dll
c:\program files\aoemview 2008\acgs.dll
c:\program files\aoemview 2008\acgsimage.dll
c:\program files\aoemview 2008\acgsRes.dll
c:\program files\aoemview 2008\AcIdViewObj.dbx
c:\program files\aoemview 2008\AcInetUI.dll
c:\program files\aoemview 2008\AcInetUIRes.dll
c:\program files\aoemview 2008\acismobj17.dbx
c:\program files\aoemview 2008\acISMui.arx
c:\program files\aoemview 2008\acISMuiRes.dll
c:\program files\aoemview 2008\AcLayerTools.dll
c:\program files\aoemview 2008\acmgd.dll
c:\program files\aoemview 2008\acmgdinternal.dll
c:\program files\aoemview 2008\AcMgdReverse.dll
c:\program files\aoemview 2008\AcMgdShared.dll
c:\program files\aoemview 2008\AcMPolygonCom.dll
c:\program files\aoemview 2008\AcMPolygonMGD.dll
c:\program files\aoemview 2008\AcMPolygonObj17.dbx
c:\program files\aoemview 2008\AcMPolygonObj17enuRes.dll
c:\program files\aoemview 2008\AcObjClassImp.arx
c:\program files\aoemview 2008\AcObjClassImpRes.dll
c:\program files\aoemview 2008\AcOcSchemaUtil.arx
c:\program files\aoemview 2008\acopm.arx
c:\program files\aoemview 2008\AcOpmExt.arx
c:\program files\aoemview 2008\AcOpmExtRes.dll
c:\program files\aoemview 2008\acopmRes.dll
c:\program files\aoemview 2008\AcPEXCtl.arx
c:\program files\aoemview 2008\AcPEXCtlRes.dll
c:\program files\aoemview 2008\acpi.arx
c:\program files\aoemview 2008\acpires.dll
c:\program files\aoemview 2008\AcPlDetails.arx
c:\program files\aoemview 2008\AcPlotGui.arx
c:\program files\aoemview 2008\AcPltRes.dll
c:\program files\aoemview 2008\AcPltStamp.arx
c:\program files\aoemview 2008\AcPltStampRes.dll
c:\program files\aoemview 2008\AcProject17.dll
c:\program files\aoemview 2008\AcProject17Res.dll
c:\program files\aoemview 2008\AcSceneOE.dbx
c:\program files\aoemview 2008\AcSceneRes.dll
c:\program files\aoemview 2008\AcStar.arx
c:\program files\aoemview 2008\AcStarRes.dll
c:\program files\aoemview 2008\acui17.dll
c:\program files\aoemview 2008\acui17res.dll
c:\program files\aoemview 2008\acurlutl17.dll
c:\program files\aoemview 2008\AcUt.dll
c:\program files\aoemview 2008\AcViewMgr.arx
c:\program files\aoemview 2008\AcVMTools.arx
c:\program files\aoemview 2008\AcVMToolsRes.dll
c:\program files\aoemview 2008\AcWebDAV17.dll
c:\program files\aoemview 2008\AcWipeoutObj17.dbx
c:\program files\aoemview 2008\AcWipeoutRes.dll
c:\program files\aoemview 2008\ad17asm120.dll
c:\program files\aoemview 2008\adctrls.dll
c:\program files\aoemview 2008\adctrlsRes.dll
c:\program files\aoemview 2008\addplwiz.exe
c:\program files\aoemview 2008\addplwizRes.dll
c:\program files\aoemview 2008\AdFTP.dll
c:\program files\aoemview 2008\AdFTPRes.dll
c:\program files\aoemview 2008\AdImaging.dll
c:\program files\aoemview 2008\AdImagingRes.dll
c:\program files\aoemview 2008\AdIntImgServices.dll
c:\program files\aoemview 2008\adui17.dll
c:\program files\aoemview 2008\adui17res.dll
c:\program files\aoemview 2008\AecAreaCalculationBase.dbx
c:\program files\aoemview 2008\AecAreaCalculationBaseenu.dll
c:\program files\aoemview 2008\AecArchBase.dbx
c:\program files\aoemview 2008\AecArchBaseenu.dll
c:\program files\aoemview 2008\AecArchDACHBase.dbx
c:\program files\aoemview 2008\AecArchDACHBaseenu.dll
c:\program files\aoemview 2008\AecBase.dbx
c:\program files\aoemview 2008\AecBaseenu.dll
c:\program files\aoemview 2008\AecBaseEx.dbx
c:\program files\aoemview 2008\AecBaseExenu.dll
c:\program files\aoemview 2008\AecLoader.arx
c:\program files\aoemview 2008\AecModeler50.dbx
c:\program files\aoemview 2008\AecProjectBase.dbx
c:\program files\aoemview 2008\AecProjectBaseenu.dll
c:\program files\aoemview 2008\AecResMgr.dll
c:\program files\aoemview 2008\AecResMgrenu.dll
c:\program files\aoemview 2008\AecResUi.dll
c:\program files\aoemview 2008\AecResUienu.dll
c:\program files\aoemview 2008\AecScript.dll
c:\program files\aoemview 2008\AecScriptenu.dll
c:\program files\aoemview 2008\AecSchedule.dbx
c:\program files\aoemview 2008\AecScheduleData.dbx
c:\program files\aoemview 2008\AecScheduleDataenu.dll
c:\program files\aoemview 2008\AecScheduleenu.dll
c:\program files\aoemview 2008\AecStructureBase.dbx
c:\program files\aoemview 2008\AecStructureBaseenu.dll
c:\program files\aoemview 2008\AecSystemTools.dll
c:\program files\aoemview 2008\aecuibase.arx
c:\program files\aoemview 2008\AecUiBaseEnu.dll
c:\program files\aoemview 2008\achapi17.dbx
c:\program files\aoemview 2008\anav.dll
c:\program files\aoemview 2008\anavRes.dll
c:\program files\aoemview 2008\AoVw2008.exe
c:\program files\aoemview 2008\AoVw2008.exe.config
c:\program files\aoemview 2008\AoVw2008btn.xmx
c:\program files\aoemview 2008\AoVw2008ficn.dll
c:\program files\aoemview 2008\AoVw2008inet.dll
c:\program files\aoemview 2008\AoVw2008inetRes.dll
c:\program files\aoemview 2008\AoVw2008res.dll
c:\program files\aoemview 2008\AoVw2008res2.dll
c:\program files\aoemview 2008\apperr.dll
c:\program files\aoemview 2008\apperrRes.dll
c:\program files\aoemview 2008\appload.arx
c:\program files\aoemview 2008\apploadRes.dll
c:\program files\aoemview 2008\architectural.dll
c:\program files\aoemview 2008\architectural.mi
c:\program files\aoemview 2008\ASMBASE120A.dll
c:\program files\aoemview 2008\ASMconstrctobj120A.dll
c:\program files\aoemview 2008\ASMFCT120A.dll
c:\program files\aoemview 2008\ASMGA120A.dll
c:\program files\aoemview 2008\ASMIHL120A.dll
c:\program files\aoemview 2008\ASMINTR120A.dll
c:\program files\aoemview 2008\ASMKERN120A.dll
c:\program files\aoemview 2008\ASMLAW120A.dll
c:\program files\aoemview 2008\ASMm120enures.dll
c:\program files\aoemview 2008\ASMMATRIX120A.dll
c:\program files\aoemview 2008\ASMTOPT120A.dll
c:\program files\aoemview 2008\ax17enures.dll
c:\program files\aoemview 2008\axdb.dll
c:\program files\aoemview 2008\BCSPSE.dll
c:\program files\aoemview 2008\BzLocation.dll
c:\program files\aoemview 2008\BzPSLang.dll
c:\program files\aoemview 2008\color.dll
c:\program files\aoemview 2008\colorRes.dll
c:\program files\aoemview 2008\coreerr.dll
c:\program files\aoemview 2008\dlint9.dll
c:\program files\aoemview 2008\Drv\AdskHwCertificationDatabase.xml
c:\program files\aoemview 2008\Drv\buffer9.hdi
c:\program files\aoemview 2008\Drv\CalComp9.drc
c:\program files\aoemview 2008\Drv\CalComp9.hdi
c:\program files\aoemview 2008\Drv\CalComp9Res.dll
c:\program files\aoemview 2008\Drv\dgwintbn.dll
c:\program files\aoemview 2008\Drv\dgwintbnRes.dll
c:\program files\aoemview 2008\Drv\direct3d9.hdi
c:\program files\aoemview 2008\Drv\dither9.hdi
c:\program files\aoemview 2008\Drv\dwffont9.hdi
c:\program files\aoemview 2008\Drv\dwfplot9.drc
c:\program files\aoemview 2008\Drv\dwfplot9.hdi
c:\program files\aoemview 2008\Drv\Dwfplot9Res.dll
c:\program files\aoemview 2008\Drv\dxb9.drc
c:\program files\aoemview 2008\Drv\dxb9.hdi
c:\program files\aoemview 2008\Drv\dxb9Res.dll
c:\program files\aoemview 2008\Drv\eov9.hdi
c:\program files\aoemview 2008\Drv\gdi9.hdi
c:\program files\aoemview 2008\Drv\gdi9Res.dll
c:\program files\aoemview 2008\Drv\gdifont9.hdi
c:\program files\aoemview 2008\Drv\gdiplot9.hdi
c:\program files\aoemview 2008\Drv\hlr9.hdi
c:\program files\aoemview 2008\Drv\hpgdi9.hdi
c:\program files\aoemview 2008\Drv\Hpgdi9Res.dll
c:\program files\aoemview 2008\Drv\hpgl29.drc
c:\program files\aoemview 2008\Drv\hpgl29.hdi
c:\program files\aoemview 2008\Drv\HpGl29Res.dll
c:\program files\aoemview 2008\Drv\hpgl9.drc
c:\program files\aoemview 2008\Drv\hpgl9.hdi
c:\program files\aoemview 2008\Drv\hpgl9Res.dll
c:\program files\aoemview 2008\Drv\jitter9.hdi
c:\program files\aoemview 2008\Drv\mentalray9.hdi
c:\program files\aoemview 2008\Drv\monochrome9.hdi
c:\program files\aoemview 2008\Drv\null9.hdi
c:\program files\aoemview 2008\Drv\oce9.drc
c:\program files\aoemview 2008\Drv\oce9.hdi
c:\program files\aoemview 2008\Drv\Oce9Res.dll
c:\program files\aoemview 2008\Drv\oce9ResResource9.1.45.0.exe
c:\program files\aoemview 2008\Drv\ocegdi9.hdi
c:\program files\aoemview 2008\Drv\ocegdi9Res.dll
c:\program files\aoemview 2008\Drv\OCEGDIResResource.exe
c:\program files\aoemview 2008\Drv\overhang9.hdi
c:\program files\aoemview 2008\Drv\paint9.hdi
c:\program files\aoemview 2008\Drv\pdffont9.hdi
c:\program files\aoemview 2008\Drv\pdfplot9.drc
c:\program files\aoemview 2008\Drv\pdfplot9.hdi
c:\program files\aoemview 2008\Drv\pdfplot9res.dll
c:\program files\aoemview 2008\Drv\ps9.drc
c:\program files\aoemview 2008\Drv\ps9.hdi
c:\program files\aoemview 2008\Drv\ps9Res.dll
c:\program files\aoemview 2008\Drv\raster9.drc
c:\program files\aoemview 2008\Drv\raster9.hdi
c:\program files\aoemview 2008\Drv\raster9Res.dll
c:\program files\aoemview 2008\Drv\rblast9.hdi
c:\program files\aoemview 2008\Drv\rfx9.hdi
c:\program files\aoemview 2008\Drv\select3d9.hdi
c:\program files\aoemview 2008\Drv\select9.hdi
c:\program files\aoemview 2008\Drv\slide9.hdi
c:\program files\aoemview 2008\Drv\szb9.hdi
c:\program files\aoemview 2008\Drv\wopengl9.hdi
c:\program files\aoemview 2008\Drv\xes9.drc
c:\program files\aoemview 2008\Drv\xes9.hdi
c:\program files\aoemview 2008\Drv\xes9res.dll
c:\program files\aoemview 2008\Drv\xesgdi9.hdi
c:\program files\aoemview 2008\dswhip.dll
c:\program files\aoemview 2008\dswhipRes.dll
c:\program files\aoemview 2008\DxOemViewer.arx
c:\program files\aoemview 2008\en-US\acdbmgd.resources.dll
c:\program files\aoemview 2008\en-US\AcLayerTools.resources.dll
c:\program files\aoemview 2008\en-US\BzLocation.resources.dll
c:\program files\aoemview 2008\erren.dll
c:\program files\aoemview 2008\errenu.dll
c:\program files\aoemview 2008\fontcap.dll
c:\program files\aoemview 2008\fontcapres.dll
c:\program files\aoemview 2008\Fonts\@extfont2.shx
c:\program files\aoemview 2008\Fonts\AcadEref.shx
c:\program files\aoemview 2008\Fonts\aehalf.shx
c:\program files\aoemview 2008\Fonts\AMDTSymbols.shx
c:\program files\aoemview 2008\Fonts\amgdt.shx
c:\program files\aoemview 2008\Fonts\amgdtans.shx
c:\program files\aoemview 2008\Fonts\bigfont.shx
c:\program files\aoemview 2008\Fonts\bold.shx
c:\program files\aoemview 2008\Fonts\Cdm.shx
c:\program files\aoemview 2008\Fonts\CDM_NC.SHX
c:\program files\aoemview 2008\Fonts\complex.shx
c:\program files\aoemview 2008\Fonts\dim.shx
c:\program files\aoemview 2008\Fonts\extfont.shx
c:\program files\aoemview 2008\Fonts\extfont2.shx
c:\program files\aoemview 2008\Fonts\exthalf2.shx
c:\program files\aoemview 2008\Fonts\extslim2.shx
c:\program files\aoemview 2008\Fonts\g12f13.shx
c:\program files\aoemview 2008\Fonts\g13f12d.shx
c:\program files\aoemview 2008\Fonts\g13f12w.shx
c:\program files\aoemview 2008\Fonts\gbcbig.shx
c:\program files\aoemview 2008\Fonts\gbeitc.shx
c:\program files\aoemview 2008\Fonts\gbenor.shx
c:\program files\aoemview 2008\Fonts\GENISO.SHX
c:\program files\aoemview 2008\Fonts\geniso12.shx
c:\program files\aoemview 2008\Fonts\GENLTSHP.SHX
c:\program files\aoemview 2008\Fonts\GENPRESE.SHX
c:\program files\aoemview 2008\Fonts\gothice.shx
c:\program files\aoemview 2008\Fonts\gothicg.shx
c:\program files\aoemview 2008\Fonts\gothici.shx
c:\program files\aoemview 2008\Fonts\greekc.shx
c:\program files\aoemview 2008\Fonts\greeks.shx
c:\program files\aoemview 2008\Fonts\hand1.shx
c:\program files\aoemview 2008\Fonts\chineset.shx
c:\program files\aoemview 2008\Fonts\iges1001.shx
c:\program files\aoemview 2008\Fonts\iges1002.shx
c:\program files\aoemview 2008\Fonts\iges1003.shx
c:\program files\aoemview 2008\Fonts\ISO.SHX
c:\program files\aoemview 2008\Fonts\isocp.shx
c:\program files\aoemview 2008\Fonts\isocp2.shx
c:\program files\aoemview 2008\Fonts\isocp3.shx
c:\program files\aoemview 2008\Fonts\isoct.shx
c:\program files\aoemview 2008\Fonts\isoct2.shx
c:\program files\aoemview 2008\Fonts\isoct3.shx
c:\program files\aoemview 2008\Fonts\italic.shx
c:\program files\aoemview 2008\Fonts\ITALIC8.SHX
c:\program files\aoemview 2008\Fonts\italicc.shx
c:\program files\aoemview 2008\Fonts\italict.shx
c:\program files\aoemview 2008\Fonts\monotxt.shx
c:\program files\aoemview 2008\Fonts\MONOTXT8.SHX
c:\program files\aoemview 2008\Fonts\romanc.shx
c:\program files\aoemview 2008\Fonts\romand.shx
c:\program files\aoemview 2008\Fonts\romans.shx
c:\program files\aoemview 2008\Fonts\romant.shx
c:\program files\aoemview 2008\Fonts\sas_____.pfb
c:\program files\aoemview 2008\Fonts\scriptc.shx
c:\program files\aoemview 2008\Fonts\scripts.shx
c:\program files\aoemview 2008\Fonts\SIMPLEX8.SHX
c:\program files\aoemview 2008\Fonts\spec_bar.shx
c:\program files\aoemview 2008\Fonts\spec_sl.shx
c:\program files\aoemview 2008\Fonts\special.shx
c:\program files\aoemview 2008\Fonts\syastro.shx
c:\program files\aoemview 2008\Fonts\symap.shx
c:\program files\aoemview 2008\Fonts\symath.shx
c:\program files\aoemview 2008\Fonts\symeteo.shx
c:\program files\aoemview 2008\Fonts\symusic.shx
c:\program files\aoemview 2008\Fonts\times.shx
c:\program files\aoemview 2008\Fonts\timesout.shx
c:\program files\aoemview 2008\Fonts\txt.shx
c:\program files\aoemview 2008\Fonts\whgdtxt.shx
c:\program files\aoemview 2008\Fonts\whgtxt.shx
c:\program files\aoemview 2008\Fonts\whtgtxt.shx
c:\program files\aoemview 2008\Fonts\whtmtxt.shx
c:\program files\aoemview 2008\gdiplus.dll
c:\program files\aoemview 2008\gridres.dll
c:\program files\aoemview 2008\HaveDisk.dll
c:\program files\aoemview 2008\hcreg9.dll
c:\program files\aoemview 2008\hcreg9Res.dll
c:\program files\aoemview 2008\heidi9.dll
c:\program files\aoemview 2008\Help\HelpSearch.ini
c:\program files\aoemview 2008\Help\ISYS.CAT
c:\program files\aoemview 2008\Help\ISYS.CFG
c:\program files\aoemview 2008\Help\ISYS.FLD
c:\program files\aoemview 2008\Help\ISYS.IXA
c:\program files\aoemview 2008\Help\ISYS.IXB
c:\program files\aoemview 2008\Help\ISYS.IXC
c:\program files\aoemview 2008\Help\ISYS.IXE
c:\program files\aoemview 2008\Help\ISYS.IXF
c:\program files\aoemview 2008\Help\ISYS.NET
c:\program files\aoemview 2008\Help\ISYS.SYN
c:\program files\aoemview 2008\Help\ole_err.chm
c:\program files\aoemview 2008\HPSETUP.exe
c:\program files\aoemview 2008\HPSETUPRes.dll
c:\program files\aoemview 2008\identity.ini
c:\program files\aoemview 2008\ISYS.CWD
c:\program files\aoemview 2008\ISYS.NLI
c:\program files\aoemview 2008\ISYS8.DLL
c:\program files\aoemview 2008\ISYS8.KEY
c:\program files\aoemview 2008\ISYSPDF6.DLL
c:\program files\aoemview 2008\ISYSPDFL.DAT
c:\program files\aoemview 2008\ISYSPDFL.DLL
c:\program files\aoemview 2008\ISYSU8.DLL
c:\program files\aoemview 2008\light9.dll
c:\program files\aoemview 2008\modlrobj17.dll
c:\program files\aoemview 2008\ModuleAutoCAD17.1.45.0.exe
c:\program files\aoemview 2008\mtl9.dll
c:\program files\aoemview 2008\Nexus.dll
c:\program files\aoemview 2008\oleaprot.arx
c:\program files\aoemview 2008\oletohdi9.dll
c:\program files\aoemview 2008\passwordUI.dll
c:\program files\aoemview 2008\passwordUIRes.dll
c:\program files\aoemview 2008\pc3edit.dll
c:\program files\aoemview 2008\pc3EditRes.dll
c:\program files\aoemview 2008\pc3exe.exe
c:\program files\aoemview 2008\pc3exeRes.dll
c:\program files\aoemview 2008\pctres9.dll
c:\program files\aoemview 2008\physpen.dll
c:\program files\aoemview 2008\plcalwiz.dll
c:\program files\aoemview 2008\plcalwizRes.dll
c:\program files\aoemview 2008\plcferr.dll
c:\program files\aoemview 2008\plcfmgr.dll
c:\program files\aoemview 2008\plcfmgrRes.dll
c:\program files\aoemview 2008\Plot Styles\Add-A-Plot Style Table Wizard.lnk
c:\program files\aoemview 2008\plot styles\wizardaddaplot.exe
c:\program files\aoemview 2008\plotcfg9.dll
c:\program files\aoemview 2008\plotgrad.dll
c:\program files\aoemview 2008\Plotters\Add-A-Plotter Wizard.lnk
c:\program files\aoemview 2008\Plotters\AddAPlotterWizard.exe
c:\program files\aoemview 2008\pltcmdln.arx
c:\program files\aoemview 2008\pm9.dll
c:\program files\aoemview 2008\pmres9.dll
c:\program files\aoemview 2008\pmutil9.dll
c:\program files\aoemview 2008\PPzlib123V8.dll
c:\program files\aoemview 2008\prntprog.dll
c:\program files\aoemview 2008\prntprogRes.dll
c:\program files\aoemview 2008\ProjectPointClient.dll
c:\program files\aoemview 2008\PROJECTPOINTCLIENTLib.dll
c:\program files\aoemview 2008\psizewiz.dll
c:\program files\aoemview 2008\psizewizRes.dll
c:\program files\aoemview 2008\R14PSKit.dll
c:\program files\aoemview 2008\R14PSKitRes.dll
c:\program files\aoemview 2008\regAoVw200817.dll
c:\program files\aoemview 2008\regAoVw2008Res.dll
c:\program files\aoemview 2008\resize.dll
c:\program files\aoemview 2008\SceneResAutoCAD.exe
c:\program files\aoemview 2008\scree.dll
c:\program files\aoemview 2008\Setup\AcDelTree.exe
c:\program files\aoemview 2008\Setup\LiteHtml.dll
c:\program files\aoemview 2008\Setup\Setup.exe
c:\program files\aoemview 2008\Setup\Setup.ini
c:\program files\aoemview 2008\Setup\SetupAcadUi.dll
c:\program files\aoemview 2008\Setup\SetupRes.dll
c:\program files\aoemview 2008\Setup\SetupRes\AoemSetupTopBanner.bmp
c:\program files\aoemview 2008\Setup\SetupRes\eval.msi
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Add_Remove_Features_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Additional_Files_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Begin_Deployment_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Configure_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Configure_InfoCenter_Communication_Center_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Configure_InfoCenter_Search_Results_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Include_Service_Packs_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Deployment_Online_Resources_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Documentation.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Full_Progress_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Dot.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Install.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Installed.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Installing.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Line_Tab.bmp
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Line5x375.bmp
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Line5x440.bmp
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Uninstalled.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Images\Uninstalling.gif
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Type_Page_DWFV.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Type_Page_OEM.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Installation_Type_Page_Tools.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Maintenance_Failed_page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Reinstall_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Repair_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_Preferences_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_Repair_or_Reinstall_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_the_Products_to_Install_Deployment.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_the_Products_to_Install_Standalone.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Select_the_Products_to_Install_Tools.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Specify_Settings_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Specify_Users_Workstation_Settings_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Support.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Uninstall_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Update_Complete_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Update_Product_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\User_Information_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\UserInformation.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Welcome_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\InfoLink\Write_to_Log_Page.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\ACAD\Infotainment1.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\Flash\Infotainment2.xml.html
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\Images\ACAD_OEM_Infotainment.bmp
c:\program files\aoemview 2008\Setup\SetupRes\Infotainment\Images\Flash.bmp
c:\program files\aoemview 2008\Setup\SetupUi.dll
c:\program files\aoemview 2008\sfttabac.dll
c:\program files\aoemview 2008\sfttabacRes.dll
c:\program files\aoemview 2008\shareac.dll
c:\program files\aoemview 2008\sharemfc.dll
c:\program files\aoemview 2008\sharemfcRes.dll
c:\program files\aoemview 2008\styedit.dll
c:\program files\aoemview 2008\styexe.exe
c:\program files\aoemview 2008\styexeRes.dll
c:\program files\aoemview 2008\styleeng.dll
c:\program files\aoemview 2008\styshwiz.exe
c:\program files\aoemview 2008\styshwizRes.dll
c:\program files\aoemview 2008\Support\ai_utils.fas
c:\program files\aoemview 2008\Support\AoVw2008.fas
c:\program files\aoemview 2008\Support\AoVw2008.slb
c:\program files\aoemview 2008\Support\AoVw2008doc.fas
c:\program files\aoemview 2008\Support\AuthorPalette\AcApCatalog.atc
c:\program files\aoemview 2008\Support\txt.shx
c:\program files\aoemview 2008\Template\Imperial-Seed2D.dgn
c:\program files\aoemview 2008\Template\Imperial-Seed3D.dgn
c:\program files\aoemview 2008\Template\Metric-Seed2D.dgn
c:\program files\aoemview 2008\Template\Metric-Seed3D.dgn
c:\program files\aoemview 2008\texture9.dll
c:\program files\aoemview 2008\unicows.dll
c:\program files\aoemview 2008\userdata.dll
c:\program files\aoemview 2008\UserDataCache\aoem.dhlp
c:\program files\aoemview 2008\UserDataCache\InfoCenter\ISYS.CFG
c:\program files\aoemview 2008\UserDataCache\Plot Styles\AoVw2008.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\AoVw2008.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Autodesk-Color.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Autodesk-MONO.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\DWF Virtual Pens.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Fill Patterns.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Grayscale.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\monochrome.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\monochrome.stb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 100%.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 25%.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 50%.ctb
c:\program files\aoemview 2008\UserDataCache\Plot Styles\Screening 75%.ctb
c:\program files\aoemview 2008\UserDataCache\Plotters\Default Windows System Printer.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\DWF6 ePlot.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\DWG To PDF.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\PMP Files\PublishToWeb JPG.pmp
c:\program files\aoemview 2008\UserDataCache\Plotters\PMP Files\PublishToWeb PNG.pmp
c:\program files\aoemview 2008\UserDataCache\Plotters\PublishToWeb JPG.pc3
c:\program files\aoemview 2008\UserDataCache\Plotters\PublishToWeb PNG.pc3
c:\program files\aoemview 2008\UserDataCache\Support\AcFields.fdc
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.CUI
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.dcl
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.fmp
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.pat
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008.psf
c:\program files\aoemview 2008\UserDataCache\Support\AoVw2008iso.pat
c:\program files\aoemview 2008\UserDataCache\Support\AuthorPalette\AcApCatalog.atc
c:\program files\aoemview 2008\UserDataCache\Support\base.dcl
c:\program files\aoemview 2008\UserDataCache\Support\bigfont.ini
c:\program files\aoemview 2008\UserDataCache\Support\custom.cui
c:\program files\aoemview 2008\UserDataCache\Support\gdt.shx
c:\program files\aoemview 2008\UserDataCache\Support\Inches.pss
c:\program files\aoemview 2008\UserDataCache\Support\ltypeshp.shx
c:\program files\aoemview 2008\UserDataCache\Support\mm.pss
c:\program files\aoemview 2008\UserDataCache\Support\Profiles\Unnamed Profile\Profile.aws
c:\program files\aoemview 2008\UserDataCache\Support\simplex.shx
c:\program files\aoemview 2008\UserDataCache\Template\AoVw2008.dwt
c:\program files\aoemview 2008\UserDataCache\Template\AoVw2008iso.dwt
c:\program files\aoemview 2008\vl.arx
c:\program files\aoemview 2008\vlinit.fsl
c:\program files\aoemview 2008\vllib.dll
c:\program files\aoemview 2008\vlmsg.dll
c:\program files\aoemview 2008\vlres.dll
c:\program files\aoemview 2008\xerces-c_1_6_0V8.dll
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- c:\program files\trend micro
2011-07-25 17:01 . 2011-07-25 17:02 -------- d-----w- C:\rsit
2011-07-25 16:33 . 2011-07-25 16:33 -------- d-----w- c:\documents and settings\Administrator
2011-07-25 14:41 . 2011-07-25 14:41 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\AMD APP
2011-07-25 13:52 . 2011-07-25 13:52 -------- d-----w- c:\program files\ATI
2011-07-25 13:13 . 2011-07-25 13:13 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerMedia GPS.lnk - c:\windows\Installer\{59CF074E-D725-43C0-B15A-C88B23926D27}\NewShortcut1_27E6D630072C4F3DBCA4A9450FD82024_1.exe [2010-8-31 45056]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-8-31 679936]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-11-18 81997]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\roman\\Programy\\QIP\\qip.exe"=
"d:\\roman\\HRY\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\roman\\HRY\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\roman\\HRY\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programy\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\aTube Catcher\\yct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.10.2009 13:37 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [17.11.2010 12:21 13304]
R1 FNETVDDA;FNETVDDA;c:\windows\system32\drivers\FNETVDDA.SYS [17.11.2010 12:21 49400]
R2 SpotGPSMaxim;Spot;c:\program files\AVerMediaGPS\Services\Spot2741.exe [25.6.2007 10:50 610407]
R3 SpotVcp;NXP swGPS Spot Virtual COM port driver;c:\windows\system32\drivers\SpotVcp.sys [16.5.2007 13:19 34304]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [31.8.2010 15:57 280576]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\system32\drivers\spotJ32.sys [31.8.2010 15:57 36608]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programy\OFFICE~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-dgwintbnHPGL9RES - c:\program files\aoemview 2008\drv\oce9resresource9.1.45.0.exe
HKLM-Run-AutoCADAcAppRes - c:\program files\aoemview 2008\moduleautocad17.1.45.0.exe
HKLM-Run-WizardStyle26799 - c:\program files\aoemview 2008\plot styles\wizardaddaplot.exe
HKLM-Run-PrinterDWFPlot9Res - c:\program files\aoemview 2008\drv\ocegdiresresource.exe
AddRemove-AOEMView 2008 - c:\program files\AOEMView 2008\Setup\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 21:17
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVerMediaGPS\GUI\SpotSodiumGUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\programy\autodesk\data managment server\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
d:\programy\autodesk\data managment server\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\programy\autodesk\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 21:18:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-25 19:18
ComboFix2.txt 2011-07-25 18:39
.
Před spuštěním: 2 647 617 536
Po spuštění: 2 548 580 352
.
- - End Of File - - DB0D8F408E7FCA6062D72B6CE8D2B0E3
Re: Vir facebook- aktualizace adobe flash playeru
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?